April Patch Tuesday: Microsoft Battles 4 Bugs Under Active Exploit
April’s Patch Tuesday consisted of 113 patches, which was most likely difficult for IT staff under WFH security concerns. This patch Tuesday includes 19 critical vulnerabilities and 94 that are classified as important. Four of the critical vulnerabilities are being exploited in the wild, however, two have previously been publicly disclosed by Microsoft. This Patch Tuesday is the first big patch update released since thousands of employees started working from home due to COVID-19 concerns.
Microsoft patched a bug known as CVE-2020-0968, which is a critical level memory corruption vulnerability discovered in Internet Explorer that was exploited in the wild. The vulnerability allows RCE and is the result of improper handling of objects in memory by the scripting engine. This vulnerability can be exploited through social engineering a user into visiting a website with malicious code.