CVE-2020-1020
published 2020-04-15CVE-2020-1020: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted…
PriorityP187high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
65.04%
99.2th percentile
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.
Affected
59 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1903_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1903_for_x64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_32-bit_systems | — | — |
| microsoft | windows_10_version_1909_for_arm64-based_systems | — | — |
| microsoft | windows_10_version_1909_for_x64-based_systems | — | — |
| microsoft | windows_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for exploitation via Windows Explorer Preview Pane — confirmed attack vector. Alert on ATMFD.dll being loaded when a user previews a document in Windows Explorer. ↗
- →Monitor for exploitation via WebDAV/WebClient service — the most likely remote attack vector. Suspicious WebClient service activity combined with OTF/Type1 font parsing should be treated as high-fidelity signal. ↗
- →Trigger on users opening or previewing specially crafted documents containing multi-master Adobe Type 1 PostScript fonts — the defined exploit delivery mechanism. ↗
- →Check for the DisableATMFD registry key as a defensive indicator; its absence on pre-Windows 10 systems indicates unmitigated exposure. ↗
- ·Windows 10 systems are significantly less impacted — exploitation results only in AppContainer sandbox execution with limited privileges, not full remote code execution. Detection priority should be weighted toward pre-Windows 10 systems. ↗
- ·ATMFD.DLL is not present in Windows 10 starting with version 1709; file-based detections for ATMFD.DLL only apply to older Windows versions. ↗
- ·The Outlook Preview Pane is NOT an attack vector; only the Windows Explorer Preview Pane is confirmed as an attack vector. Detections scoped to Outlook preview activity will not cover this CVE. ↗
- ·Enhanced Security Configuration on Windows Servers does NOT mitigate this vulnerability and should not be relied upon as a compensating control. ↗
- ·Disabling the WebClient service and Preview Pane are partial mitigations only — they do not prevent exploitation if a user directly opens a document containing the malicious font. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vulncheck8.8HIGH
cisa8.8HIGH
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jvx5-6596-c2vj: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted m
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2020-1020 [HIGH] CWE-20 GHSA-jvx5-6596-c2vj: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted m
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0938.
GHSA
GHSA-5g5q-fp24-vv4f: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted m
ghsa_unreviewed·2022-05-24·CVSS 8.8
CVE-2020-0938 [HIGH] CWE-20 GHSA-5g5q-fp24-vv4f: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted m
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Adobe Font Manager Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1020.
Project0
In-the-Wild Series: Windows Exploits - Project Zero
project_zero·2021-01-01·CVSS 7.8
CVE-2020-0938 [HIGH] In-the-Wild Series: Windows Exploits - Project Zero
This is part 6 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post.
Posted by Mateusz Jurczyk and Sergei Glazunov, Project Zero
In this post we'll discuss the exploits for vulnerabilities in Windows that have been used by the attacker to escape the Chrome renderer sandbox.
## 1. Font vulnerabilities on Windows ≤ 8.1 (CVE-2020-0938, CVE-2020-1020)
## Background
The Windows GDI interface supports an old format of fonts called Type 1, which was designed by Adobe around 1985 and was popular mostly in the 1990s and early 2000s. On Windows, these fonts are represented by a pair of .PFM (Printer Font Metric) and .PFB (Printer Font Binary) files, with the PFB being a mixture
Project0
Introducing the In-the-Wild Series - Project Zero
project_zero·2021-01-01
CVE-2020-0938 Introducing the In-the-Wild Series - Project Zero
This is part 1 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, head to the bottom of this post.
At Project Zero we often refer to our goal simply as “make 0-day hard”. Members of the team approach this challenge mainly through the lens of offensive security research. And while we experiment a lot with new targets and methodologies in order to remain at the forefront of the field, it is important that the team doesn’t stray too far from the current state of the art. One of our efforts in this regard is the tracking of publicly known cases of zero-day vulnerabilities. We use this information to guide the research. Unfortunately, public 0-day reports rarely include captured exploits, which could
VulnCheck
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
vulncheck·2020·CVSS 8.8
CVE-2020-1020 [HIGH] CWE-787 Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Affected: Microsoft Windows
Required Action: Apply updates per vendor instructions.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2020-Apr; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/
Project0
Project Zero RCA: CVE-2020-0938: Windows Font Driver Type 1 BlendDesignPositions stack corruption
project_zero·CVSS 7.8
CVE-2020-0938 [HIGH] Project Zero RCA: CVE-2020-0938: Windows Font Driver Type 1 BlendDesignPositions stack corruption
# CVE-2020-0938: Windows Font Driver Type 1 BlendDesignPositions stack corruption
*Mateusz Jurczyk, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-01-12)*
## The Basics
**Disclosure or Patch Date:**
* 23 March 2020 – advisory without technical details
* 14 April 2020 – security bulletin and patch release
**Product:** Microsoft Windows
**Advisory:**
* Initial advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006
* Security bulletin: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0938
**Affected Versions:** Windows 7 through 10, prior to the April 2020 patch
**First Patched Version:** Windows with April 2020 patch (e.g. for Windows 10 1909/1903, [KB4549951](ht
Project0
Project Zero RCA: CVE-2020-6418: Chrome incorrect side-effect modelling issue in Turbofan leading to type confusions
project_zero·CVSS 8.8
CVE-2020-6418 [HIGH] Project Zero RCA: CVE-2020-6418: Chrome incorrect side-effect modelling issue in Turbofan leading to type confusions
# CVE-2020-6418: Chrome incorrect side-effect modelling issue in Turbofan leading to type confusions
*Samuel Groß and Sergei Glazunov, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-08-05)*
## The Basics
**Disclosure or Patch Date:** 24 February 2020
**Product:** Google Chrome
**Advisory:** https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
**Affected Versions:** Google Chrome 60 - 80
**First Patched Version:** 80.0.3987.122
**Issue/Bug Report:** https://bugs.chromium.org/p/chromium/issues/detail?id=1053604
**Patch CL:** https://chromium.googlesource.com/v8/v8.git/+/fb0a60e15695466621cf65932f9152935d859447
**Bug-Introducing CL:** https://chromium.googlesource.com/v8/v8.git/+/0f716a
Project0
Project Zero RCA: CVE-2020-1027: Windows buffer overflow in CSRSS
project_zero·CVSS 8.8
CVE-2020-1027 [HIGH] Project Zero RCA: CVE-2020-1027: Windows buffer overflow in CSRSS
# CVE-2020-1027: Windows buffer overflow in CSRSS
*Sergei Glazunov, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-01-12)*
## The Basics
**Disclosure or Patch Date:**
* 23 March 2020 – advisory without technical details
* 14 April 2020 – security bulletin and patch release
**Product:** Microsoft Windows
**Advisory:**
* Initial advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006
* Security bulletin: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1020
**Affected Versions:** Windows 7 through 10, prior to the April 2020 patch
**First Patched Version:** Windows with April 2020 patch (e.g. for Windows 10 1909/1903, [KB4549951](https://support.microsoft.com/en-u
Project0
Project Zero RCA: CVE-2020-1020: Windows Font Driver Type 1 VToHOrigin stack corruption
project_zero·CVSS 8.8
CVE-2020-1020 [HIGH] Project Zero RCA: CVE-2020-1020: Windows Font Driver Type 1 VToHOrigin stack corruption
# CVE-2020-1020: Windows Font Driver Type 1 VToHOrigin stack corruption
*Mateusz Jurczyk, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2021-01-12)*
## The Basics
**Disclosure or Patch Date:**
* 23 March 2020 – advisory without technical details
* 14 April 2020 – security bulletin and patch release
**Product:** Microsoft Windows
**Advisory:**
* Initial advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200006
* Security bulletin: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1020
**Affected Versions:** Windows 7 through 10, prior to the April 2020 patch
**First Patched Version:** Windows with April 2020 patch (e.g. for Windows 10 1909/1903, [KB4549951](https://supp
CISA
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
cisa·2021-11-03·CVSS 8.8
CVE-2020-1020 [HIGH] CWE-787 Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Vulnerability: Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Affected: Microsoft Windows
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-1020
Remediation Due Date: 2022-05-03
Microsoft
Adobe Font Manager Library Remote Code Execution Vulnerability
vendor_msrc·2020-04-14·CVSS 7.8
CVE-2020-1020 [HIGH] Adobe Font Manager Library Remote Code Execution Vulnerability
Adobe Font Manager Library Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format.
For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to o
No detection rules found.
No public exploits indexed.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Checkpoint
20th April – Threat Intelligence Bulletin
blogs_checkpoint·2020-04-20
CVE-2020-0888 20th April – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 20th April – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 20th April 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Threat actors have employed the previously-unknown PoetRAT Trojan in a coronavirus-themed campaign aimed atthe Azerbaijan government and utility companies. Delivered via phishing, the malware infected ICS and SCADA systems used to control the wind turbines within the renewable energy sector.
Check Point Anti-Virus pro
Krebs
Microsoft Patch Tuesday, April 2020 Edition
blogs_krebs·2020-04-14·CVSS 10.0
CVE-2020-1020 [CRITICAL] Microsoft Patch Tuesday, April 2020 Edition
Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Those include at least three flaws that are actively being exploited, as well as two others which were publicly detailed prior to today, potentially giving attackers a head start in figuring out how to exploit the bugs.
Near the top of the heap is CVE-2020-1020, a remotely exploitable bug in the Adobe Font Manager library that was first detailed in late March when Microsoft said it had seen the flaw being used in active attacks.
The Adobe Font Manager library is the source of yet another zero-day flaw — CVE-2020-0938 — although experts at security vendor Tenable say there is currently no confirmation that the two are related to the same set of in-the-wild at
Tenable
Microsoft’s April 2020 Patch Tuesday Addresses 113 CVEs Including Adobe Type Manager Library Zero-Day Flaws (CVE-2020-0938, CVE-2020-1020)
blogs_tenable·2020-04-14·CVSS 7.8
[HIGH] Microsoft’s April 2020 Patch Tuesday Addresses 113 CVEs Including Adobe Type Manager Library Zero-Day Flaws (CVE-2020-0938, CVE-2020-1020)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Talos
Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-04-14·CVSS 8.8
[HIGH] Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 115 vulnerabilities. Nineteen of the flaws Microsoft disclosed are considered critical. The remainders are scored as being “important” updates.
This month’s security update covers security issues in a variety of Microsoft services and software, including SharePoint, the Windows font library and the Windows kernel. A Cisco Talos researcher discovered CVE-2020-0939, an information disclosure vulnerability in Microsoft Media Foundation. For more, check out Talos’ full Vulnerability Spotlight here.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities
Trendmicro
April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
blogs_trendmicro·2020-04-14·CVSS 8.8
[HIGH] April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
## April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
Microsoft’s Patch Tuesday for April released fixes for a couple of critical font-related vulnerabilities, like an earlier disclosed one found in Adobe Type Manager Library (atmfd.dll). It also featured patches for vulnerabilities in Microsoft SharePoint and Windows Components.
By: Trend Micro Apr 14, 2020 Read time: ( words)
Save to Folio
Microsoft fixed 113 vulnerabilities in this month’s Patch Tuesday , just two shy of last month’s 115. This continues the streak of longer-than-usual list of patches that began in January . In fact, compared to the same period in 2019, Microsoft fixed 44% more vulnerabilities between January to April of this year.
In this month’s list, 17 were rate
Qualys
April 2020 Patch Tuesday – 113 Vulns, 19 Critical, Zero-Day Patches, SharePoint, Adobe ColdFusion
blogs_qualys·2020-04-14·CVSS 8.4
[HIGH] April 2020 Patch Tuesday – 113 Vulns, 19 Critical, Zero-Day Patches, SharePoint, Adobe ColdFusion
This month’s Microsoft Patch Tuesday addresses 113 vulnerabilities with 19 of them labeled as Critical. The 19 Critical vulnerabilities cover Adobe Font Manager Library (0-day), SharePoint, Hyper-V, Scripting Engines, Media Foundation, Microsoft Graphics, Windows Codecs, and Dynamics Business Central. Adobe released patches today for ColdFusion, After Effects, and Digital Editions.
## Workstation Patches
The Scripting Engine, Adobe Font Manager Library, Media Foundation, Microsoft Graphics, and Windows Codecs patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
## Windows Kernel Privilege Escalation
While listed as Import
Krebs
Microsoft Patch Tuesday, April 2020 Edition
blogs_krebs·2020-04-14·CVSS 10.0
[CRITICAL] Microsoft Patch Tuesday, April 2020 Edition
Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Those include at least three flaws that are actively being exploited, as well as two others which were publicly detailed prior to today, potentially giving attackers a head start in figuring out how to exploit the bugs.
Nineteen of the weaknesses fixed on this Patch Tuesday were assigned Microsoft’s most-dire “critical” rating, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable computers without any help from users.
Near the top of the heap is CVE-2020-1020 , a remotely exploitable bug in the Adobe Font Manager library that was first detailed in late March when Microsoft said it had seen the flaw being used in a
Trendmicro
April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
blogs_trendmicro·2020-04-14·CVSS 8.8
[HIGH] April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
# April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
Microsoft’s Patch Tuesday for April released fixes for a couple of critical font-related vulnerabilities, like an earlier disclosed one found in Adobe Type Manager Library (atmfd.dll). It also featured patches for vulnerabilities in Microsoft SharePoint and Windows Components.
By: Trend Micro
2020/04/14
Read time: ( words)
Save to Folio
Microsoft fixed 113 vulnerabilities in this month’s Patch Tuesday, just two shy of last month’s 115. This continues the streak of longer-than-usual list of patches that began in January. In fact, compared to the same period in 2019, Microsoft fixed 44% more vulnerabilities between January to April of this year.
In this month’s list, 17 were rated as
Qualys
April 2020 Patch Tuesday – 113 Vulns, 19 Critical, Zero-Day Patches, SharePoint, Adobe ColdFusion | Qualys
blogs_qualys·2020-04-14·CVSS 8.4
[HIGH] April 2020 Patch Tuesday – 113 Vulns, 19 Critical, Zero-Day Patches, SharePoint, Adobe ColdFusion | Qualys
This month’s Microsoft Patch Tuesday addresses 113 vulnerabilities with 19 of them labeled as Critical. The 19 Critical vulnerabilities cover Adobe Font Manager Library (0-day), SharePoint, Hyper-V, Scripting Engines, Media Foundation, Microsoft Graphics, Windows Codecs, and Dynamics Business Central. Adobe released patches today for ColdFusion, After Effects, and Digital Editions.
### Workstation Patches
The Scripting Engine, Adobe Font Manager Library, Media Foundation, Microsoft Graphics, and Windows Codecs patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
### Windows Kernel Privilege Escalation
While listed as Impo
Talos
Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage
blogs_talos·2020-04-14·CVSS 8.8
[HIGH] Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — April 2020: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 115 vulnerabilities. Nineteen of the flaws Microsoft disclosed are considered critical. The remainders are scored as being “important” updates.
This month’s security update covers security issues in a variety of Microsoft services and software, including SharePoint, the Windows font library and the Windows kernel. A Cisco Talos researcher discovered CVE-2020-0939 , an information disclosure vulnerability in Microsoft Media Foundation. For more, check out Talos’ full Vulnerability Spotlight here .
Talos also r
Trendmicro
April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
blogs_trendmicro·2020-04-14·CVSS 8.8
[HIGH] April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
## April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
Microsoft’s Patch Tuesday for April released fixes for a couple of critical font-related vulnerabilities, like an earlier disclosed one found in Adobe Type Manager Library (atmfd.dll). It also featured patches for vulnerabilities in Microsoft SharePoint and Windows Components.
By: Trend Micro Apr 14, 2020 Read time: ( words)
Save to Folio
Microsoft fixed 113 vulnerabilities in this month’s Patch Tuesday , just two shy of last month’s 115. This continues the streak of longer-than-usual list of patches that began in January . In fact, compared to the same period in 2019, Microsoft fixed 44% more vulnerabilities between January to April of this year.
In this month’s list, 17 were rate
Trendmicro
April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
blogs_trendmicro·2020-04-14·CVSS 8.8
[HIGH] April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
## April Patch Tuesday: Fixes for Font-Related, Microsoft SharePoint, Windows Components Vulnerabilities
Microsoft’s Patch Tuesday for April released fixes for a couple of critical font-related vulnerabilities, like an earlier disclosed one found in Adobe Type Manager Library (atmfd.dll). It also featured patches for vulnerabilities in Microsoft SharePoint and Windows Components.
By: Trend Micro 2020/04/14 Read time: ( words)
Save to Folio
Microsoft fixed 113 vulnerabilities in this month’s Patch Tuesday , just two shy of last month’s 115. This continues the streak of longer-than-usual list of patches that began in January . In fact, compared to the same period in 2019, Microsoft fixed 44% more vulnerabilities between January to April of this year.
In this month’s list, 17 were rated
Tenable
Adobe Type Manager Library Font Parsing Remote Code Execution Vulnerabilities Exploited in the Wild (ADV200006)
blogs_tenable·2020-03-23
Adobe Type Manager Library Font Parsing Remote Code Execution Vulnerabilities Exploited in the Wild (ADV200006)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Zscaler
Zscaler found New Security Vulnerabilities | 15-04-2020
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler found New Security Vulnerabilities | 15-04-2020
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2020-04-15
Published
2021-11-03
Added to CISA KEV
Exploited in the wild