Microsoft has published a bunch of security updates that will be rolling out to several products over the coming days and weeks. As mentioned by ZDNet, the release includes patches for as many as 113 vulnerabilities across 11 products. These also include three zero-day vulnerabilities that are being exploited by hackers actively. The details are scarce on what these vulnerabilities are since the companies prefer to reveal it once the fix rolled out to everyone.
However, the patch details of the zero-day vulnerability by Microsoft is out on its dedicated security updates page. The CVE-2020-1020 vulnerability in the Windows Adobe Type Manager Library lets attackers run codes on systems remotely. However, this does not affect Windows 10 devices but older OS versions.
The CVE-2020-0938 bug also relates to the Windows Adobe Type Manager Library and works similarly as the first one. The description given by Microsoft for this bug is precisely the same, indicating that there could be other minor changes in this one.
The CVE-2020-1027 bug is found in the Windows kernel and lets attackers elevate permissions to exploit the vulnerability. “An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions,” states the description.
It has reported that the three zero-day vulnerabilities found by Google’s security teams – Project Zero and Threat Analysis Group (TAG).
It is worth adding Microsoft itself revealed the CVE-2020-1020 Adobe Type Manager Library bug last month itself. However, the CVE-2020-0938, which seems to based on the same exploit, found recently.
On the sidelines, the company tells of being working on a news consumption app for Windows 10. Called News Bar, the app is currently only available for people in the US using Windows 10 PCs.