Security News

Microsoft Security Bulletin Coverage for April 2020

By

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-0687 Microsoft Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0699 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0760 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0784 DirectX Elevation of Privilege Vulnerability
ASPY 5926:Malformed-File exe.MP.134
CVE-2020-0794 Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0821 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0835 Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0888 DirectX Elevation of Privilege Vulnerability
ASPY 5907:Malformed-File exe.MP.131
CVE-2020-0889 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0895 Windows VBScript Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0899 Microsoft Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0900 Visual Studio Extension Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0906 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0907 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0910 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0913 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0917 Windows Hyper-V Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0918 Windows Hyper-V Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0919 Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0920 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0923 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0924 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0925 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0926 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0927 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0929 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0930 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0931 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0932 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0933 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0934 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0935 OneDrive for Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0936 Windows Scheduled Task Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0937 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0938 OpenType Font Parsing Remote Code Execution Vulnerability
ASPY 5924:Malformed-File pfb.MP.6
CVE-2020-0939 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0940 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0942 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0943 Microsoft YourPhone Application for Android Authentication Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0944 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0945 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0946 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0947 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0948 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0949 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0950 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0952 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0953 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0954 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0955 Windows Kernel Information Disclosure in CPU Memory Access
There are no known exploits in the wild.
CVE-2020-0956 Win32k Elevation of Privilege Vulnerability
ASPY 5844:Malformed-File exe.MP.113
CVE-2020-0957 Win32k Elevation of Privilege Vulnerability
ASPY 5922:Malformed-File exe.MP.132
CVE-2020-0958 Win32k Elevation of Privilege Vulnerability
ASPY 5923:Malformed-File exe.MP.133
CVE-2020-0959 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0960 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0961 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0962 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0964 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0965 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0966 VBScript Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0967 VBScript Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0968 Scripting Engine Memory Corruption Vulnerability
IPS 14913:Scripting Engine Memory Corruption Vulnerability (CVE-2020-0968)
CVE-2020-0969 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0970 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0971 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0972 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0973 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0974 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0975 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0976 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0977 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0978 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0979 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0980 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0981 Windows Token Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0982 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0983 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0984 Microsoft (MAU) Office Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0985 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0987 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0988 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0991 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0992 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0993 Windows DNS Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0994 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0995 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0996 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0999 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1000 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1001 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1002 Microsoft Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1003 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1004 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5921:Malformed-File exe.MP.131
CVE-2020-1005 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1006 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1007 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1008 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1009 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1011 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1014 Microsoft Windows Update Client Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1015 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1016 Windows Push Notification Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1017 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1018 Microsoft Dynamics Business Central/NAV Information Disclosure
There are no known exploits in the wild.
CVE-2020-1019 Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1020 Adobe Font Manager Library Remote Code Execution Vulnerability
ASPY 5920:Malformed-File pfb.MP.5
CVE-2020-1022 Dynamics Business Central Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1026 MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-1027 Windows Kernel Elevation of Privilege Vulnerability
ASPY 5919:Malformed-File exe.MP.130
CVE-2020-1029 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1049 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1050 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1094 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
SAP NetWeaver Buffer Overflow (June 1, 2012)
WordPress WooCommerce Plugin SQL Injection
Wormable vulnerabilities in Windows Remote Desktop Services
Microsoft Security Bulletin Coverage
Another ransomware possibly belonging to the Revil ransomware group seen actively spreading in the wild
Cyber Security News & Trends – 11-30-18
Wikileaks Black Hat Campaigns (Dec 16, 2010)
Punkey: New POS malware