Microsoft fixed three 0-day vulnerabilities that were already under attack

In the framework of the April “Tuesday of updates”, Microsoft fixed 113 vulnerabilities in 11 Microsoft products, 17 of which were rated as critical, and another 96 received status of important. Moreover, Microsoft fixed three 0-day vulnerabilities that were already under attack.

So far, Google Project Zero and Threat Analysis Group experts discovered zero-day vulnerabilities and, but detailed information have not yet been disclosed.

This data will be kept in secret for several days or weeks to give users time to install patches and prevent attackers from developing PoC exploits. So it’s not yet clear whether these problems were used by one hack group, or whether the talk is about different campaigns and attackers.

The most serious problems of this month were three zero-day vulnerabilities that attackers are already using.

“The first bug, CVE-2020-1020, was related to the Adobe Type Manager Library (atmfd.dll). It allows an attacker remotely execute arbitrary code on vulnerable systems. This problem does not pose a big threat to Winows10, but it is dangerous for other company OSs”, – write Microsoft specialists.

The first data on this vulnerability appeared at the end of March 2020, but the patch was released only now.

Next, second 0-day vulnerability, CVE-2020-0938, is also associated with the Adobe Type Manager library. Overall, the error is very similar to the one described above, but its existence became known only now. Microsoft experts provided recommendations that allowed to prevent exploitation of the bug and to reduce risks: disabling Preview Pane and Details Pane, that is, the preview and information panels, disabling the WebClient service, as well as renaming ATMFD.DLL.

“The third vulnerability has the identifier CVE-2020-1027. This bug is related to the Windows kernel and how it processes objects in memory. “The problem allows attackers to increase their privileges to run arbitrary code with access to the kernel”, – report in Microsoft.

Microsoft also initially said that there was a fourth zero-day vulnerability under attack: CVE-2020-0968. The problem was with the Internet Explorer scripting engine, and it supposedly allowed hackers to take complete control of the vulnerable system. As it turned out, this message was a mistake: hackers did not exploit the problem CVE-2020-0968, and it did not have 0-day status.

Experts from the Trend Micro Zero Day Initiative, who traditionally prepared a detailed analysis of the latest fixes, note that the number of CVEs fixed by Microsoft between January and April 2020 is 44% higher compared to the same period last year.

Recall that recently Microsoft released a patch for vulnerability with worm potential in SMBv3 protocol, but this update turned out to be problematic and generated installation errors.