Microsoft fixes three zero-day vulnerabilities, other 113 bugs
The three zero-day vulnerabilities were found by Google’s security teams – Project Zero and Threat Analysis Group (TAG).
Microsoft has published a bunch of security updates that will be rolling out to several products over the coming days and weeks. As mentioned by ZDNet, the release includes patches for as many as 113 vulnerabilities across 11 products. These also include three zero-day vulnerabilities that are being exploited by hackers actively. The details are scarce on what these vulnerabilities are since the companies prefer to reveal it once the fix is rolled out to everyone.
However, the patch details of the zero-day vulnerability by Microsoft is out on its dedicated security updates page. The CVE-2020-1020 vulnerability in the Windows Adobe Type Manager Library lets attackers run codes on systems remotely. However, this does not affect Windows 10 devices but older OS versions.
The CVE-2020-0938 bug also relates to the Windows Adobe Type Manager Library and works in a similar fashion as the first one. The description given by Microsoft for this bug is exactly the same, indicating that there could be other minor changes in this one.
The CVE-2020-1027 bug is found in the Windows kernel and lets attackers elevate permissions to exploit the vulnerability. "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions," states the description.
It has been reported that the three zero-day vulnerabilities were found by Google's security teams - Project Zero and Threat Analysis Group (TAG).
It is worth adding that Microsoft itself revealed the CVE-2020-1020 Adobe Type Manager Library bug last month itself. However, the CVE-2020-0938, which seems to be based on the same exploit was found recently.
On the sidelines, the company is also said to be working on a news consumption app for Windows 10. Called News Bar, the app is currently only available for people in the US using Windows 10 PCs.