Microsoft fixes three zero-day vulnerabilities, other 113 bugs | HT Tech

Microsoft fixes three zero-day vulnerabilities, other 113 bugs

The three zero-day vulnerabilities were found by Google’s security teams – Project Zero and Threat Analysis Group (TAG).

By: HT CORRESPONDENT
| Updated on: Apr 15 2020, 14:38 IST
The three zero-day vulnerabilities were found by Google’s security teams – Project Zero and Threat Analysis Group (TAG).
The three zero-day vulnerabilities were found by Google’s security teams – Project Zero and Threat Analysis Group (TAG). (Reuters)

Microsoft has published a bunch of security updates that will be rolling out to several products over the coming days and weeks. As mentioned by ZDNet, the release includes patches for as many as 113 vulnerabilities across 11 products. These also include three zero-day vulnerabilities that are being exploited by hackers actively. The details are scarce on what these vulnerabilities are since the companies prefer to reveal it once the fix is rolled out to everyone.

However, the patch details of the zero-day vulnerability by Microsoft is out on its dedicated security updates page. The CVE-2020-1020 vulnerability in the Windows Adobe Type Manager Library lets attackers run codes on systems remotely. However, this does not affect Windows 10 devices but older OS versions.

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
23% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

The CVE-2020-0938 bug also relates to the Windows Adobe Type Manager Library and works in a similar fashion as the first one. The description given by Microsoft for this bug is exactly the same, indicating that there could be other minor changes in this one.

Also read
Looking for a smartphone? To check mobile finder click here.

Also read: Microsoft giving 3-months paid leave to help kids study at home amid lockdown

The CVE-2020-1027 bug is found in the Windows kernel and lets attackers elevate permissions to exploit the vulnerability. "An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions," states the description.

It has been reported that the three zero-day vulnerabilities were found by Google's security teams - Project Zero and Threat Analysis Group (TAG).

It is worth adding that Microsoft itself revealed the CVE-2020-1020 Adobe Type Manager Library bug last month itself. However, the CVE-2020-0938, which seems to be based on the same exploit was found recently.

On the sidelines, the company is also said to be working on a news consumption app for Windows 10. Called News Bar, the app is currently only available for people in the US using Windows 10 PCs.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 15 Apr, 14:11 IST
NEXT ARTICLE BEGINS