Microsoft Issued Patches for Three Actively Exploited Vulnerabilities and Holds off End of Support for Software and Services

On April 15, 2020, Microsoft issued updates to resolve 113 vulnerabilities that affected its operating systems and software products, including 19 critical vulnerabilities. The updates this month consist of fixes for no less than 3 zero-day vulnerabilities which are actively exploited in actual attacks.

Microsoft announced in March two of the actively exploited vulnerabilities and recommended workarounds to minimize the possibility of exploitation. The Adobe Font Manager Library is affected by the vulnerabilities of CVE-2020-0938 and CVE-2020-1020. An attacker exploiting the vulnerabilities could perform remote code execution on any supported Windows version. The vulnerabilities are partly reduced in Windows 10 and might simply bring about code execution in an AppContainer sandbox having restricted privileges and functionalities. The vulnerabilities may be exploited when a user is made to open a specially created document or when it is seen in the Windows Preview pane.

Google’s Project Zero team discovered the number three actively exploited zero-day vulnerability, which is a Windows Kernel vulnerability. The vulnerability, which is monitored as CVE-2020-1027, may possibly enable an attacker to perform remote code execution by using elevated privileges. The vulnerability has been exploited in Windows 10 device attacks, though earlier operating systems are likewise susceptible.

Another vulnerability was first reported as being exploited although it is now marked as “exploitation likely”. The vulnerability monitored as CVE-2020-0968, affects Internet Explorer and presents the scripting engine deals with things in memory.

One more vulnerability, CVE-2020-0935, which impacts OneDrive for Windows, is ranked as important however it was disclosed to the public. The vulnerability is a result of inappropriate use of shortcut links. Vulnerability exploitation could enable an attacker to compromise systems all the more and do more payloads. Because OneDrive is built in a lot of devices and remote workers are using it substantially for sharing and keeping files, it will be a targeted vulnerability for hackers. It must hence be prioritized and not only the critical and actively exploited vulnerabilities.

A lot of the vulnerabilities can be easily exploited. An employee only needs to be convinced to go to a malicious web page or click open a specially made document received through email. After this, the attacker installs malware, data disclosure, backdoors, and gets access to devices having complete user rights. With a lot of work-from-home personnel now not to mention the cybercriminals targeting those persons, it is a lot more necessary than ever to apply patches promptly.

Microsoft Delays End of Support for Windows Server, Windows 10, Software program and Services

Microsoft additionally said that the end of support for some OS, software, and services will be delayed to lessen the strain on IT departments during this tough time.

A lot of IT workers were likewise compelled to work from home. Because of the increased responsibility of managing IT and giving assistance to many at-home personnel, companies lacked the required time to take the required steps for readying with updates for the software programs and operating systems.

Microsoft extended the end of support dates for the operating systems, software, and services listed below:

  • Windows Server 1809: May 12, 2020 >> November 10, 2020
  • Windows 10 1709/1809: April 14, 2020 >> October 13, 2020
  • Configuration Manager version 1810: May 12, 2020 >> November 10, 2020
  • Dynamics 365 Cloud Services: October 13, 2020 >> April 13, 2021
  • SharePoint Server 2010, SharePoint Foundation 2010, and Project Serer 2010: >> May 27, 2020 >> December 1, 2020
  • Basic Authentication in Exchange Online: September 2020 >> December 2020

The end of support due dates for the other software programs and services remain scheduled for 2020 as before.

About Christine Garcia 1200 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA