- Every month, Microsoft releases the Patch Tuesday Updates where through which they also fix a set number of CVEs.
- These Common Vulnerabilities and Exposures are also discovered throughout the rest of the month, but they are usually fixed in bulk.
- If left untreated, these CVEs can lead to heavy malware attacks, hence the namesake.
- For more articles on the topic, visit our comprehensive Patch Tuesday page.
Microsoft has just rolled out the April Patch Tuesday updates, and from a security standpoint, they seem to follow the same trend as in recent months.
These CVEs cover Microsoft Windows, Microsoft Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer, Office, and Office Services and Web Apps, Windows Defender, and other important Windows components.
118 CVEs were identified and dealt with this month
Of the 118 CVEs identified this month, 5 were for Adobe products, and 113 were for Microsoft products
The Adobe CVEs targeted Adobe ColdFusion, After Effects, and Digital Editions, all of which were rated Important.
As for the CVEs concerning Microsoft, projects, here is a brief summary of the CVEs identified during this round of updates:
- 17 are rated Critical
- 96 are rated Important in severity
Which were some of the most severe CVEs?
- Adobe Font Manager Library Remote Code Execution Vulnerability
- OpenType Font Parsing Remote Code Execution Vulnerability
- Windows DNS Denial of Service Vulnerability
- Windows Token Security Feature Bypass Vulnerability
These are the most important CVEs covered by Microsoft during the April 2020 round of Patch Tuesday Updates. For the next set of updates, users will have to wait until May 12.
FAQ: Learn more about CVEs
- What does CVE mean?
CVE stands for Common Vulnerabilities and Exposures, and it is a dictionary-type list of standardized names for vulnerabilities and other information related to security exposures found with Microsoft and Adobe products
- Who maintains CVE?
- What is CVE in security?