The April Patch Tuesday updates bring fixes to 118 CVEs

Vlad Turiceanu
by Vlad Turiceanu
Download PDF
Affiliate Disclosure

  • Every month, Microsoft releases the Patch Tuesday Updates where through which they also fix a set number of CVEs.
  • These Common Vulnerabilities and Exposures are also discovered throughout the rest of the month, but they are usually fixed in bulk.
  • If left untreated, these CVEs can lead to heavy malware attacks, hence the namesake.
  • For more articles on the topic, visit our comprehensive Patch Tuesday page.
april patch tuesday cve

Microsoft has just rolled out the April Patch Tuesday updates, and from a security standpoint, they seem to follow the same trend as in recent months.

While the February Patch Tuesday updates brought fixes to 99 CVEs and the March updates fixed 115 CVEs, this round of updates seems to cover 113 different CVEs.

These CVEs cover Microsoft Windows, Microsoft Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer, Office, and Office Services and Web Apps, Windows Defender, and other important Windows components.

118 CVEs were identified and dealt with this month

Of the 118 CVEs identified this month, 5 were for Adobe products, and 113 were for Microsoft products

The Adobe CVEs targeted Adobe ColdFusion, After Effects, and Digital Editions, all of which were rated Important.

As for the CVEs concerning Microsoft, projects, here is a brief summary of the CVEs identified during this round of updates:

  • 17 are rated Critical
  • 96 are rated Important in severity

Which were some of the most severe CVEs?

  • CVE-2020-1020
    •  Adobe Font Manager Library Remote Code Execution Vulnerability
  • CVE-2020-0938
    • OpenType Font Parsing Remote Code Execution Vulnerability
  • CVE-2020-0993
    • Windows DNS Denial of Service Vulnerability
  • CVE-2020-0981
    • Windows Token Security Feature Bypass Vulnerability

These are the most important CVEs covered by Microsoft during the April 2020 round of Patch Tuesday Updates. For the next set of updates, users will have to wait until May 12.

FAQ: Learn more about CVEs

  • What does CVE mean?

CVE stands for Common Vulnerabilities and Exposures, and it is a dictionary-type list of standardized names for vulnerabilities and other information related to security exposures found with Microsoft and Adobe products

  • Who maintains CVE?
The MITRE Corporation currently maintains CVE. It also provides impartial technical guidance throughout the process to ensure CVE serves the public interest.
  • What is CVE in security?
CVEs provide a reference-method for publicly known information-security, vulnerabilities, and exposures completely free.