April 2020 - Microsoft Releases Security Patches
Publish Date: 28 de мая de 2020
Advisory Date: 15 de апреля de 2020
DESCRIPTION
Microsoft addresses several vulnerabilities in its April security bulletin. Trend Micro Deep Security covers the following:
- CVE-2020-1020 - Adobe Font Manager Library Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in the improper handling of the specially-crafted multi-master font Adobe Type 1 PostSCript format by the Windows Adobe Type Manager Library. Attackers looking to take advantage of this vulnerability could persuade a user to open a specially-crafted file. - CVE-2020-0938 - Adobe Font Manager Library Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in the improper handling of the specially-crafted multi-master font Adobe Type 1 PostSCript format by the Windows Adobe Type Manager Library. Attackers looking to take advantage of this vulnerability could persuade a user to open a specially-crafted file. - CVE-2020-0968 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the way that Internet Explorer scripting engine handles objects in memory. Attackers looking to exploit this vulnerability could find ways to convince a user of a vulnerable machine to connect to a malicious server.
INFORMATION EXPOSURE
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection are also protected from attacks using these vulnerabilities.
Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection Compatibility |
CVE-2020-0938 | 1010207 | Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities (CVE-2020-1020 and CVE-2020-0938) | 14-Apr-20 | YES |
CVE-2020-0968 | 1010220 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-0968) | 14-Apr-20 | YES |
CVE-2020-1020 | 1010188 | Microsoft Windows Multiple Type1 Font Parsing Remote Code Execution Vulnerabilities (CVE-2020-1020 and CVE-2020-0938) | 10-Mar-20 | YES |