Patch Tuesday is back. This year has been crazy with the number of exploits that have been closed. The good news is 113 total CVE’s is a decrease of 2 from last month, and the criticals have dropped from 26 to 17. That is verifiably less! Even better, it looks like Microsoft did not announce more CVEs than they patched this time. That is some fantastic news!
The negative is that this time 2 of them are already public, and 2 are actively being exploited. This means there is a little more urgency this time around. Still follow your protocols, install in your labs, but make sure you get these patched as soon as you can. Let’s take a look at some of the more interesting CVE’s being closed this month.
CVE-2020-1020 - This one is targeting Windows 7 machines, but I want to mention it because it is both public and actively exploited. This one will allow the Adobe Library manager to run remotely executed code. This code would run at the level of the logged-on user. If you have Windows 7 and are not paying for Extended Support, I do not believe you will get this patch. Which means you have some choices to make soon.
CVE-2020-0695 - This exploit will allow some undesirables to create an image file that will run harmful code through the way that the Microsoft Windows Codec handles objects in memory. This one is listed as critical, but it does require a user to click on the corrupt image, so training users to spot social hacking attempts should help keep this mitigated until you have patched your system.
CVE-2020-0784 - This exploit is for DirectX Elevation. With this exploit, a user will be able to do just about anything. Install the software, delete data, or create user accounts. The reason this is not listed as critical is it requires a hacker to have logged onto your system. So while it does allow for some serious issues, if they can exploit this, you already have broader concerns in your security.
It is never great to have actively exploited issues, or publicly known ones for that matter. Luckily we have no zero-day, still, patch as soon as possible. Other things that have CVE’s that are patched include various web browsers and Sharepoint, with a large number of the critical being for the latter.
Since you are here reading about patching, I would recommend looking at PDQ Deploy and PDQ Inventory to help you get it done quickly and easily. It gives you the tools you need to get your systems patched soon and will provide you with accurate reporting once it is done installing. Lex breaks down how to set this up to have it autopatch for you here. See you all May 12th, where we will hopefully see a return to the norm, and this spike we have seen to this point becomes a distant memory.