JPCERT-AT-2020-0016
JPCERT/CC
2020-04-15
Details on the vulnerabilities can be found at the following URL:
April 2020 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr
[Vulnerabilities addressed (Including Security Update Programs rated as "critical")]
* Listing up Microsoft Knowledge Base (KB) that are rated as "critical"
CVE-2020-0687
Microsoft Graphics Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0687
- KB4549949, KB4549951, KB4550917, KB4550922, KB4550927, KB4550929
KB4550930, KB4550951, KB4550957, KB4550961, KB4550964, KB4550965
KB4550970, KB4550971
CVE-2020-0907
Microsoft Graphics Components Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0907
- KB4549949, KB4549951, KB4550917, KB4550922, KB4550927, KB4550929
KB4550930, KB4550951, KB4550957, KB4550961, KB4550964, KB4550965
KB4550970, KB4550971
CVE-2020-0910
Windows Hyper-V Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0910
- KB4549949, KB4549951
CVE-2020-0929
Microsoft SharePoint Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0929
- KB4484292, KB4484298, KB4484299, KB4484321
CVE-2020-0931
Microsoft SharePoint Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0931
- KB2553306, KB4011584, KB4484291, KB4484292, KB4484299, KB4484301
KB4484308, KB4484321, KB4484322
CVE-2020-0932
Microsoft SharePoint Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0932
- KB4484292, KB4484299, KB4484321
CVE-2020-0938
Adobe Font Manager Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0938
- KB4550917, KB4550951, KB4550957, KB4550961, KB4550964, KB4550965
KB4550970, KB4550971
CVE-2020-0948
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0948
- KB4549949, KB4549951, KB4550922, KB4550927, KB4550929, KB4550930
CVE-2020-0949
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0949
- KB4549949, KB4549951, KB4550922, KB4550927, KB4550929, KB4550930
CVE-2020-0950
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0950
- KB4549949, KB4549951, KB4550922, KB4550927, KB4550929, KB4550930
CVE-2020-0965
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0965
- KB4549949, KB4549951, KB4550917, KB4550922, KB4550927, KB4550929
KB4550930, KB4550951, KB4550957, KB4550961, KB4550964, KB4550965
KB4550970, KB4550971
CVE-2020-0967
VBScript Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0967
- KB4549949, KB4549951, KB4550905, KB4550922, KB4550927, KB4550929
KB4550930, KB4550961, KB4550964
CVE-2020-0968
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0968
- KB4549949, KB4549951, KB4550905, KB4550922, KB4550927, KB4550929
KB4550930, KB4550961, KB4550964
CVE-2020-0969
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0969
- KB4549949, KB4549951, KB4550922, KB4550927, KB4550929, KB4550930
CVE-2020-0970
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0970
- KB4549949, KB4549951, KB4550922
CVE-2020-0974
Microsoft SharePoint Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0974
- KB4484292, KB4484299
CVE-2020-1020
Adobe Font Manager Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1020
- KB4550917, KB4550951, KB4550957, KB4550961, KB4550964, KB4550965
KB4550970, KB4550971
CVE-2020-1022
Dynamics Business Central Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1022
- KB4549673, KB4549674, KB4549675, KB4549676, KB4549677, KB4549678
KB4557699, KB4557700
According to Microsoft, attacks leveraging the vulnerabilities CVE-2020-0938(Critical), CVE-2020-1020 (Critical) and CVE-2020-1027 (Important)have been observed in the wild. CVE-2020-1020 is the vulnerability originally that was made public on March 23, 2020. Please apply the security update programs as soon as possible.
JPCERT/CC
Alert Regarding Vulnerability in Adobe Type Manager Library
https://www.jpcert.or.jp/english/at/2020/at200015.html
Microsoft Update Catalog
https://www.catalog.update.microsoft.com/
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Microsoft published a blog and summarized considerations when applying security updates in remote environment, and answers to frequently asked questions.
Microsoft Security Response Center
Considerations for applying security updates in remote environment (Japanese)
https://msrc-blog.microsoft.com/2020/04/08/patchingforremotelocation/
Microsoft Corporation
April 2020 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr
Microsoft Corporation
Microsoft Security Updates for April 2020 (Monthly) (Japanese)
https://msrc-blog.microsoft.com/2020/04/14/202004-security-updates/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
JPCERT/CC
2020-04-15
I. Overview
Microsoft has released April 2020 Security Updates. This contains updates that are rated as "Critical". Remote attackers leveraging these vulnerabilities may be able to execute arbitrary code.Details on the vulnerabilities can be found at the following URL:
April 2020 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr
[Vulnerabilities addressed (Including Security Update Programs rated as "critical")]
* Listing up Microsoft Knowledge Base (KB) that are rated as "critical"
CVE-2020-0687
Microsoft Graphics Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0687
- KB4549949, KB4549951, KB4550917, KB4550922, KB4550927, KB4550929
KB4550930, KB4550951, KB4550957, KB4550961, KB4550964, KB4550965
KB4550970, KB4550971
CVE-2020-0907
Microsoft Graphics Components Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0907
- KB4549949, KB4549951, KB4550917, KB4550922, KB4550927, KB4550929
KB4550930, KB4550951, KB4550957, KB4550961, KB4550964, KB4550965
KB4550970, KB4550971
CVE-2020-0910
Windows Hyper-V Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0910
- KB4549949, KB4549951
CVE-2020-0929
Microsoft SharePoint Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0929
- KB4484292, KB4484298, KB4484299, KB4484321
CVE-2020-0931
Microsoft SharePoint Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0931
- KB2553306, KB4011584, KB4484291, KB4484292, KB4484299, KB4484301
KB4484308, KB4484321, KB4484322
CVE-2020-0932
Microsoft SharePoint Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0932
- KB4484292, KB4484299, KB4484321
CVE-2020-0938
Adobe Font Manager Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0938
- KB4550917, KB4550951, KB4550957, KB4550961, KB4550964, KB4550965
KB4550970, KB4550971
CVE-2020-0948
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0948
- KB4549949, KB4549951, KB4550922, KB4550927, KB4550929, KB4550930
CVE-2020-0949
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0949
- KB4549949, KB4549951, KB4550922, KB4550927, KB4550929, KB4550930
CVE-2020-0950
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0950
- KB4549949, KB4549951, KB4550922, KB4550927, KB4550929, KB4550930
CVE-2020-0965
Microsoft Windows Codecs Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0965
- KB4549949, KB4549951, KB4550917, KB4550922, KB4550927, KB4550929
KB4550930, KB4550951, KB4550957, KB4550961, KB4550964, KB4550965
KB4550970, KB4550971
CVE-2020-0967
VBScript Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0967
- KB4549949, KB4549951, KB4550905, KB4550922, KB4550927, KB4550929
KB4550930, KB4550961, KB4550964
CVE-2020-0968
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0968
- KB4549949, KB4549951, KB4550905, KB4550922, KB4550927, KB4550929
KB4550930, KB4550961, KB4550964
CVE-2020-0969
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0969
- KB4549949, KB4549951, KB4550922, KB4550927, KB4550929, KB4550930
CVE-2020-0970
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0970
- KB4549949, KB4549951, KB4550922
CVE-2020-0974
Microsoft SharePoint Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0974
- KB4484292, KB4484299
CVE-2020-1020
Adobe Font Manager Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1020
- KB4550917, KB4550951, KB4550957, KB4550961, KB4550964, KB4550965
KB4550970, KB4550971
CVE-2020-1022
Dynamics Business Central Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1022
- KB4549673, KB4549674, KB4549675, KB4549676, KB4549677, KB4549678
KB4557699, KB4557700
According to Microsoft, attacks leveraging the vulnerabilities CVE-2020-0938(Critical), CVE-2020-1020 (Critical) and CVE-2020-1027 (Important)have been observed in the wild. CVE-2020-1020 is the vulnerability originally that was made public on March 23, 2020. Please apply the security update programs as soon as possible.
JPCERT/CC
Alert Regarding Vulnerability in Adobe Type Manager Library
https://www.jpcert.or.jp/english/at/2020/at200015.html
II. Solution
Please apply the security update programs through Microsoft Update,Windows Update, etc. as soon as possible.Microsoft Update Catalog
https://www.catalog.update.microsoft.com/
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Microsoft published a blog and summarized considerations when applying security updates in remote environment, and answers to frequently asked questions.
Microsoft Security Response Center
Considerations for applying security updates in remote environment (Japanese)
https://msrc-blog.microsoft.com/2020/04/08/patchingforremotelocation/
III. References
Microsoft Corporation
April 2020 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr
Microsoft Corporation
Microsoft Security Updates for April 2020 (Monthly) (Japanese)
https://msrc-blog.microsoft.com/2020/04/14/202004-security-updates/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/