This month's Patch Tuesday is quite long, since corrects 113 vulnerabilities in 11 products of Microsoft products. Among these vulnerabilities are: three zero-day errors already used by Criminals of cyberspace.
As always, many details about zero-day vulnerabilities have not been disclosed. Details about these errors, usually, stay hidden for days or weeks, to give users time to correct them and prevent attackers from developing proof-of-concept code.
The three zero-day vulnerabilities, corrected in Microsoft's Patch Tuesday, are:
CVE-2020-1020: A vulnerability in Windows Adobe Type Manager Library, which allows an attacker to run code in vulnerabilities systems. Attacks can be carried out remotely. Vulnerability does not affect them Windows 10. Information about this zero-day was published last month. However, it is now being fixed with the April patch.
CVE-2020-0938: This vulnerability is also found in Windows Adobe Type Manager Library. It is similar to CVE-2020-1020, but its existence was revealed only yesterday. Last month, Microsoft gave some advice to users on how to mitigate it risk of the first vulnerability. Apparently, these measures were also effective for this vulnerability (CVE-2020-0938).
CVE-2020-1027: Patch Tuesday corrects this error as well Windows kernel, which allows intruders to acquire more privileges and execute code.
According to Microsoft, the three zero-day vulnerabilities were discovered and reported by both its security teams Google: the Project Zero and Threat Analysis Group (TAG).
As we said before, there aren't many details. Therefore, we do not know whether the three vulnerabilities have been used by him hacker (or hacking group) or if they have been used in the same hacking campaign.
Patch Tuesday fixes the above zero-days, as well as 110 more vulnerabilities that you can see here..