In late March, Microsoft announced that, due to the coronavirus, it would pause all non-security Windows 10 updates. And that has done. However, this Tuesday, as every second Tuesday of each month, it has released a security update ‘Patch Tuesday’ that patches two critical vulnerabilities, in addition to other less important ones. In total they are 133 security issues.
The name of the two reviews is CVE-2020-1020 and CVE-2020-0938, and the problem is that although it was known that they were being exploited in March, Mocrosoft has not released the patch until now. The United States Department of Homeland Security itself has released a statement in which urges users and team administrators to update and apply necessary changes. And this is something that is not entirely common.
What these vulnerabilities allowed and how to update
In its security website, Microsoft has explained that the CVE-2020-1020 vulnerability allows remote code execution “when the Windows Adobe Type Manager Library incorrectly handles a specially crafted multi-master font: Adobe Type 1 PostScript format”. An attacker who successfully exploited the vulnerability could even execute code with a sandbox with limited privileges, resulting in would enable you to install programs, get data, create new administrator accounts, etc..
Regarding CVE-2020-0938, the Redmon company also clarifies that this vulnerability is also related to the Adobe Type Manager Library, and the actions an attacker could undertake were similar.
According to Microsoft, these vulnerabilities fWere discovered by Google security teams, from Project Zero and the Threat Analysis Group.
To update, you only have to go to Windows Update under ‘Windows Settings’. In the left column click on the Windows Update option. Inside you will see a button that says’Search for updates‘. The system will find them and you can start installing them.
Track | Lifehacker