Microsoft Security Bulletin Coverage for April 2020

April 14, 2020

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-0687 Microsoft Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0699 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0760 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0784 DirectX Elevation of Privilege Vulnerability
ASPY 5926:Malformed-File exe.MP.134
CVE-2020-0794 Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0821 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0835 Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0888 DirectX Elevation of Privilege Vulnerability
ASPY 5907:Malformed-File exe.MP.131
CVE-2020-0889 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0895 Windows VBScript Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0899 Microsoft Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0900 Visual Studio Extension Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0906 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0907 Microsoft Graphics Components Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0910 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0913 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0917 Windows Hyper-V Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0918 Windows Hyper-V Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0919 Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0920 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0923 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0924 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0925 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0926 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0927 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0929 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0930 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0931 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0932 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0933 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0934 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0935 OneDrive for Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0936 Windows Scheduled Task Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0937 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0938 OpenType Font Parsing Remote Code Execution Vulnerability
ASPY 5924:Malformed-File pfb.MP.6
CVE-2020-0939 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0940 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0942 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0943 Microsoft YourPhone Application for Android Authentication Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0944 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0945 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0946 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0947 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0948 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0949 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0950 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0952 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0953 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0954 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0955 Windows Kernel Information Disclosure in CPU Memory Access
There are no known exploits in the wild.
CVE-2020-0956 Win32k Elevation of Privilege Vulnerability
ASPY 5844:Malformed-File exe.MP.113
CVE-2020-0957 Win32k Elevation of Privilege Vulnerability
ASPY 5922:Malformed-File exe.MP.132
CVE-2020-0958 Win32k Elevation of Privilege Vulnerability
ASPY 5923:Malformed-File exe.MP.133
CVE-2020-0959 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0960 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0961 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0962 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0964 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0965 Microsoft Windows Codecs Library Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0966 VBScript Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0967 VBScript Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0968 Scripting Engine Memory Corruption Vulnerability
IPS 14913:Scripting Engine Memory Corruption Vulnerability (CVE-2020-0968)
CVE-2020-0969 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0970 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0971 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0972 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0973 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0974 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0975 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0976 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0977 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0978 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0979 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0980 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0981 Windows Token Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0982 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0983 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0984 Microsoft (MAU) Office Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0985 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0987 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0988 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0991 Microsoft Office Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0992 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0993 Windows DNS Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0994 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0995 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0996 Windows Update Stack Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0999 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1000 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1001 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1002 Microsoft Defender Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1003 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1004 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5921:Malformed-File exe.MP.131
CVE-2020-1005 Microsoft Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1006 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1007 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1008 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1009 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1011 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1014 Microsoft Windows Update Client Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1015 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1016 Windows Push Notification Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-1017 Windows Push Notification Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1018 Microsoft Dynamics Business Central/NAV Information Disclosure
There are no known exploits in the wild.
CVE-2020-1019 Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1020 Adobe Font Manager Library Remote Code Execution Vulnerability
ASPY 5920:Malformed-File pfb.MP.5
CVE-2020-1022 Dynamics Business Central Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-1026 MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-1027 Windows Kernel Elevation of Privilege Vulnerability
ASPY 5919:Malformed-File exe.MP.130
CVE-2020-1029 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-1049 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1050 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-1094 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.