Cookie Consent by Free Privacy Policy Generator โœ… Expertenwissen รผber das Thema "Polizei"

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š The April 2020 Security Update Review


๐Ÿ’ก Newskategorie: Hacking
๐Ÿ”— Quelle: thezdi.com

April is here, and it brings another cornucopia of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.

Adobe Patches for April 2020

For April, Adobe released on three patches addressing five CVEs in Adobe ColdFusion, After Effects, and Digital Editions. All CVEs are rated Important and none are listed as being publicly known or under active attack at the time of release. The update for ColdFusion should be on the top of the deployment list as it includes a local privilege escalation (LPE) to go along with an info disclosure and denial-of-service bug. The update for After Effects, reported by ZDI researcher Mat Powell, corrects an info disclosure bug. The patch for Digital Editions also corrects a single information disclosure bug. Although there is no update for Flash this month, the window for the final Flash patches is closing as it goes out of support at the end of this year.

Microsoft Patches for April 2020

For April, Microsoft released patches for 113 CVEs covering Microsoft Windows, Microsoft Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer, Office and Office Services and Web Apps, Windows Defender, Visual Studio, Microsoft Dynamics, Microsoft Apps for Android, and Microsoft Apps for Mac. Of these 113 CVEs, 17 are rated Critical and 96 are rated Important in severity. Twelve of these CVEs were reported through the ZDI program. If you feel like there have been a lot of patches this year, youโ€™re not wrong. Microsoft has seen a 44% increase in the number of CVEs patched between January to April of 2020 compared to the same time period in 2019. Both an increasing number of researchers looking for bugs and an expanding portfolio of supported products likely caused this increase. It will be interesting to see if this pace continues, especially considering Microsoft will pause optional Windows 10 updates starting next month.

Two of the bugs addressed this month are listed as being under active attack, and two are listed as being public at the time of release. Letโ€™s take a closer look at some of the more interesting updates for this month, starting with bugs under active attack.

-ย ย ย ย ย ย  CVE-2020-1020 โ€“ Adobe Font Manager Library Remote Code Execution Vulnerability
Initially disclosed back in late March, this bug is one of two reported to be targeting Windows 7 systems. Attackers can use this vulnerability to execute their code on affected systems if they can convince a user to view a specially crafted font. The code would run at the level of the logged-on user. Although the attacks specifically have targeted Windows 7 systems, not all Win7 systems will receive a patch since the OS left support in January of this year. Only those Windows 7 and Server 2008 customers with an ESU license will receive the patch.

-ย ย ย ย ย ย  CVE-2020-0938 โ€“ OpenType Font Parsing Remote Code Execution Vulnerability
This bug is associated with the previous vulnerability, although it impacts a different font renderer. It too is listed as being under active attack. Again, an attacker could execute their code on a target system if a user viewed a specially crafted font. We should also note Windows 10 systems are less impacted by these bugs since the code execution would occur in an AppContainer sandbox. Win7 users will also need an ESU license for this patch.

-ย ย ย ย ย ย  CVE-2020-0993 โ€“ Windows DNS Denial of Service VulnerabilityThis patch addresses a Denial-of-Service (DoS) bug in the Windows DNS service. Note thatโ€™s the DNS service and not the DNS Server, so client systems are also affected by this vulnerability. An attacker could cause the DNS service to be nonresponsive by sending some specially crafted DNS queries to an affected system. Since there is no code execution involved, the only gets rated as Important. However, considering the damage that could be done by an unauthenticated attacker, this should be high on your test and deploy list.

-ย ย ย ย ย ย  CVE-2020-0981 โ€“ Windows Token Security Feature Bypass Vulnerability
Itโ€™s not often you see a security feature bypass directly result in a sandbox escape, but thatโ€™s exactly what this bug allows. The vulnerability results from Windows improperly handling token relationships. Attackers could abuse this to allow an application with a certain integrity level to execute code at a different โ€“ presumably higher โ€“ integrity level. The result is a sandbox escape. This only affects Windows 10 version 1903 and higher, so the code is a relatively recent addition.

Hereโ€™s the full list of CVEs released by Microsoft for April 2020.

CVE Title Severity Public Exploited XI - Latest XI - Older Type
CVE-2020-1020 Adobe Font Manager Library Remote Code Execution Vulnerability Important Yes Yes 2 0 RCE
CVE-2020-0938 OpenType Font Parsing Remote Code Execution Vulnerability Important No Yes 2 0 RCE
CVE-2020-0935 OneDrive for Windows Elevation of Privilege Vulnerability Important Yes No 2 N/A EoP
CVE-2020-0969 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-1022 Dynamics Business Central Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0948 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-0949 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-0950 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-0907 Microsoft Graphics Components Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0687 Microsoft Graphics Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0927 Microsoft Office SharePoint XSS Vulnerability Critical No No 2 2 XSS
CVE-2020-0929 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0931 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0932 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0974 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0965 Microsoft Windows Codecs Library Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0968 Scripting Engine Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2020-0970 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0967 VBScript Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0910 Windows Hyper-V Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0942 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0944 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1029 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0784 DirectX Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0888 DirectX Elevation of Privilege Vulnerability Important No No 2 1 EoP
CVE-2020-0964 GDI+ Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0889 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0953 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0959 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0960 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0988 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0992 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0994 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0995 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0999 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-1008 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0937 Media Foundation Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0939 Media Foundation Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0945 Media Foundation Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0946 Media Foundation Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0947 Media Foundation Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0984 Microsoft (MAU) Office Elevation of Privilege Vulnerability Important No No 2 N/A EoP
CVE-2020-1002 Microsoft Defender Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1049 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-1050 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-1018 Microsoft Dynamics Business Central/NAV Information Disclosure Important No No 2 2 Info
CVE-2020-0906 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0979 Microsoft Excel Remote Code Execution Vulnerability Important No No N/A 2 RCE
CVE-2020-0982 Microsoft Graphics Component Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0987 Microsoft Graphics Component Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1005 Microsoft Graphics Component Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0961 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0760 Microsoft Office Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0991 Microsoft Office Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0923 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-0924 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-0925 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-0926 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-0930 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-0933 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-0954 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-0973 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-0978 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-0919 Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability Important No No 2 N/A EoP
CVE-2020-1019 Microsoft RMS Sharing App for Mac Elevation of Privilege Vulnerability Important No No 2 N/A EoP
CVE-2020-0920 Microsoft SharePoint Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0971 Microsoft SharePoint Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0972 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-0975 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-0976 Microsoft SharePoint Spoofing Vulnerability Important No No N/A 2 Spoof
CVE-2020-0977 Microsoft SharePoint Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-0899 Microsoft Visual Studio Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1014 Microsoft Windows Update Client Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0980 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0943 Microsoft YourPhone Application for Android Authentication Bypass Vulnerability Important No No 2 N/A EoP
CVE-2020-1026 MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability Important No No 2 N/A SFB
CVE-2020-0966 VBScript Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0900 Visual Studio Extension Installer Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0956 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0957 Win32k Elevation of Privilege Vulnerability Important No No N/A 1 EoP
CVE-2020-0958 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0699 Win32k Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0962 Win32k Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0835 Windows Defender Antimalware Platform Hard Link Elevation of Privilege Vulnerability Important No No 2 N/A EoP
CVE-2020-0794 Windows Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-0993 Windows DNS Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-0934 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0983 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1009 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1011 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1015 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0952 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-1004 Windows Graphics Component Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0917 Windows Hyper-V Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0918 Windows Hyper-V Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0913 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1000 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1003 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-1027 ๐Ÿ“– Komplette Nachricht lesen


๐Ÿ  Zur Startseite

๐Ÿ“Œ April, April: Die genialsten WhatsApp-Sprüche zum 1. April


๐Ÿ“ˆ 21.41 Punkte

๐Ÿ“Œ April, April: So wird die IT-Welt 2019 in den April geschickt


๐Ÿ“ˆ 21.41 Punkte

๐Ÿ“Œ April, April: Das sind die 5 besten April-Scherze 2023


๐Ÿ“ˆ 21.41 Punkte

๐Ÿ“Œ The April 2020 Security Update Review


๐Ÿ“ˆ 20.53 Punkte

๐Ÿ“Œ Microsoft kรผndigt Windows 10 April 2018 Update fรผr 30. April an [Update]


๐Ÿ“ˆ 19.3 Punkte

๐Ÿ“Œ The April 2019 Security Update Review


๐Ÿ“ˆ 17.96 Punkte

๐Ÿ“Œ The April 2021 Security Update Review


๐Ÿ“ˆ 17.96 Punkte

๐Ÿ“Œ The April 2022 Security Update Review


๐Ÿ“ˆ 17.96 Punkte

๐Ÿ“Œ The April 2023 Security Update Review


๐Ÿ“ˆ 17.96 Punkte

๐Ÿ“Œ Coronavirus-themed attacks April 05 โ€“ April 11, 2020


๐Ÿ“ˆ 16.84 Punkte

๐Ÿ“Œ Coronavirus-themed attacks April 12 โ€“ April 18, 2020


๐Ÿ“ˆ 16.84 Punkte

๐Ÿ“Œ Coronavirus-themed attacks April 19 โ€“ April 25, 2020


๐Ÿ“ˆ 16.84 Punkte

๐Ÿ“Œ Windows 10: Creators Update manuell ab 5. April, Mobil ab 25. April


๐Ÿ“ˆ 16.79 Punkte

๐Ÿ“Œ Creators Update bereits ab 5. April manuell verfรผgbar โ€“ Mobile folgt ab 25. April


๐Ÿ“ˆ 16.79 Punkte

๐Ÿ“Œ Windows 10 April 2018 Update is Coming On April 30


๐Ÿ“ˆ 16.79 Punkte

๐Ÿ“Œ Cyber Security Headlines โ€“ Week in Review โ€“ April 12-16, 2021


๐Ÿ“ˆ 15.45 Punkte

๐Ÿ“Œ eFootball PES 2020: Update zur Euro 2020 erscheint kostenlos im April


๐Ÿ“ˆ 14.8 Punkte

๐Ÿ“Œ eFootball PES 2020: Kostenloses Update zur EM 2020 erscheint schon Ende April


๐Ÿ“ˆ 14.8 Punkte

๐Ÿ“Œ eFootball PES 2020 erhรคlt Ende April kostenloses Update zur UEFA EURO 2020


๐Ÿ“ˆ 14.8 Punkte

๐Ÿ“Œ Samsung Galaxy S8 Pre-Orders to Start on April 7, to Hit the Shelves on April 21


๐Ÿ“ˆ 14.27 Punkte

๐Ÿ“Œ April, April: Die besten Aprilscherze der IT-Welt im Rรผckblick


๐Ÿ“ˆ 14.27 Punkte

๐Ÿ“Œ heise online scherzt nicht mehr zum April, April


๐Ÿ“ˆ 14.27 Punkte

๐Ÿ“Œ April, April: Die Scherzparade aus aller Welt


๐Ÿ“ˆ 14.27 Punkte

๐Ÿ“Œ April, April? PlatinumGames und Hamster kรผndigen Shoot 'em up Sol Cresta an


๐Ÿ“ˆ 14.27 Punkte

๐Ÿ“Œ April, April! Die besten Aprilscherze 2021 aus der Welt des Gaming


๐Ÿ“ˆ 14.27 Punkte

๐Ÿ“Œ April, April: Ideen fรผr Streiche via WhatsApp und Co.


๐Ÿ“ˆ 14.27 Punkte

๐Ÿ“Œ Apple BKC opens April 18 and Apple Saket opens April 20


๐Ÿ“ˆ 14.27 Punkte

๐Ÿ“Œ Apple opens two retail stores in India: Apple BKC in Mumbai on April 18th and Apple Saket in Delhi on April 20th


๐Ÿ“ˆ 14.27 Punkte

๐Ÿ“Œ #TGIQF: April, April โ€“ welche News hagelten diese Woche auf uns herein?


๐Ÿ“ˆ 14.27 Punkte

๐Ÿ“Œ Deadline Extended for Automation April Shortcuts Contest to April 21st


๐Ÿ“ˆ 14.27 Punkte

๐Ÿ“Œ Android: Security-Bulletin April 2020 und Pixel-Update sind da


๐Ÿ“ˆ 14.14 Punkte

๐Ÿ“Œ Oracle Critical Patch Update Addresses 405 New Security Vulnerabilities โ€“ April 2020


๐Ÿ“ˆ 14.14 Punkte

๐Ÿ“Œ Oracle's April 2020 Critical Patch Update Brings 397 Security Fixes


๐Ÿ“ˆ 14.14 Punkte

๐Ÿ“Œ EU moves Microsoft-Activision deal deadline review to April 25


๐Ÿ“ˆ 13.53 Punkte











matomo