Microsoft has released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Those include at least three flaws that are actively being exploited, as well as two others which were publicly detailed prior to today, potentially giving attackers a head start in figuring out how to exploit the bugs.
Nineteen of the weaknesses fixed on this Patch Tuesday were assigned Microsoft’s most-dire “critical” rating, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable computers without any help from users.
Near the top of the heap is a remotely exploitable bug in the Adobe Font Manager library that was first detailed in late March when Microsoft said it had seen the flaw being used in active attacks.
The Adobe Font Manager library is the source of yet another zero-day flaw, although experts at security vendor Tenable say there is currently no confirmation that the two are related to the same set of in-the-wild attacks. Both flaws could be exploited by getting a Windows users to open a booby-trapped document or viewing one in the Windows Preview Pane.
The other zero-day flaw affects Windows 7 and Windows 10 systems, and earned a slightly less dire “important” rating from Microsoft because it’s an “elevation of privilege” bug that requires the attacker to be locally authenticated.
Many security news sites are reporting that Microsoft addressed a total of four zero-day flaws this month, but it appears the advisory for a critical Internet Explorer flaw (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0968) has been revised to indicate Microsoft has not yet received reports of it being used in active attacks. However, the advisory says this IE bug is likely to be exploited soon.
Researchers at security firm Recorded Future zeroed in on (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796) a critical vulnerability dubbed “SMBGhost” that was rumored to exist in last month’s Patch Tuesday but for which an out-of-band patch wasn’t released until March 12. The problem resides in a file-sharing component of Windows, and could be exploited merely by sending the victim machine specially-crafted data packets. Proof-of-concept code showing how to exploit the bug was released April 1, but so far there are no indications this method has been incorporated into malware or active attacks.
How to manually check for Updates in Windows 10
Open Start Menu and click on Settings > Update & Security settings
Here, press on the Check for updates button.
If any updates are available, they will be offered to you.
If Windows Update says that your PC is up to date, it means that you have all the updates that are currently available for your system.
If you are looking for details on the latest updates, click on the Details link. More details about the updates will then be shown to you.
If you need more information about the updates, click on the Learn more link. Every update comes with a KB number. Here for example you can see update KB3103688 being offered. You could search on your favorite search engine using this KB number. Relevant results about the update are sure to be offered.
You can make your Windows 10 receive updates for other Microsoft products and software, like Office, when you update Windows.