Microsoft April 2020 Security Updates

Discussion in 'update alerts' started by NICK ADSL UK, Apr 14, 2020.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Release Notes
    April 2020 Security Updates
    Release Date: April 14, 2020


    The April 2020 security release consists of security updates for the following software:

    • Microsoft Windows
    • Microsoft Edge (EdgeHTML-based)
    • Microsoft Edge (Chromium-based)
    • ChakraCore
    • Internet Explorer
    • Microsoft Office and Microsoft Office Services and Web Apps
    • Windows Defender
    • Visual Studio
    • Microsoft Dynamics
    • Microsoft Apps for Android
    • Microsoft Apps for Mac
    Please note the following information regarding the security updates:

    • For information regarding enabling Windows 10, version 1909 features, please see Windows 10, version 1909 delivery options. Note that Windows 10, versions 1903 and 1909 share a common core operating system with an identical set of system files. They will also share the same security update KBs.
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
    • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
    • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
    • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
    • Customers running Windows 7, Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.
    The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

    Known Issues

    The following KBs contain information about known issues with the security updates. For a complete list of security update KBs, please see 20200414. For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

    KB Article Applies To
    3128012 Microsoft Office 2016
    3162033 Microsoft Publisher 2013
    3203462 Microsoft Office 2010
    4011097 Microsoft Publisher 2016
    4011104 Microsoft Office 2013
    4032216 Microsoft Publisher 2010
    4462210 Microsoft Access 2013
    4462225 Microsoft Visio 2010
    4464527 Microsoft Access 2010
    4464544 Microsoft Visio 2013
    4484117 Microsoft Office 2013
    4484125 Microsoft Project 2013
    4484126 Microsoft Office 2010
    4484132 Microsoft Project 2010
    4484167 Microsoft Access 2016
    4484214 Microsoft Office 2016
    4484226 Microsoft PowerPoint 2013
    4484235 Microsoft PowerPoint 2010
    4484244 Microsoft Visio 2016
    4484246 Microsoft PowerPoint 2016
    4484269 Microsoft Project 2016
    4484273 Microsoft Excel 2016
    4484274 Microsoft Outlook 2016
    4484281 Microsoft Outlook 2013
    4484283 Microsoft Excel 2013
    4484284 Microsoft Outlook 2010
    4484285 Microsoft Excel 2010
    4484295 Microsoft Word 2010
    4484300 Microsoft Word 2016
    4484319 Microsoft Word 2013
    4549949 Windows 10 Version 1809, Windows Server 2019
    4550905 Internet Explorer
    4550917 Windows Server 2012 (Monthly Rollup)
    4550922 Windows 10, version 1803
    4550927 Windows 10, version 1709
    4550929 Windows 10, version 1607, Windows Server 2016
    4550930 Windows 10
    4550951 Windows Server 2008 Service Pack 2 (Monthly Rollup)
    4550957 Windows Server 2008 Service Pack 2 (Security-only update)
    4550961 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4550964 Windows 7, Windows Server 2008 R2 (Monthly Rollup)
    4550965 Windows 7, Windows Server 2008 R2 (Security-only update)
    4550970 Windows 8.1, Windows Server 2012 R2 (Security-only update)
    4550971 Windows Server 2012 (Security-only update)

    https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Apr
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Title: Microsoft Security Update Releases
    Issued: April 14, 2020
    **************************************************************************************

    Summary
    =======

    The following CVE has undergone a major revision increment:

    * CVE-2020-0905


    Revision Information:
    =====================

    - CVE-2020-0905 | Dynamics Business Central Remote Code Execution Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0905
    - Version: 2.0
    - Reason for Revision: In the Security Updates table, corrected the Download links for
    the following products: Microsoft Dynamics NAV 2018, Microsoft Dynamics 365 BC On
    Premise, Dynamics 365 Business Central 2019 Spring Update, and Dynamics 365 Business
    Central 2019 Release Wave 2 (On-Premise). Customers who are running one of these
    affected versions of Microsoft Dynamics should ensure that they have downloaded and
    installed the most recent updates to be protected from this vulnerability.
    - Originally posted: March 10, 2020
    - Updated: April 14, 2020
    - Aggregate CVE Severity Rating: Critical
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Issued: April 14, 2020
    **************************************************************************************

    Security Advisories Released or Updated on April 14, 2020
    ======================================================================================

    * Microsoft Security Advisory ADV200002

    - ADV200002 | Chromium Security Updates for Microsoft Edge based on Chromium
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
    - Reason for Revision: Updated advisory to announce a new version of Microsoft Edge
    (Chromium-based). Please see the table for more information.
    - Originally posted: January 28, 2020
    - Updated: April 13, 2020
    - Version: 8.0


    * Microsoft Security Advisory ADV200006

    - ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200006
    - Reason for Revision: Updated first FAQ to state that CVE-2020-1020 has now been
    issued to address this vulnerability. This is an informational change only.
    - Originally posted: March 23, 2019
    - Updated: April 14, 2020
    - Version: 2.0


    * Microsoft Security Advisory ADV990001

    - ADV990001 | Latest Servicing Stack Updates
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001
    - Reason for Revision: Servicing Stack Update has been released for Windows Server
    2008, Windows Server 2008 (Server Core installation); Windows 7, Windows Server
    2008 R2, and Windows Server 2008 R2 (Server Core installation); Windows 10 version
    1607, Windows Server 2016; Windows 10 version 1809, Windows Server 2019; Windows
    10 version 1903 and Windows Server, version 1903 (Server Core installation); and
    Windows 10 version 1909 and Windows Server, version 1909 (Server Core installation).
    See the FAQ section for more information.
    - Originally posted: November 13, 2018
    - Updated: April 14, 2020
    - Version: 21.0
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Title: Microsoft Security Advisory Notification
    Issued: April 17, 2020
    **************************************************************************************

    Security Advisories Released or Updated on April 17, 2020
    ======================================================================================

    * Microsoft Security Advisory ADV200002

    - ADV200002 | Chromium Security Updates for Microsoft Edge based on Chromium
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
    - Reason for Revision: Updated advisory to announce a new version of Microsoft Edge
    (Chromium-based). Please see the table for more information.
    - Originally posted: January 28, 2020
    - Updated: April 17, 2020
    - Version: 9.0
     
  5. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Title: Microsoft Security Advisory Notification
    Issued: April 21, 2020
    **************************************************************************************
    Security Advisories Released or Updated on April 21, 2020
    ======================================================================================
    * Microsoft Security Advisory ADV200004
    - ADV200004 | Availability of updates for Microsoft software utilizing the
    Autodesk FBX library
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200004
    - Reason for Revision: Information published.
    - Originally posted: April 21, 2020
    - Updated: N/A
    - Version: 1.0
    * Microsoft Security Advisory ADV200007
    - ADV200007 | OpenSSL Remote Denial of Service Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200007
    - Reason for Revision: Information published.
    - Originally posted: April 21, 2020
    - Updated: N/A
    - Version: 1.0
     
  6. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    ************************************************************************************
    Title: Microsoft Security Update Minor Revisions
    Issued: April 24, 2020
    ************************************************************************************

    Summary
    =======

    The following CVE has undergone a minor revision increment:

    * CVE-2020-1022

    Revision Information:
    =====================

    * CVE-2020-1022

    - CVE-2020-1022 | Dynamics Business Central Remote Code Execution Vulnerability
    - »portal.msrc.microsoft.co ··· 020-1022
    - Reason for Revision: In the Security Updates Table, corrected the Download link
    for Microsoft Dynamics NAV 2015. This is an informational change only.
    - Originally posted: April 14, 2020
    - Updated: April 24, 2020
    - Version: 1.1
     
  7. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    ************************************************************************************
    Title: Microsoft Security Update Minor Revisions
    Issued: April 22, 2020
    ************************************************************************************

    Summary
    =======

    The following CVE and advisories have undergone a minor revision increment:

    * CVE-2020-0933
    * ADV200004
    * ADV200007

    Revision Information:
    =====================

    * CVE-2020-0933

    - CVE-2020-0933 | Microsoft SharePoint Server Information Disclosure Vulnerability
    - »portal.msrc.microsoft.co ··· 020-0933
    - Reason for Revision: Updated CVE description. This is an informational change only.
    - Originally posted: April 14, 2020
    - Updated: April 22, 2020
    - Version: 1.1

    * Microsoft Security Advisory ADV200004

    - ADV200004 | Availability of updates for Microsoft software utilizing the
    Autodesk FBX library
    - »portal.msrc.microsoft.co ··· DV200004
    - Reason for Revision: Corrected security updates table. This is an informational
    change only.
    - Originally posted: April 21, 2020
    - Updated: April 22, 2020
    - Version: 1.1

    * Microsoft Security Advisory ADV200007

    - ADV200007 | OpenSSL Remote Denial of Service Vulnerability
    - »portal.msrc.microsoft.co ··· DV200007
    - Reason for Revision: Updated FAQ information. This is an informational change only.
    - Originally posted: April 21, 2020
    - Updated: April 22, 2020
    - Version: 1.1
    +4 · https://i.dslr.net/bb/imsg1.gif · Yesterday 1:03 am ·
     
  8. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    **************************************************************************************
    Title: Microsoft Security Advisory Notification
    Issued: April 24, 2020
    **************************************************************************************

    Security Advisories Released or Updated on April 24, 2020 ================================================================================== ====

    * Microsoft Security Advisory ADV200002

    - ADV200002 | Chromium Security Updates for Microsoft Edge based on Chromium
    - »portal.msrc.microsoft.co ··· DV200002
    - Reason for Revision: Updated advisory to announce a new version of Microsoft Edge
    (Chromium-based). Please see the table for more information.
    - Originally posted: January 28, 2020
    - Updated: April 24, 2020
    - Version: 10.0

    * Microsoft Security Advisory ADV200004

    - ADV200004 | Availability of updates for Microsoft software utilizing the Autodesk
    FBX library
    - »portal.msrc.microsoft.co ··· DV200004
    - Reason for Revision: The following revisions have been made: 1. In the Security
    Update table, added 3D Viewer because it is affected by this vulnerability. The
    update is automatic for customers who are running 3D Viewer. 2. Added an FAQ to
    explain that the March 2020 cumulative updates for Office include the fix for
    this vulnerability. 3. Added an FAQ to provide the version numbers of Paint 3D
    and 3D Viewer that have this security update.
    - Originally posted: April 21, 2020
    - Updated: April 23, 2020
    - Version: 1.2
     
  9. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Title: Microsoft Security Advisory Notification
    Issued: April 29, 2020
    **************************************************************************************
    Security Advisories Released or Updated on April 29, 2020
    ======================================================================================
    * Microsoft Security Advisory ADV200002
    - ADV200002 | Chromium Security Updates for Microsoft Edge based on Chromium
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
    - Reason for Revision: Updated advisory to announce a new version of Microsoft Edge
    (Chromium-based). Please see the table for more information.
    - Originally posted: January 28, 2020
    - Updated: April 29, 2020
    - Version: 11.0
     
  10. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,345
    Location:
    UK
    Title: Microsoft Security Advisory Notification
    Issued: May 7, 2020
    **************************************************************************************

    Security Advisories Released or Updated on May 7, 2020
    ======================================================================================

    * Microsoft Security Advisory ADV200002

    - ADV200002 | Chromium Security Updates for Microsoft Edge based on Chromium
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
    - Reason for Revision: Updated advisory to announce a new version of Microsoft Edge
    (Chromium-based). Please see the table for more information.
    - Originally posted: January 28, 2020
    - Updated: May 7, 2020
    - Version: 12.0
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.