Microsoft fixes 113 vulnerabilities across 11 products including zero-day bugs

Microsoft has recently published its monthly security for 113 vulnerabilities across 11 products, including three zero-day bugs. CVE-2020-1020 is one of the three zero-day vulnerabilities in the Windows Adobe Type Manager Library, which allows attackers to run code on susceptible systems. The OS maker put out details about it last month but its patch was released on Tuesday. [caption id=“attachment_7918511” align=“alignnone” width=“1280”] Representational Image[/caption] Those who successfully exploited the vulnerability could carry out attack remotely. This bug does not impact Windows 10. The second zero-day bug is CVE-2020-0938 which is also found in the same Windows Adobe Type Manager Library. In this bug too, attacks can be executed remotely. CVE-2020-1027 is also a bug which is in the Windows kernel. It lets hackers who exploited the vulnerability execute code with elevated permissions. They can run a specially crafted application. The security update for this bug addresses the loophole by ensuring that the Windows Kernel properly manages objects in memory. Owing to the absence of more details, it is not known if the three zero-day bugs have been exploited by the same attackers. Google’s security teams Project Zero and Threat Analysis Group (TAG) initially discovered the three zero-day bugs.