Hello, welcome to the Wednesday, April 15th, 2020 edition of the Sansanet Storm Center's

Stormcast. My name is Johannes Ulrich. And I'm recording from Jacksonville, Florida.

Well, it's patched. Tuesday. Microsoft released updates fixing 113 vulnerabilities today.

A little bit more interesting than last month in the sense that we do have three vulnerabilities

that are being patched here that already had been exploited in the wild.

Two of them were reported by Google's Project Zero and these two vulnerabilities, that's

CVE 2020, 1020, as well as 0938.

These are remote code execution vulnerabilities in the Adobe Fond Manager Library.

So similar to the vulnerability that sort of caused so much excitement last month, the font library vulnerability

that then had to be patched a couple days after the official patch Tuesday. The third one,

well, a yet another scripting vulnerability in Internet Explorer 2020 0968.

Now, two of these vulnerabilities had been disclosed publicly in the past.

The first one, the Adobe vulnerability and then CVE 2020 0935 also has already been publicly disclosed.

CVE 2020 0935 is one drive approach escalation vulnerability, so not quite as critical as these remote code execution vulnerabilities, which is why it only got a rating of important. Adobe released updates

for three different products today, Adobe Cold Fusion, Adobe After Effects, and Adobe Digital

Editions. The one that I always sort of look at closer are the Cold Fusion vulnerabilities.

They have caused a lot of problems in the past. This set

doesn't look that severe. The severity is only rated as important. It's mostly denial of

service and privilege escalation vulnerability. There is a system file structure disclosure

vulnerability, which again could

leak information and help attacker exploit other vulnerabilities, but overall nothing really

terribly critical here. And Microsoft also announced that it will extend the end of life

...