Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4550917
HistoryApr 14, 2020 - 7:00 a.m.

April 14, 2020—KB4550917 (Monthly Rollup)

2020-04-1407:00:00
Microsoft
support.microsoft.com
66

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.921 High

EPSS

Percentile

98.9%

JSON

April 14, 2020—KB4550917 (Monthly Rollup)

NEW
IMPORTANTWe have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges, we are prioritizing our focus on security updates. Starting in May 2020, we are pausing all optional non-security releases (C and D updates) for all the supported versions of Windows client and server products (Windows 10, version 1909 down to Windows Server 2008 SP2).There is no change to the monthly security updates (B release – Update Tuesday); these will continue as planned to ensure business continuity and to keep our customers protected and productive.

As of February 11, 2020, Internet Explorer 10 is no longer in support. To get Internet Explorer 11 for Windows Server 2012 or Windows 8 Embedded Standard, see KB4492872. Install one of the following applicable updates to stay updated with the latest security fixes:

  • Cumulative Update for Internet Explorer 11 for Windows Server 2012.
  • Cumulative Update for Internet Explorer 11 for Windows 8 Embedded Standard.
  • The March 2020 Monthly Rollup.

Improvements and fixes

This security update includes improvements and fixes that were a part of update KB4541332(released March 17, 2020) and addresses the following issues:

  • Security updates to Internet Explorer, the Microsoft Scripting Engine, Windows Kernel, Windows App Platform and Frameworks, Microsoft Graphics Component, Windows Media, Windows Cloud Infrastructure, Windows Fundamentals, Windows Core Networking, and the Microsoft JET Database Engine.
    For more information about the resolved security vulnerabilities, please refer to the Security Update Guide.

Known issues in this update

Symptom Workaround
Certain operations, such as rename, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, “STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege. Do one of the following:
  • Perform the operation from a process that has administrator privilege.
  • Perform the operation from a node that doesn’t have CSV ownership.
    Microsoft is working on a resolution and will provide an update in an upcoming release.
    Devices on a domain might be unable to install apps published using a Group Policy Object (GPO). This issue only affects app installations that use .msi files. It does not affect any other installation methods, such as from the Microsoft Store.| This issue is resolved in KB4550960.

How to get this update

Before installing this updateMicrosoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see Servicing stack updates and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB4540726) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog.Install this update****Release Channel Available Next Step
Windows Update and Microsoft Update Yes None. This update will be downloaded and installed automatically from Windows Update.
Microsoft Update Catalog Yes To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS) Yes This update will automatically sync with WSUS if you configure Products and Classifications as follows:Product: Windows Server 2012, Windows Embedded 8 StandardClassification: Security Updates File informationFor a list of the files that are provided in this update, download the file information for update 4550917.

Related

mskb 14
nessus 11
kaspersky 3
openvas 8
prion 41
cve 42
krebs 1
googleprojectzero 2
threatpost 2
attackerkb 4
avleonov 1
thn 1
mscve 38
checkpoint_advisories 7
zdi 13
cnvd 1
huawei 1
cisa_kev 4
githubexploit 3
cert 1
qualysblog 1
mskb
mskb
April 14, 2020—KB4550971 (Security-only update)
2020-04-14 07:00:00
April 14, 2020—KB4550951 (Monthly Rollup)
2020-04-14 07:00:00
April 14, 2020—KB4550964 (Monthly Rollup)
2020-04-14 07:00:00
nessus
nessus
KB4550970: Windows 8.1 and Windows Server 2012 R2 April 2020 Security Update
2020-04-14 00:00:00
KB4550957: Windows Server 2008 April 2020 Security Update
2020-04-14 00:00:00
KB4550971: Windows Server 2012 April 2020 Security Update
2020-04-14 00:00:00
kaspersky
kaspersky
KLA11743 Multiple vulnerabilities in Microsoft products (ESU)
2020-04-14 00:00:00
KLA11744 Multiple vulnerabilities in Microsoft Windows
2020-04-14 00:00:00
KLA11749 Multiple vulnerabilities in Microsoft Browsers
2020-04-14 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4550964)
2020-04-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4550961)
2020-04-15 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4550930)
2020-04-15 00:00:00
prion
prion
Remote code execution
2020-04-15 15:15:00
Remote code execution
2020-04-15 15:15:00
Remote code execution
2020-04-15 15:15:00
cve
cve
CVE-2020-0992
2020-04-15 15:15:00
CVE-2020-0953
2020-04-15 15:15:00
CVE-2020-1008
2020-04-15 15:15:00
krebs
krebs
Microsoft Patch Tuesday, April 2020 Edition
2020-04-14 22:24:10
googleprojectzero
googleprojectzero
In-the-Wild Series: Windows Exploits
2021-01-12 00:00:00
Introducing the In-the-Wild Series
2021-01-12 00:00:00
threatpost
threatpost
Sophisticated Hacks Against Android, Windows Reveal Zero-Day Trove
2021-01-13 16:57:39
April Patch Tuesday: Microsoft Battles 4 Bugs Under Active Exploit
2020-04-14 19:45:49
attackerkb
attackerkb
ADV200006 - Type 1 Font Parsing Remote Code Execution Vulnerability in Windows
2020-04-15 00:00:00
CVE-2020-1020
2020-04-15 00:00:00
CVE-2020-1027
2020-04-15 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities
2020-04-26 01:24:38
thn
thn
Microsoft Issues Patches for 3 Bugs Exploited as Zero-Day in the Wild
2020-04-14 18:24:00
mscve
mscve
Windows GDI Information Disclosure Vulnerability
2020-04-14 07:00:00
Win32k Elevation of Privilege Vulnerability
2020-04-14 07:00:00
Windows VBScript Engine Remote Code Execution Vulnerability
2020-04-14 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft OpenType Font Parsing Remote Code Execution (CVE-2020-0938)
2020-04-14 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2020-0956)
2020-04-14 00:00:00
Microsoft Win32k Elevation of Privilege (CVE-2020-0958)
2020-04-14 00:00:00
zdi
zdi
Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability
2020-04-15 00:00:00
Microsoft Windows JET Database Engine Memory Corruption Remote Code Execution Vulnerability
2020-04-15 00:00:00
Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability
2020-04-15 00:00:00
cnvd
cnvd
Microsoft Windows and Microsoft Windows Server Remote Code Execution Vulnerability (CNVD-2021-76466)
2020-04-17 00:00:00
huawei
huawei
Security Advisory - Elevation of Privilege Vulnerability in Some Microsoft Windows Systems
2020-08-05 00:00:00
cisa_kev
cisa_kev
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
2021-11-03 00:00:00
Microsoft Windows Kernel Privilege Escalation Vulnerability
2022-05-23 00:00:00
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
2021-11-03 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Microsoft
2021-06-10 06:23:59
Exploit for Vulnerability in Microsoft
2020-05-13 16:42:17
Exploit for Out-of-bounds Write in Microsoft
2021-08-10 03:10:39
cert
cert
Microsoft Windows Type 1 font parsing remote code execution vulnerabilities
2020-03-23 00:00:00
qualysblog
qualysblog
April 2020 Patch Tuesday – 113 Vulns, 19 Critical, Zero-Day Patches, SharePoint, Adobe ColdFusion
2020-04-14 18:34:04

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.921 High

EPSS

Percentile

98.9%

JSON
Related for KB4550917
mskb14nessus11kaspersky3openvas8prion41cve42krebs1googleprojectzero2threatpost2attackerkb4avleonov1thn1mscve38checkpoint_advisories7zdi13cnvd1huawei1cisa_kev4githubexploit3cert1qualysblog1