Hash: SHA256

                         AUSCERT Security Bulletin

         Microsoft Patch Tuesday update for Windows for April 2020
                               15 April 2020


        AusCERT Security Bulletin Summary

Product:              Windows
Operating System:     Windows
Impact/Access:        Administrator Compromise        -- Existing Account            
                      Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Increased Privileges            -- Existing Account            
                      Access Privileged Data          -- Existing Account            
                      Denial of Service               -- Remote/Unauthenticated      
Resolution:           Patch/Upgrade
CVE Names:            CVE-2020-1094 CVE-2020-1029 CVE-2020-1027
                      CVE-2020-1020 CVE-2020-1017 CVE-2020-1016
                      CVE-2020-1015 CVE-2020-1014 CVE-2020-1011
                      CVE-2020-1009 CVE-2020-1008 CVE-2020-1007
                      CVE-2020-1006 CVE-2020-1005 CVE-2020-1004
                      CVE-2020-1003 CVE-2020-1001 CVE-2020-1000
                      CVE-2020-0999 CVE-2020-0996 CVE-2020-0995
                      CVE-2020-0994 CVE-2020-0993 CVE-2020-0992
                      CVE-2020-0988 CVE-2020-0987 CVE-2020-0985
                      CVE-2020-0983 CVE-2020-0982 CVE-2020-0981
                      CVE-2020-0965 CVE-2020-0964 CVE-2020-0962
                      CVE-2020-0960 CVE-2020-0959 CVE-2020-0958
                      CVE-2020-0956 CVE-2020-0955 CVE-2020-0953
                      CVE-2020-0952 CVE-2020-0950 CVE-2020-0949
                      CVE-2020-0948 CVE-2020-0947 CVE-2020-0946
                      CVE-2020-0945 CVE-2020-0944 CVE-2020-0942
                      CVE-2020-0940 CVE-2020-0939 CVE-2020-0938
                      CVE-2020-0937 CVE-2020-0936 CVE-2020-0934
                      CVE-2020-0918 CVE-2020-0917 CVE-2020-0913
                      CVE-2020-0910 CVE-2020-0907 CVE-2020-0889
                      CVE-2020-0888 CVE-2020-0821 CVE-2020-0794
                      CVE-2020-0784 CVE-2020-0699 CVE-2020-0687
Member content until: Friday, May 15 2020
Reference:            ESB-2020.0938


        Microsoft has released its monthly security patch update for the month of April 2020.
        This includes a fix for the issue in ASB-2020.0066.2, published
        25 March 2020 with only mitigation steps available.
        That issue was CVE-2020-1020.
        A similar issue, CVE-2020-0938, has also been disclosed and patched today,
        and last month's mitigation instructions helped against it too.
        Another issue, CVE-2020-1027, enables attackers to escalate privileges
        to administrator.
        This update resolves 66 vulnerabilities across the following products: [1]
         Windows 10 Version 1607 for 32-bit Systems
         Windows 10 Version 1607 for x64-based Systems
         Windows 10 Version 1709 for 32-bit Systems
         Windows 10 Version 1709 for ARM64-based Systems
         Windows 10 Version 1709 for x64-based Systems
         Windows 10 Version 1803 for 32-bit Systems
         Windows 10 Version 1803 for ARM64-based Systems
         Windows 10 Version 1803 for x64-based Systems
         Windows 10 Version 1809 for 32-bit Systems
         Windows 10 Version 1809 for ARM64-based Systems
         Windows 10 Version 1809 for x64-based Systems
         Windows 10 Version 1903 for 32-bit Systems
         Windows 10 Version 1903 for ARM64-based Systems
         Windows 10 Version 1903 for x64-based Systems
         Windows 10 Version 1909 for 32-bit Systems
         Windows 10 Version 1909 for ARM64-based Systems
         Windows 10 Version 1909 for x64-based Systems
         Windows 10 for 32-bit Systems
         Windows 10 for x64-based Systems
         Windows 8.1 for 32-bit systems
         Windows 8.1 for x64-based systems
         Windows RT 8.1
         Windows Server 2012
         Windows Server 2012 (Server Core installation)
         Windows Server 2012 R2
         Windows Server 2012 R2 (Server Core installation)
         Windows Server 2016
         Windows Server 2016  (Server Core installation)
         Windows Server 2019
         Windows Server 2019  (Server Core installation)


        Microsoft has given the following details regarding these vulnerabilities.
         Details         Impact                   Severity
         CVE-2020-0687   Remote Code Execution    Critical
         CVE-2020-0699   Information Disclosure   Important
         CVE-2020-0784   Elevation of Privilege   Important
         CVE-2020-0794   Denial of Service        Important
         CVE-2020-0821   Information Disclosure   Important
         CVE-2020-0888   Elevation of Privilege   Important
         CVE-2020-0889   Remote Code Execution    Important
         CVE-2020-0907   Remote Code Execution    Critical
         CVE-2020-0910   Remote Code Execution    Critical
         CVE-2020-0913   Elevation of Privilege   Important
         CVE-2020-0917   Elevation of Privilege   Important
         CVE-2020-0918   Elevation of Privilege   Important
         CVE-2020-0934   Elevation of Privilege   Important
         CVE-2020-0936   Elevation of Privilege   Important
         CVE-2020-0937   Information Disclosure   Important
         CVE-2020-0938   Remote Code Execution    Critical
         CVE-2020-0939   Information Disclosure   Important
         CVE-2020-0940   Elevation of Privilege   Important
         CVE-2020-0942   Elevation of Privilege   Important
         CVE-2020-0944   Elevation of Privilege   Important
         CVE-2020-0945   Information Disclosure   Important
         CVE-2020-0946   Information Disclosure   Important
         CVE-2020-0947   Information Disclosure   Important
         CVE-2020-0948   Remote Code Execution    Critical
         CVE-2020-0949   Remote Code Execution    Critical
         CVE-2020-0950   Remote Code Execution    Critical
         CVE-2020-0952   Information Disclosure   Important
         CVE-2020-0953   Remote Code Execution    Important
         CVE-2020-0955   Information Disclosure   Important
         CVE-2020-0956   Elevation of Privilege   Important
         CVE-2020-0958   Elevation of Privilege   Important
         CVE-2020-0959   Remote Code Execution    Important
         CVE-2020-0960   Remote Code Execution    Important
         CVE-2020-0962   Information Disclosure   Important
         CVE-2020-0964   Remote Code Execution    Important
         CVE-2020-0965   Remote Code Execution    Critical
         CVE-2020-0981   Security Feature Bypass  Important
         CVE-2020-0982   Information Disclosure   Important
         CVE-2020-0983   Elevation of Privilege   Important
         CVE-2020-0985   Elevation of Privilege   Important
         CVE-2020-0987   Information Disclosure   Important
         CVE-2020-0988   Remote Code Execution    Important
         CVE-2020-0992   Remote Code Execution    Important
         CVE-2020-0993   Denial of Service        Important
         CVE-2020-0994   Remote Code Execution    Important
         CVE-2020-0995   Remote Code Execution    Important
         CVE-2020-0996   Elevation of Privilege   Important
         CVE-2020-0999   Remote Code Execution    Important
         CVE-2020-1000   Elevation of Privilege   Important
         CVE-2020-1001   Elevation of Privilege   Important
         CVE-2020-1003   Elevation of Privilege   Important
         CVE-2020-1004   Elevation of Privilege   Important
         CVE-2020-1005   Information Disclosure   Important
         CVE-2020-1006   Elevation of Privilege   Important
         CVE-2020-1007   Information Disclosure   Important
         CVE-2020-1008   Remote Code Execution    Important
         CVE-2020-1009   Elevation of Privilege   Important
         CVE-2020-1011   Elevation of Privilege   Important
         CVE-2020-1014   Elevation of Privilege   Important
         CVE-2020-1015   Elevation of Privilege   Important
         CVE-2020-1016   Information Disclosure   Important
         CVE-2020-1017   Elevation of Privilege   Important
         CVE-2020-1020   Remote Code Execution    Critical
         CVE-2020-1027   Elevation of Privilege   Important
         CVE-2020-1029   Elevation of Privilege   Important
         CVE-2020-1094   Elevation of Privilege   Important


        Microsoft recommends updating the software with the version made available
        on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]
         KB4550927, KB4550961, KB4550929, KB4549949, KB4550971
         KB4549951, KB4550922, KB4550917, KB4550930, KB4550970


        [1] Microsoft Security Update Guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967