Windows 10 Security Alert As Microsoft Confirms Seven Critical Vulnerabilities

Microsoft has released the latest bunch of security updates for April, collectively known as Patch Tuesday. Unlike emergency out-of-band updates, the Patch Tuesday update rolls out the same time each month and fixes a swathe of security problems in one fell swoop. Amongst the fixes for some 133 vulnerabilities across a range of Microsoft products in the April update, a few stand out as far as Windows 10 users are concerned. Of the 15 critical vulnerabilities confirmed by Microsoft, seven are for Windows 10. There are also two "zero-day" exploits hitting Windows users, quite literally as they are currently being actively used by attackers.

These Windows 'zero-day' exploits are in the wild right now

Let's start with those actively exploited vulnerabilities, CVE-2020-1020 and CVE-2020-0938, which have been known about now for nearly a month. As I reported on March 23, Microsoft confirmed these Windows vulnerabilities without a fix that were being actively exploited by attackers. At the time Microsoft referred to "limited targeted attacks" and those attacks are still ongoing, exploiting vulnerabilities in the Windows Adobe Font Manager Library. Windows 10 users are at risk of an attacker being able to install programs, view or change data and create new accounts. If you have used any of the workarounds that Microsoft suggested in March, these can be removed once you've installed the Patch Tuesday security update that fixes the problem.