Preethi KorothThreat Analysis Engineer

Posted: 15 Apr, 202029 Min ReadThreat Intelligence

Microsoft Patch Tuesday - April 2020

This month the vendor has patched 113 vulnerabilities, 18 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the April 2020 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Edge
ChakraCore
Microsoft Office
Microsoft Windows
Microsoft Windows Kernel
Microsoft Graphics Component
Microsoft JET Database Engine
Windows Hyper-V
Visual Studio
Microsoft Dynamics
Microsoft Defender
Microsoft Remote Desktop App
Microsoft YourPhone Application for Android
Microsoft MSR JavaScript Cryptography Library
Microsoft OneDrive for Windows

The following is a breakdown of the issues being addressed this month:

1. Cumulative Security Updates for Microsoft Browsers

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2020-0969) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2020-0968) MS Rating: Critical

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2020-0970) MS Rating: Critical

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

VBScript Remote Code Execution Vulnerability (CVE-2020-0967) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2020-0895) MS Rating: Important

VBScript Remote Code Execution Vulnerability (CVE-2020-0966) MS Rating: Important

2. Cumulative Security Updates for Microsoft Office

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-0974) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-0929) MS Rating: Critical

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-0931) MS Rating: Critical

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-0932) MS Rating: Critical

Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-0906) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Excel Remote Code Execution Vulnerability (CVE-2020-0979) MS Rating: Important

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2020-0961) MS Rating: Important

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

Microsoft Office Remote Code Execution Vulnerability (CVE-2020-0760) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft Office SharePoint XSS Vulnerability (CVE-2020-0923) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Office SharePoint XSS Vulnerability (CVE-2020-0924) MS Rating: Important

Microsoft Office SharePoint XSS Vulnerability (CVE-2020-0925) MS Rating: Important

Microsoft Office SharePoint XSS Vulnerability (CVE-2020-0926) MS Rating: Important

Microsoft Office SharePoint XSS Vulnerability (CVE-2020-0927) MS Rating: Important

Microsoft Office SharePoint XSS Vulnerability (CVE-2020-0930) MS Rating: Important

Microsoft Office SharePoint XSS Vulnerability (CVE-2020-0933) MS Rating: Important

Microsoft Office SharePoint XSS Vulnerability (CVE-2020-0954) MS Rating: Moderate

Microsoft Office SharePoint XSS Vulnerability (CVE-2020-0978) MS Rating: Important

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-0920) MS Rating: Important

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2020-0971) MS Rating: Important

Microsoft SharePoint Spoofing Vulnerability (CVE-2020-0972) MS Rating: Important

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft SharePoint Spoofing Vulnerability (CVE-2020-0975) MS Rating: Important

Microsoft SharePoint Spoofing Vulnerability (CVE-2020-0976) MS Rating: Important

Microsoft SharePoint Spoofing Vulnerability (CVE-2020-0977) MS Rating: Important

Microsoft (MAU) Office Privilege Escalation Vulnerability (CVE-2020-0984) MS Rating: Important

A privilege escalation vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them. An attacker who successfully exploited the vulnerability who already has the ability to execute code on a system could elevate privileges. Microsoft Office Remote Code Execution Vulnerability (CVE-2020-0991) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0980) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

Outlook for Android Spoofing Vulnerability (CVE-2020-0973) MS Rating: Important

3. Cumulative Security Updates for Microsoft Windows

Adobe Font Manager Library Remote Code Execution Vulnerability (CVE-2020-1020) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.

OpenType Font Parsing Remote Code Execution Vulnerability (CVE-2020-0938) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.

Media Foundation Memory Corruption Vulnerability (CVE-2020-0948) MS Rating: Critical

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

Media Foundation Memory Corruption Vulnerability (CVE-2020-0949) MS Rating: Critical

Media Foundation Memory Corruption Vulnerability (CVE-2020-0950) MS Rating: Critical

Microsoft Windows Codecs Library Remote Code Execution Vulnerability (CVE-2020-0965) MS Rating: Critical

A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Windows Push Notification Service Privilege Escalation Vulnerability (CVE-2020-0940) MS Rating: Important

A privilege escalation vulnerability exists in the way the Windows Push Notification Service handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Push Notification Service Privilege Escalation Vulnerability (CVE-2020-1001) MS Rating: Important

Windows Push Notification Service Privilege Escalation Vulnerability (CVE-2020-1006) MS Rating: Important

Windows Push Notification Service Privilege Escalation Vulnerability (CVE-2020-1017) MS Rating: Important

Windows Push Notification Service Information Disclosure Vulnerability (CVE-2020-1016) MS Rating: Important

An information disclosure vulnerability exists when the Windows Push Notification Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Windows Scheduled Task Privilege Escalation Vulnerability (CVE-2020-0936) MS Rating: Important

A privilege escalation vulnerability exists when a Windows scheduled task improperly handles file redirections. An attacker who successfully exploited this vulnerability could delete a targeted file they would not have permissions to.

Windows Token Security Bypass Vulnerability (CVE-2020-0981) MS Rating: Important

A security bypass vulnerability exists when Windows fails to properly handle token relationships. An attacker who successfully exploited the vulnerability could allow an application with a certain integrity level to execute code at a different integrity level, leading to a sandbox escape.

Windows Update Stack Privilege Escalation Vulnerability (CVE-2020-0985) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Update Stack fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Windows Update Stack Privilege Escalation Vulnerability (CVE-2020-0996) MS Rating: Important

Connected User Experiences and Telemetry Service Privilege Escalation Vulnerability (CVE-2020-0942) MS Rating: Important

A privilege escalation vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could overwrite files in arbitrary locations with elevated permissions.

Connected User Experiences and Telemetry Service Privilege Escalation Vulnerability (CVE-2020-0944) MS Rating: Important

DirectX Privilege Escalation Vulnerability (CVE-2020-0784) MS Rating: Important

A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

DirectX Privilege Escalation Vulnerability (CVE-2020-0888) MS Rating: Important

A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Microsoft Windows Update Client Privilege Escalation Vulnerability (CVE-2020-1014) MS Rating: Important

A privilege escalation vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Media Foundation Information Disclosure Vulnerability (CVE-2020-0937) MS Rating: Important

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Media Foundation Information Disclosure Vulnerability (CVE-2020-0939) MS Rating: Important

Media Foundation Information Disclosure Vulnerability (CVE-2020-0945) MS Rating: Important

Media Foundation Information Disclosure Vulnerability (CVE-2020-0946) MS Rating: Important

Media Foundation Information Disclosure Vulnerability (CVE-2020-0947) MS Rating: Important

Windows Delivery Optimization Service Privilege Escalation Vulnerability (CVE-2020-0983) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.

Windows DNS Denial of Service Vulnerability (CVE-2020-0993) MS Rating: Important

A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries. An attacker who successfully exploited this vulnerability could cause the DNS service to become nonresponsive.

Windows Privilege Escalation Vulnerability (CVE-2020-0934) MS Rating: Important

A privilege escalation vulnerability exists when the Windows WpcDesktopMonSvc improperly manages memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows Privilege Escalation Vulnerability (CVE-2020-1009) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Privilege Escalation Vulnerability (CVE-2020-1011) MS Rating: Important

A privilege escalation vulnerability exists when the Windows System Assessment Tool improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Privilege Escalation Vulnerability (CVE-2020-1015) MS Rating: Important

A privilege escalation vulnerability exists in the way that the User-Mode Power Service (UMPS) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Connected User Experiences and Telemetry Service Privilege Escalation Vulnerability (CVE-2020-1029) MS Rating: Important

Windows Work Folder Service privilege Escalation Vulnerability (CVE-2020-1094) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Denial of Service Vulnerability (CVE-2020-0794) MS Rating: Important

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

4. Cumulative Security Updates for Microsoft Windows Kernel

Windows Kernel Privilege Escalation Vulnerability (CVE-2020-0913) MS Rating: Important

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Windows Kernel Privilege Escalation Vulnerability (CVE-2020-1000) MS Rating: Important

Windows Kernel Privilege Escalation Vulnerability (CVE-2020-1003) MS Rating: Important

Windows Kernel Privilege Escalation Vulnerability (CVE-2020-1027) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Kernel Information Disclosure in CPU Memory Access (CVE-2020-0955) MS Rating: Important

An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory. An attacker who successfully exploited the vulnerability could read privileged data across trust boundaries.

Windows Kernel Information Disclosure Vulnerability (CVE-2020-0821) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Windows Kernel Information Disclosure Vulnerability (CVE-2020-1007) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2020-0956) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Win32k Privilege Escalation Vulnerability (CVE-2020-0957) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2020-0958) MS Rating: Important

Win32k Information Disclosure Vulnerability (CVE-2020-0699) MS Rating: Important

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Win32k Information Disclosure Vulnerability (CVE-2020-0962) MS Rating: Important

5. Cumulative Security Updates for Microsoft Graphics Component

Microsoft Graphics Components Remote Code Execution Vulnerability (CVE-2020-0907) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code on a target system.

Microsoft Graphics Component Information Disclosure Vulnerability (CVE-2020-0982) MS Rating: Important

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Microsoft Graphics Component Information Disclosure Vulnerability (CVE-2020-0987) MS Rating: Important

Microsoft Graphics Component Information Disclosure Vulnerability (CVE-2020-1005) MS Rating: Important

Microsoft Graphics Remote Code Execution Vulnerability (CVE-2020-0687) MS Rating: Critical

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

GDI+ Remote Code Execution Vulnerability (CVE-2020-0964) MS Rating: Important

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

Windows GDI Information Disclosure Vulnerability (CVE-2020-0952) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Windows Graphics Component Privilege Escalation Vulnerability (CVE-2020-1004) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

6. Cumulative Security Updates for Microsoft Jet Database Engine

Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0889) MS Rating: Important

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0953) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0959) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0960) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0988) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0992) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0994) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0995) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-0999) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2020-1008) MS Rating: Important

7. Cumulative Security Updates for Windows Hyper-V

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2020-0910) MS Rating: Critical

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

Windows Hyper-V Privilege Escalation Vulnerability (CVE-2020-0917) MS Rating: Important

A privilege escalation vulnerability exists when Windows Hyper-V on a host server fails to properly handle objects in memory. An attacker who successfully exploited these vulnerabilities could gain elevated privileges on a target operating system.

Windows Hyper-V Privilege Escalation Vulnerability (CVE-2020-0918) MS Rating: Important

8. Cumulative Security Updates for Microsoft Visual Studio

Visual Studio Extension Installer Service Privilege Escalation Vulnerability (CVE-2020-0900) MS Rating: Important

A privilege escalation vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations. An attacker who successfully exploited the vulnerability could delete files in arbitrary locations with elevated permissions.

Microsoft Visual Studio Privilege Escalation Vulnerability (CVE-2020-0899) MS Rating: Important

A privilege escalation vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system.

9. Cumulative Security Updates for Microsoft Dynamics

Dynamics Business Central Remote Code Execution Vulnerability (CVE-2020-1022) MS Rating: Critical

An remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who successfully exploited this vulnerability could execute arbitrary shell commands on victim's server.

Microsoft Dynamics Business Central/NAV Information Disclosure (CVE-2020-1018) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page. The attacker who successfully exploited the vulnerability could see the information that are in a masked field.

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability (CVE-2020-1049) MS Rating: Important

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected Dynamics server.

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability (CVE-2020-1050) MS Rating: Important

10. Cumulative Security Updates for Microsoft Defender

Microsoft Defender Privilege Escalation Vulnerability (CVE-2020-1002) MS Rating: Important

A privilege escalation vulnerability exists when the MpSigStub. exe for Defender allows file deletion in arbitrary locations.

Windows Defender Antimalware Platform Hard Link Privilege Escalation Vulnerability (CVE-2020-0835) MS Rating: Important

A privilege escalation vulnerability exists when Windows Defender antimalware platform improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

11. Cumulative Security Updates for Microsoft Remote Desktop App

Microsoft Remote Desktop App for Mac Privilege Escalation Vulnerability (CVE-2020-0919) MS Rating: Important

A privilege escalation vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries. An attacker could then install programs; view, change, or delete data with the logged in user's privileges.

Microsoft RMS Sharing App for Mac Privilege Escalation Vulnerability (CVE-2020-1019) MS Rating: Important

A privilege escalation vulnerability exists in RMS Sharing App for Mac in the way it allows an attacker to load unsigned binaries. An attacker could then install programs; view, change, or delete data with the logged in user's privileges.

12. Security Update for Microsoft YourPhone Application for Android

Microsoft YourPhone Application for Android Authentication Bypass Vulnerability (CVE-2020-0943) MS Rating: Important

An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles. This could allow an unauthenticated attacker to view notifications.

13. Security Update for Microsoft MSR JavaScript Cryptography Library

MSR JavaScript Cryptography Library Security Bypass Vulnerability (CVE-2020-1026) MS Rating: Important

A security bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library's Elliptic Curve Cryptography (ECC) implementation. An attacker could potentially abuse these bugs to learn information about a server's private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.

14. Security Update for Microsoft OneDrive for Windows

OneDrive for Windows Privilege Escalation Vulnerability (CVE-2020-0935) MS Rating: Important

A privilege escalation vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Preethi Koroth

Threat Analysis Engineer

Preethi Koroth is a member of Symantec's Cyber Security Services organization which provides round-the-clock monitoring and protection services against cyber attacks.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.

Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption

Data Exfiltration: Increasing Number of Tools Leveraged by Ransomware Attackers

Alpha Ransomware Emerges From NetWalker Ashes

The 2024 Ransomware Threat Landscape

Get Broadcom Software and Symantec Enterprise Latest Blog Posts In Your Inbox