Microsoft has released about 113 security bug fixes for Windows and Office in their April 2020 dump of patches on ‘Patch Tuesday’.
The main change is a block on external references in VBA code, a change that hasn’t been fully documented.
These security fixes will be pushed out via Windows Update in the usual way. Cautious users might like to pause Windows Update for a few weeks to avoid any problems caused by the patches .. an all too common problem.
Some of the security bugs that caught our eye …
Excel, Word and Office remote code execution bugs
Jet database engine
Jet is the database heart of Office products, especially Access and Excel. Security bugs in Jet are a serious concern because the system, while hidden ‘under the hood’ is widely used.
April 2020 sees TEN security problems fixed:
Graphics Remote Code bug
The Graphics engine is another vital part of Windows and Office. Any time an image or graphic is put on the screen, the graphics engine is involved. Hackers love making images which trick the engine into running other code.
This month there’s a dozen security patches released.
There’s a Critical flag on CVE-2020-0687 a remote code execution bug.
And there’s more!
Many security patches for Windows Media Foundation, three are marked ‘Criticial’. A Codecs library critical security bug.
Even a ‘elevation of privilege’ bug in OneDrive for Windows, CVE-2020-0935