Microsoft has patched 113 bugs, including four actively exploited vulnerabilities that allow attackers to remotely execute malicious code on devices running Windows.

Two of the zero-day active security flaws, tracked as CVE-2020-1020 and CVE-2020-0938, are hidden in the Adobe Type Manager Library, reports Ars Technica.

On supported operating systems other than Windows 10, attackers who successfully exploit vulnerabilities can execute code remotely.

In Windows 10, attackers can execute code inside an AppContainer sandbox.

A third zero-day exploit is against CVE-2020-0674, a remote code execution vulnerability.

"Microsoft rated the severity of the vulnerability as critical on all supported versions of Windows except Windows 10, Windows Server 2019, and Windows Server 2016, where the vulnerability is rated moderate."

The latest zero-day exploit points to CVE-2020-1027, an elevation of privilege flaw in the way the Windows kernel handles objects in memory.

As part of its monthly Patch Tuesday update, Microsoft released fixes for a whopping 113 vulnerabilities.

Microsoft has seen a 44 percent increase in the number of Common Vulnerabilities and Exposures (CVEs) posted between January and April 2020 compared to the same period in 2019, according to Trend Micro's Zero Day Initiative report.

Of the 113 patched CVEs, 17 are classified as "critical,quot; in severity and 96 are classified as "important,quot;.

"It will be interesting to see if this pace continues, especially considering that Microsoft will pause optional updates to Windows 10 starting next month," Dustin Childs of ZDI said in a blog post.

Starting in May, the company will pause all optional non-security updates, citing the effects of the COVID-19 pandemic on its customers.

