Today is Microsoft's February 2020 Patch Tuesday and also the first time Windows 7 users will not receive free security updates. Be nice to your Windows administrators today!
With the release of the February 2020 security updates, Microsoft has released one advisory for Flash Player and fixes for 99 vulnerabilities in Microsoft products. Of these vulnerabilities, 10 are classified as Critical, 87 as Important, and 2 as Moderate.
Included in this release is a security update for the CVE-2020-0674 Internet Explorer zero-day vulnerability that was being actively exploited in the wild.
Users should install these security updates as soon as possible to protect Windows from known security risks.
For information about the non-security Windows updates, you can read about today's Windows 10 February 2020 Cumulative Updates.
Fix for Internet Explorer zero-day vulnerability released
In the middle of January 2020, Microsoft released an advisory about an Internet Explorer zero-day vulnerability (CVE-2020-0674) that was publicly disclosed and being actively exploited by attackers.
With today's Patch Tuesday updates, Microsoft has released a formal security update for the 'CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability' that fixes the vulnerability without having to use the previously recommended mitigations.
Three other vulnerabilities publicly disclosed:
In addition to the CVE-2020-0674 IE vulnerability, Microsoft states that three other vulnerabilities were publicly disclosed but not exploited in the wild.
These vulnerabilities are:
- CVE-2020-0683 - Windows Installer Elevation of Privilege Vulnerability
- CVE-2020-0686 - Windows Installer Elevation of Privilege Vulnerability
- CVE-2020-0706 - Microsoft Browser Information Disclosure Vulnerability
The February 2020 Patch Tuesday Security Updates
Below is the full list of resolved vulnerabilities and released advisories in the February 2020 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Adobe Flash Player | ADV200003 | February 2020 Adobe Flash Security Update | Important |
| Internet Explorer | CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability | Moderate |
| Internet Explorer | CVE-2020-0673 | Scripting Engine Memory Corruption Vulnerability | Moderate |
| Microsoft Edge | CVE-2020-0663 | Microsoft Edge Elevation of Privilege Vulnerability | Important |
| Microsoft Edge | CVE-2020-0706 | Microsoft Browser Information Disclosure Vulnerability | Important |
| Microsoft Exchange Server | CVE-2020-0692 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2020-0688 | Microsoft Exchange Memory Corruption Vulnerability | Important |
| Microsoft Exchange Server | CVE-2020-0696 | Microsoft Outlook Security Feature Bypass Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0744 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0745 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0714 | DirectX Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0715 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0746 | Microsoft Graphics Components Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0709 | DirectX Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2020-0792 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Malware Protection Engine | CVE-2020-0733 | Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2020-0697 | Microsoft Office Tampering Vulnerability | Important |
| Microsoft Office | CVE-2020-0759 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2020-0695 | Microsoft Office Online Server Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-0694 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2020-0693 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2020-0713 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-0711 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-0710 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-0712 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2020-0767 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Windows | CVE-2020-0741 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0742 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0740 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0658 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-0737 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0659 | Windows Data Sharing Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0739 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0757 | Windows SSH Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0732 | DirectX Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0753 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0755 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-0754 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0657 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0667 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0743 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0666 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0748 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-0747 | Windows Data Sharing Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0668 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0704 | Windows Wireless Network Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0685 | Windows COM Server Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0676 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-0678 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0703 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0680 | Windows Function Discovery Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0679 | Windows Function Discovery Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0681 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2020-0677 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-0682 | Windows Function Discovery Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0756 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-0670 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0675 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-0669 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0727 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0671 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0672 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2020-0698 | Windows Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2020-0701 | Windows Client License Service Elevation of Privilege Vulnerability | Important |
| Microsoft Windows Search Component | CVE-2020-0735 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
| Remote Desktop Client | CVE-2020-0734 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| Secure Boot | CVE-2020-0689 | Microsoft Secure Boot Security Feature Bypass Vulnerability | Important |
| SQL Server | CVE-2020-0618 | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability | Important |
| Windows Authentication Methods | CVE-2020-0665 | Active Directory Elevation of Privilege Vulnerability | Important |
| Windows COM | CVE-2020-0752 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
| Windows COM | CVE-2020-0749 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Windows COM | CVE-2020-0750 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| Windows Hyper-V | CVE-2020-0751 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2020-0662 | Windows Remote Code Execution Vulnerability | Critical |
| Windows Hyper-V | CVE-2020-0661 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Installer | CVE-2020-0686 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2020-0683 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2020-0728 | Windows Modules Installer Service Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2020-0722 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-0721 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-0719 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-0720 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-0723 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-0731 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-0726 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-0724 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-0725 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2020-0717 | Win32k Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2020-0736 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2020-0716 | Win32k Information Disclosure Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2020-0691 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Media | CVE-2020-0738 | Media Foundation Memory Corruption Vulnerability | Critical |
| Windows NDIS | CVE-2020-0705 | Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability | Important |
| Windows RDP | CVE-2020-0660 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important |
| Windows Shell | CVE-2020-0702 | Surface Hub Security Feature Bypass Vulnerability | Important |
| Windows Shell | CVE-2020-0655 | Remote Desktop Services Remote Code Execution Vulnerability | Important |
| Windows Shell | CVE-2020-0730 | Windows User Profile Service Elevation of Privilege Vulnerability | Important |
| Windows Shell | CVE-2020-0729 | LNK Remote Code Execution Vulnerability | Critical |
| Windows Shell | CVE-2020-0707 | Windows IME Elevation of Privilege Vulnerability | Important |
| Windows Update Stack | CVE-2020-0708 | Windows Imaging Library Remote Code Execution Vulnerability | Important |
Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks
Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.
Comments
Some-Other-Guy - 5 years ago
I feel bad for you son, you've got 99 problems and Windows is all of em
Al_Capella - 5 years ago
3 devices updated today and no problems.