Over A Billion Microsoft Windows Users would be affected if not by patched by these IE 0-Days & Other Vulnerabilities!!!
 |
| Patch Tuesday |
Microsoft released a security update for February under Patch Tuesday with the fixes for 99 vulnerabilities that affected various Microsoft products, including Actively exploited Internet Explorer zero-day vulnerability.
Microsoft recently achieved a big milestone of 1 billion Windows 10 users, and Microsoft issued current security updates for all the Windows 10 users.
Microsoft listed 12 vulnerabilities under “Critical” severity, 87 are listed as Important in severity out of 99 vulnerabilities.
The February security release consists of security updates for the following software:
- Microsoft Windows
- Microsoft Edge (EdgeHTML-based)
- Microsoft Edge (Chromium-based)
- ChakraCore
- Internet Explorer
- Microsoft Exchange Server
- Microsoft SQL Server
- Microsoft Office and Microsoft Office Services and Web Apps
- Windows Malicious Software Removal Tool
- Windows Surface Hub
This updates fixed one of the notable actively exploited internet explorer zero-day vulnerability (CVE-2020-0674) in last month that was Affected Millions of Windows Users.
Microsoft advisory said “The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. “
Most of the vulnerabilities under “CRITICAL” severity are belongs to script engine based vulnerabilities through which an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website.
Microsoft fixed a LNK Remote Code Execution Vulnerability (CVE-2020-0729 ) that exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.
An attacker will exploit the vulnerability by inserting a removal drive that contains a malicious.LNK file and an associated malicious binary, once the victims open the files in Windows Explorer the malicious binary will execute code and provide complete control of the system to the attacker.
Another RCE bugs CVE-2020-0618 and CVE-2020-0662 which are nearly identical remote code-execution (RCE) bugs in SQL Server 2012, 2014 and 2016 (32 and 64 bit) and Windows 7, 8.1, 10, Server 2008, 2012, 2016 and 2019, respectively.
two critical remote code-execution vulnerabilities in Remote Desktop (CVE-2020-0681 and CVE-2020-0734) were patched which are are likely to be exploited
Microsoft Security Update list:
| CVE | Vulerability Type | Severity |
| CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2020-0683 | Windows Installer Elevation of Privilege Vulnerability | Important |
| CVE-2020-0686 | Windows Installer Elevation of Privilege Vulnerability | Important |
| CVE-2020-0706 | Microsoft Browser Information Disclosure Vulnerability | Important |
| CVE-2020-0689 | Microsoft Secure Boot Security Feature Bypass Vulnerability | Important |
| CVE-2020-0729 | LNK Remote Code Execution Vulnerability | Critical |
| CVE-2020-0738 | Media Foundation Memory Corruption Vulnerability | Critical |
| CVE-2020-0681 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| CVE-2020-0734 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
| CVE-2020-0673 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2020-0767 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2020-0710 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2020-0712 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2020-0713 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2020-0711 | Scripting Engine Memory Corruption Vulnerability | Critical |
| CVE-2020-0662 | Windows Remote Code Execution Vulnerability | Critical |
| CVE-2020-0757 | Windows SSH Elevation of Privilege Vulnerability | Important |
| CVE-2020-0661 | Windows Hyper-V Denial of Service Vulnerability | Important |
| CVE-2020-0751 | Windows Hyper-V Denial of Service Vulnerability | Important |
| CVE-2020-0660 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important |
| CVE-2020-0665 | Active Directory Elevation of Privilege Vulnerability | Important |
| CVE-2020-0740 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0741 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0742 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0743 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0749 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0750 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0727 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0709 | DirectX Elevation of Privilege Vulnerability | Important |
| CVE-2020-0732 | DirectX Elevation of Privilege Vulnerability | Important |
| CVE-2020-0663 | Microsoft Edge Elevation of Privilege Vulnerability | Important |
| CVE-2020-0692 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| CVE-2020-0720 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2020-0721 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2020-0722 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2020-0723 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2020-0725 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2020-0726 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2020-0731 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2020-0719 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2020-0724 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2020-0691 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2020-0703 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0701 | Windows Client License Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0685 | Windows COM Server Elevation of Privilege Vulnerability | Important |
| CVE-2020-0657 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| CVE-2020-0747 | Windows Data Sharing Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0659 | Windows Data Sharing Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0737 | Windows Elevation of Privilege Vulnerability | Important |
| CVE-2020-0739 | Windows Elevation of Privilege Vulnerability | Important |
| CVE-2020-0753 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| CVE-2020-0754 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| CVE-2020-0678 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
| CVE-2020-0679 | Windows Function Discovery Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0680 | Windows Function Discovery Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0682 | Windows Function Discovery Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0792 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| CVE-2020-0745 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| CVE-2020-0715 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| CVE-2020-0707 | Windows IME Elevation of Privilege Vulnerability | Important |
| CVE-2020-0668 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2020-0669 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2020-0670 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2020-0671 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2020-0672 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| CVE-2020-0733 | Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | Important |
| CVE-2020-0666 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
| CVE-2020-0667 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
| CVE-2020-0735 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
| CVE-2020-0752 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
| CVE-2020-0730 | Windows User Profile Service Elevation of Privilege Vulnerability | Important |
| CVE-2020-0704 | Windows Wireless Network Manager Elevation of Privilege Vulnerability | Important |
| CVE-2020-0714 | DirectX Information Disclosure Vulnerability | Important |
| CVE-2020-0746 | Microsoft Graphics Components Information Disclosure Vulnerability | Important |
| CVE-2020-0717 | Win32k Information Disclosure Vulnerability | Important |
| CVE-2020-0716 | Win32k Information Disclosure Vulnerability | Important |
| CVE-2020-0658 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important |
| CVE-2020-0744 | Windows GDI Information Disclosure Vulnerability | Important |
| CVE-2020-0698 | Windows Information Disclosure Vulnerability | Important |
| CVE-2020-0736 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2020-0675 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
| CVE-2020-0676 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
| CVE-2020-0677 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
| CVE-2020-0748 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
| CVE-2020-0755 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
| CVE-2020-0756 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
| CVE-2020-0728 | Windows Modules Installer Service Information Disclosure Vulnerability | Important |
| CVE-2020-0705 | Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability | Important |
| CVE-2020-0759 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| CVE-2020-0688 | Microsoft Exchange Memory Corruption Vulnerability | Important |
| CVE-2020-0618 | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability | Important |
| CVE-2020-0655 | Remote Desktop Services Remote Code Execution Vulnerability | Important |
| CVE-2020-0708 | Windows Imaging Library Remote Code Execution Vulnerability | Important |
| CVE-2020-0696 | Microsoft Outlook Security Feature Bypass Vulnerability | Important |
| CVE-2020-0702 | Surface Hub Security Feature Bypass Vulnerability | Important |
| CVE-2020-0695 | Microsoft Office Online Server Spoofing Vulnerability | Important |
| CVE-2020-0697 | Microsoft Office Tampering Vulnerability | Important |
| CVE-2020-0693 | Microsoft Office SharePoint XSS Vulnerability | Important |
| CVE-2020-0694 | Microsoft Office SharePoint XSS Vulnerability | Important |
Altough Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.
Comments
Post a Comment