Skip to main content

Over A Billion Microsoft Windows Users would be affected if not by patched by these IE 0-Days & Other Vulnerabilities!!!

Microsoft patch tuesday
Patch Tuesday

Microsoft released a security update for February under Patch Tuesday with the fixes for 99 vulnerabilities that affected various Microsoft products, including Actively exploited Internet Explorer zero-day vulnerability.
Microsoft recently achieved a big milestone of 1 billion Windows 10 users, and Microsoft issued current security updates for all the Windows 10 users.
Microsoft listed 12 vulnerabilities under “Critical” severity, 87 are listed as Important in severity out of 99 vulnerabilities.
The February security release consists of security updates for the following software:
  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based)
  • ChakraCore
  • Internet Explorer
  • Microsoft Exchange Server
  • Microsoft SQL Server
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Windows Malicious Software Removal Tool
  • Windows Surface Hub
This updates fixed one of the notable actively exploited internet explorer zero-day vulnerability (CVE-2020-0674) in last month that was Affected Millions of Windows Users.
Microsoft advisory said “The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. “
Most of the vulnerabilities under “CRITICAL” severity are belongs to script engine based vulnerabilities through which an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. 
Microsoft fixed a LNK Remote Code Execution Vulnerability (CVE-2020-0729 ) that exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.
An attacker will exploit the vulnerability by inserting a removal drive that contains a malicious.LNK file and an associated malicious binary, once the victims open the files in Windows Explorer the malicious binary will execute code and provide complete control of the system to the attacker.
Another RCE bugs CVE-2020-0618 and CVE-2020-0662 which are nearly identical remote code-execution (RCE) bugs in SQL Server 2012, 2014 and 2016 (32 and 64 bit) and Windows 7, 8.1, 10, Server 2008, 2012, 2016 and 2019, respectively.
two critical remote code-execution vulnerabilities in Remote Desktop (CVE-2020-0681 and CVE-2020-0734) were patched which are are likely to be exploited

Microsoft Security Update list:



CVEVulerability TypeSeverity
CVE-2020-0674Scripting Engine Memory Corruption VulnerabilityCritical
CVE-2020-0683Windows Installer Elevation of Privilege VulnerabilityImportant
CVE-2020-0686Windows Installer Elevation of Privilege VulnerabilityImportant
CVE-2020-0706Microsoft Browser Information Disclosure VulnerabilityImportant
CVE-2020-0689Microsoft Secure Boot Security Feature Bypass VulnerabilityImportant
CVE-2020-0729LNK Remote Code Execution VulnerabilityCritical
CVE-2020-0738Media Foundation Memory Corruption VulnerabilityCritical
CVE-2020-0681Remote Desktop Client Remote Code Execution VulnerabilityCritical
CVE-2020-0734Remote Desktop Client Remote Code Execution VulnerabilityCritical
CVE-2020-0673Scripting Engine Memory Corruption VulnerabilityCritical
CVE-2020-0767Scripting Engine Memory Corruption VulnerabilityCritical
CVE-2020-0710Scripting Engine Memory Corruption VulnerabilityCritical
CVE-2020-0712Scripting Engine Memory Corruption VulnerabilityCritical
CVE-2020-0713Scripting Engine Memory Corruption VulnerabilityCritical
CVE-2020-0711Scripting Engine Memory Corruption VulnerabilityCritical
CVE-2020-0662Windows Remote Code Execution VulnerabilityCritical
CVE-2020-0757Windows SSH Elevation of Privilege VulnerabilityImportant
CVE-2020-0661Windows Hyper-V Denial of Service VulnerabilityImportant
CVE-2020-0751Windows Hyper-V Denial of Service VulnerabilityImportant
CVE-2020-0660Windows Remote Desktop Protocol (RDP) Denial of Service VulnerabilityImportant
CVE-2020-0665Active Directory Elevation of Privilege VulnerabilityImportant
CVE-2020-0740Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0741Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0742Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0743Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0749Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0750Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0727Connected User Experiences and Telemetry Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0709DirectX Elevation of Privilege VulnerabilityImportant
CVE-2020-0732DirectX Elevation of Privilege VulnerabilityImportant
CVE-2020-0663Microsoft Edge Elevation of Privilege VulnerabilityImportant
CVE-2020-0692Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
CVE-2020-0720Win32k Elevation of Privilege VulnerabilityImportant
CVE-2020-0721Win32k Elevation of Privilege VulnerabilityImportant
CVE-2020-0722Win32k Elevation of Privilege VulnerabilityImportant
CVE-2020-0723Win32k Elevation of Privilege VulnerabilityImportant
CVE-2020-0725Win32k Elevation of Privilege VulnerabilityImportant
CVE-2020-0726Win32k Elevation of Privilege VulnerabilityImportant
CVE-2020-0731Win32k Elevation of Privilege VulnerabilityImportant
CVE-2020-0719Win32k Elevation of Privilege VulnerabilityImportant
CVE-2020-0724Win32k Elevation of Privilege VulnerabilityImportant
CVE-2020-0691Win32k Elevation of Privilege VulnerabilityImportant
CVE-2020-0703Windows Backup Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0701Windows Client License Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0685Windows COM Server Elevation of Privilege VulnerabilityImportant
CVE-2020-0657Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
CVE-2020-0747Windows Data Sharing Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0659Windows Data Sharing Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0737Windows Elevation of Privilege VulnerabilityImportant
CVE-2020-0739Windows Elevation of Privilege VulnerabilityImportant
CVE-2020-0753Windows Error Reporting Elevation of Privilege VulnerabilityImportant
CVE-2020-0754Windows Error Reporting Elevation of Privilege VulnerabilityImportant
CVE-2020-0678Windows Error Reporting Manager Elevation of Privilege VulnerabilityImportant
CVE-2020-0679Windows Function Discovery Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0680Windows Function Discovery Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0682Windows Function Discovery Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0792Windows Graphics Component Elevation of Privilege VulnerabilityImportant
CVE-2020-0745Windows Graphics Component Elevation of Privilege VulnerabilityImportant
CVE-2020-0715Windows Graphics Component Elevation of Privilege VulnerabilityImportant
CVE-2020-0707Windows IME Elevation of Privilege VulnerabilityImportant
CVE-2020-0668Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2020-0669Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2020-0670Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2020-0671Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2020-0672Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2020-0733Windows Malicious Software Removal Tool Elevation of Privilege VulnerabilityImportant
CVE-2020-0666Windows Search Indexer Elevation of Privilege VulnerabilityImportant
CVE-2020-0667Windows Search Indexer Elevation of Privilege VulnerabilityImportant
CVE-2020-0735Windows Search Indexer Elevation of Privilege VulnerabilityImportant
CVE-2020-0752Windows Search Indexer Elevation of Privilege VulnerabilityImportant
CVE-2020-0730Windows User Profile Service Elevation of Privilege VulnerabilityImportant
CVE-2020-0704Windows Wireless Network Manager Elevation of Privilege VulnerabilityImportant
CVE-2020-0714DirectX Information Disclosure VulnerabilityImportant
CVE-2020-0746Microsoft Graphics Components Information Disclosure VulnerabilityImportant
CVE-2020-0717Win32k Information Disclosure VulnerabilityImportant
CVE-2020-0716Win32k Information Disclosure VulnerabilityImportant
CVE-2020-0658Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
CVE-2020-0744Windows GDI Information Disclosure VulnerabilityImportant
CVE-2020-0698Windows Information Disclosure VulnerabilityImportant
CVE-2020-0736Windows Kernel Information Disclosure VulnerabilityImportant
CVE-2020-0675Windows Key Isolation Service Information Disclosure VulnerabilityImportant
CVE-2020-0676Windows Key Isolation Service Information Disclosure VulnerabilityImportant
CVE-2020-0677Windows Key Isolation Service Information Disclosure VulnerabilityImportant
CVE-2020-0748Windows Key Isolation Service Information Disclosure VulnerabilityImportant
CVE-2020-0755Windows Key Isolation Service Information Disclosure VulnerabilityImportant
CVE-2020-0756Windows Key Isolation Service Information Disclosure VulnerabilityImportant
CVE-2020-0728Windows Modules Installer Service Information Disclosure VulnerabilityImportant
CVE-2020-0705Windows Network Driver Interface Specification (NDIS) Information Disclosure VulnerabilityImportant
CVE-2020-0759Microsoft Excel Remote Code Execution VulnerabilityImportant
CVE-2020-0688Microsoft Exchange Memory Corruption VulnerabilityImportant
CVE-2020-0618Microsoft SQL Server Reporting Services Remote Code Execution VulnerabilityImportant
CVE-2020-0655Remote Desktop Services Remote Code Execution VulnerabilityImportant
CVE-2020-0708Windows Imaging Library Remote Code Execution VulnerabilityImportant
CVE-2020-0696Microsoft Outlook Security Feature Bypass VulnerabilityImportant
CVE-2020-0702Surface Hub Security Feature Bypass VulnerabilityImportant
CVE-2020-0695Microsoft Office Online Server Spoofing VulnerabilityImportant
CVE-2020-0697Microsoft Office Tampering VulnerabilityImportant
CVE-2020-0693Microsoft Office SharePoint XSS VulnerabilityImportant
CVE-2020-0694Microsoft Office SharePoint XSS VulnerabilityImportant

Altough Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.


Comments

Popular posts from this blog

10 Best Forum Software For Webmasters

10 Best Forum Software For Webmasters Do you want to create your online discussion forum or online community where people can discuss about their favorite topics? In this article, you can see 10 best forum software (scripts for setting up discussion forums) that can be used free of cost. Although some scripts are paid but rest of these forum scripts are free to use.You only need to buy hosting space and domain name for your website and after then you can install any of these forum scripts to start your own discussion forums on the internet. Online discussion forums generate huge page views because thousands of people want to join online discussion forums to ask questions or share knowledge. Some of online marketers join forums to discuss about their products with community members. You don't need to acquire any kind of technical skill to run a professional discussion forums because these days, almost all web hosting providers offer one click script installer which h...

|Bypass Symlink on 2013 Server With Different .htaccess and Methods by Sen Haxor |

Hi, Guys,  Please a wonderfull tutorial provided bt Sem;\  Today I gonna Explain how to bypass Symlink on 2013 Server With Different .htaccess and Methods. So let's Get Started :) Note: This method is not applicable for Godaddy, Bluehost, Hostgator and Hostmonstor Servers. For This First You Need the Following Files : 1 -> Sen Haxor CGI Shell 2 -> sen.zip 3 -> passwd-bypass.php 4 -> Turbo Brute force Cpanel 5 - > Port.py First Before Starting to symlink we need to create php.ini and ini.php to Disable Safe mode and Disabled Functions on the server . Use the Following Code : Make a php.ini with the following code safe_mode=Off And ini.php with <? echo ini_get("safe_mode"); echo ini_get("open_basedir"); include($_GET["file"]); ini_restore("safe_mode"); ini_restore("open_basedir"); echo ini_get("safe_mode"); echo...

How to Hack WhatsApp using just a GIF

A picture is worth a thousand words, but a GIF is worth a thousand pictures. Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight. But what if an innocent-looking GIF greeting with Good morning, Happy Birthday, or Merry Christmas message hacks your smartphone? Well, not a theoretical idea anymore. WhatsApp has recently patched a critical security vulnerability in its app for Android, which remained unpatched for at least 3 months after being discovered, and if exploited, could have allowed remote hackers to compromise Android devices and potentially steal files and chat messages. WhatsApp Remote Code Execution Vulnerability The vulnerability, tracked as  CVE-2019-11932 , is a double-free memory corruption bug that doesn't actually reside in the WhatsApp code itself, but in an open-source GIF image parsing library that What...