Microsoft has released February Patch Tuesday security updates, addressing total 101 vulnerabilities in the family of Windows operating systems and related products. Out of these, 13 are classified as Critical and 88 as Important which includes Office Services and Web Apps, Internet Explorer, Edge, Microsoft Exchange Server, Malicious Software Removal Tool, and Surface Hub.
The critical bugs predominantly are remote code execution and memory corruption bugs that reside in the Internet Explorer, Scripting engine, Media Foundation component, LNK files, and the Remote Desktop Protocol.
Amongst the 13 critical vulnerabilities, a memory-corruption vulnerability in Internet explorer disclosed in late January that is under active attack gets the highest attention.
Zero-day and In-The-Wild vulnerability:
Scripting Engine Memory Corruption Vulnerability|CVE-2020-0674:
Microsoft has now released an update for the previously disclosed zero-day vulnerability in Internet Explorer. The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group.
A remote code execution vulnerability exists in the manner that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker could host a specially crafted website that is intended to exploit the vulnerability through Internet Explorer and then persuade a user to see the website. Additionally, an attacker could embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that has the IE rendering engine.
Microsoft also added that this vulnerability can be exploited when any website utilizing JScript is accessed using a vulnerable IE browser. Researchers from 360 security linked the active exploitation of the 0day vulnerability of the IE script engine to an APT named DarkHotel.
For detailed information click here
Publicly Disclosed Vulnerability:
- Two vulnerabilities exist inside the Windows Installer that could allow attackers to include or expel files from a system because of how symbolic links are handled inside MSI bundles
- To exploit this vulnerability, an attacker would need to be signed into the system and have a noxious application designed to target the vulnerability.
- An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests.
- To exploit this vulnerability, an attacker could host a maliciously crafted website. Also, compromised websites and sites that acknowledge or have client provided content or ads. These websites could contain specially created content that could exploit the vulnerability.
- However, in all cases, an attacker would have to convince users to take action.
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability|CVE-2020-0618:
- A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests.
- To exploit the vulnerability, an authenticated attacker would need to submit a specially crafted page request to an affected Reporting Services instance.
- Successfully exploitation of the vulnerability could execute code in the context of the Report Server service account.
- A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server.
- To exploit this vulnerability, an attacker would need to his controlled server and then persuade a user to connect to it. An attacker would have no chance to get of driving a user to associate with the noxious server, they would need to fool the user into interfacing through social engineering, DNS poisoning or utilizing a Man in the Middle (MITM) strategy. An attacker could likewise compromise an authentic server, have malicious code on it, and wait for the client will connect.
- Successfully exploitation of the vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Microsoft Security Bulletin Summary for February 2020:
Product: Microsoft Windows
CVEs/Advisory: CVE-2020-0655, CVE-2020-0657, CVE-2020-0658, CVE-2020-0659, CVE-2020-0660, CVE-2020-0661, CVE-2020-0662, CVE-2020-0665, CVE-2020-0666, CVE-2020-0667, CVE-2020-0668, CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672, CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0678, CVE-2020-0679, CVE-2020-0680, CVE-2020-0681, CVE-2020-0682, CVE-2020-0683, CVE-2020-0685, CVE-2020-0686, CVE-2020-0689, CVE-2020-0691, CVE-2020-0698, CVE-2020-0701, CVE-2020-0703, CVE-2020-0704, CVE-2020-0705, CVE-2020-0707, CVE-2020-0708, CVE-2020-0709, CVE-2020-0714, CVE-2020-0715, CVE-2020-0716, CVE-2020-0717, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0727, CVE-2020-0728, CVE-2020-0729, CVE-2020-0730, CVE-2020-0731, CVE-2020-0732, CVE-2020-0734, CVE-2020-0735, CVE-2020-0736, CVE-2020-0737, CVE-2020-0738, CVE-2020-0739, CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0744, CVE-2020-0745, CVE-2020-0746, CVE-2020-0747, CVE-2020-0748, CVE-2020-0749, CVE-2020-0750, CVE-2020-0751, CVE-2020-0752, CVE-2020-0753, CVE-2020-0754, CVE-2020-0755, CVE-2020-0756, CVE-2020-0757, CVE-2020-0792, CVE-2020-0817, CVE-2020-0818
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
KBs: 4502496, 4524244, 4532691, 4532693, 4537762, 4537764, 4537776, 4537789, 4537794, 4537803, 4537810, 4537813, 4537814, 4537820, 4537821, 4537822
Product: Microsoft Edge (EdgeHTML-based)
CVEs/Advisory: CVE-2020-0663, CVE-2020-0706, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767
Impact: Elevation of Privilege, Information Disclosure, Remote Code Execution
KBs: 4532691, 4532693, 4537762, 4537764, 4537776, 4537789
Product: Internet Explorer
CVEs/Advisory: CVE-2020-0673, CVE-2020-0674, CVE-2020-0706
Impact: Information Disclosure, Remote Code Execution
KBs: 4532691, 4532693, 4537762, 4537764, 4537767, 4537776, 4537789, 4537810, 4537814, 4537820, 4537821
Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory: CVE-2020-0693, CVE-2020-0694, CVE-2020-0695, CVE-2020-0696, CVE-2020-0697, CVE-2020-0759
Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Tampering
KBs: 4484156, 4484163, 4484250, 4484254, 4484255, 4484256, 4484259, 4484264, 4484265, 4484267