Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ The February 2020 Security Update Review

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š The February 2020 Security Update Review


๐Ÿ’ก Newskategorie: Hacking
๐Ÿ”— Quelle: thezdi.com

February is here, and with it comes some significant security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.

Adobe Patches for February 2020

The Adobe release for February includes five bulletins addressing a total of 42 CVEs in Framemaker, Experience Manager, Adobe Digital Editions, Flash, and Acrobat and Reader. The update for Framemaker fixes 21 Critical-rated bugs, all of which were submitted through the ZDI program. The vast majority of these are Out-of-Bounds (OOB) write bugs that could lead to code execution. The update for Adobe Acrobat and Reader fixes 17 CVEs โ€“ seven of which are Use-After-Free (UAF) bugs. The worst of these bugs could allow an attacker to execute code on an affected system if they opened a specially crafted file. The Flash update fixes a single type confusion bug that could allow code execution at the level of the logged-on user. The patch for Adobe Digital Editions fixes two CVEs, one of which is a command injection bug that could allow code execution. The final patch from Adobe for February corrects a single Denial-of-Service (DoS) bug in the Experience Manager. None of these bugs are listed as publicly known or under active attack at the time of release.

We should also mention that Adobe released a patch for their Magento Commerce platform in late January to correct six CVEs. Adobe acquired Magento last May for $1.68 billion USD, and this appears to be the first patch released for the platform since the acquisition. None of these Critical- and Important-rated bugs are listed as publicly known or under active attack. What isnโ€™t clear is if patches for Magento will eventually be included in the regular Patch Tuesday release or if they will be released outside of the standard schedule.

Microsoft Patches for February 2020

For February, Microsoft released patches for a whopping 99 CVEs covering Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Internet Explorer (IE), SQL Server, Exchange Server, Office and Office Services and Web Apps, Azure DevOps Server, Team Foundation Server, and the Microsoft Malware Protection Engine. Of the 99 CVEs, 12 are listed as Critical while the remaining 87 are listed as Important in severity. Three of these vulnerabilities were reported through the ZDI program. According to Microsoft, five of these bugs are publicly known and one is currently under active attack.

Letโ€™s take a closer look at some of the more interesting updates for this month, starting with the bug reported to be under active attack since mid-January:

-ย ย ย ย ย ย  CVE-2020-0674 โ€“ Scripting Engine Memory Corruption Vulnerability
This browser bug impacts IE and the other programs that rely on the Trident rendering engine. Microsoft first warned users of this bug back on January 17. Attackers can execute code on affected systems if a user browses to a specially crafted website. Even if you donโ€™t use IE, you could still be affected by this bug though embedded objects in Office documents. Considering the listed workaround โ€“ disabling jscript.dll โ€“ breaks a fair amount of functionality, you should prioritize the testing and deployment of this patch.

-ย ย ย ย ย ย  CVE-2020-0688 โ€“ Microsoft Exchange Memory Corruption Vulnerability
This code execution bug in Exchange is only listed as Important, but you should treat it as a Critical-rated vulnerability. An attacker could gain code execution on affected Exchange servers by sending a specially crafted e-mail. No other user interaction is required. The code execution occurs at System-level permissions, so the attacker could completely take control of an Exchange server through a single e-mail. This bug was reported through our program, and weโ€™ll publish details about it in the near future.

-ย ย ย ย ย ย  CVE-2020-0729 โ€“ LNK Remote Code Execution Vulnerability
Bugs impacting link files (.LNK) never fail to amaze me. If .LNK vulnerabilities ring a bell, thatโ€™s likely due to one being used in the Stuxnet malware that remained one of the most widely exploited software flaws for years to come. This bug is similar. An attacker could use this vulnerability to get code execution by having an affected system process a specially crafted .LNK file. This could be done by convincing a user to open a remote share, or โ€“ as has been seen in the past โ€“ placing the .LNK file on a USB drive and having the user open it. Itโ€™s a handy way to exploit an air-gapped system.

-ย ย ย ย ย ย  CVE-2020-0689 โ€“ Microsoft Secure Boot Security Feature Bypass Vulnerability
This security feature bypass bug could allow attackers to circumvent the Secure Boot feature and load untrusted software on an affected system. This is one of the publicly known bugs being patched this month. While this is certainly a bug to scrutinize, itโ€™s compounded by a non-standard patching process. This monthโ€™s servicing stack must first be applied, then additional standalone security updates need to be installed. If you have the Windows Defender Credential Guard (Virtual Secure Mode) enabled, youโ€™ll need to go through two additional reboots as well. All this is needed to block impacted third-party bootloaders.

Hereโ€™s the full list of CVEs released by Microsoft for February 2020.

CVE Title Severity Public Exploited XI - Latest XI - Older Type
CVE-2020-0674 Scripting Engine Memory Corruption Vulnerability Critical Yes Yes 0 0 RCE
CVE-2020-0683 Windows Installer Elevation of Privilege Vulnerability Important Yes No 2 2 EoP
CVE-2020-0686 Windows Installer Elevation of Privilege Vulnerability Important Yes No 2 2 EoP
CVE-2020-0706 Microsoft Browser Information Disclosure Vulnerability Important Yes No 2 2 Info
CVE-2020-0689 Microsoft Secure Boot Security Feature Bypass Vulnerability Important Yes No 2 2 SFB
CVE-2020-0729 LNK Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0738 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-0681 Remote Desktop Client Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2020-0734 Remote Desktop Client Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2020-0673 Scripting Engine Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2020-0767 Scripting Engine Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-0710 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0712 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0713 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0711 Scripting Engine Memory Corruption Vulnerability Critical No No N/A 2 RCE
CVE-2020-0662 Windows Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0757 Windows SSH Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0661 Windows Hyper-V Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-0751 Windows Hyper-V Denial of Service Vulnerability Important No No 2 N/A DoS
CVE-2020-0660 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-0665 Active Directory Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0740 Connected Devices Platform Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0741 Connected Devices Platform Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0742 Connected Devices Platform Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0743 Connected Devices Platform Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0749 Connected Devices Platform Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0750 Connected Devices Platform Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0727 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0709 DirectX Elevation of Privilege Vulnerability Important No No N/A 2 EoP
CVE-2020-0732 DirectX Elevation of Privilege Vulnerability Important No No N/A 2 EoP
CVE-2020-0663 Microsoft Edge Elevation of Privilege Vulnerability Important No No 2 N/A EoP
CVE-2020-0692 Microsoft Exchange Server Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0720 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0721 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0722 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0723 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0725 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0726 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0731 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0719 Win32k Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0724 Win32k Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0691 Win32k Elevation of Privilege Vulnerability Important No No 3 3 EoP
CVE-2020-0703 Windows Backup Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0701 Windows Client License Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0685 Windows COM Server Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0657 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0747 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0659 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0737 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0739 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0753 Windows Error Reporting Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0754 Windows Error Reporting Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0678 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0679 Windows Function Discovery Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0680 Windows Function Discovery Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0682 Windows Function Discovery Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0792 Windows Graphics Component Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0745 Windows Graphics Component Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0715 Windows Graphics Component Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0707 Windows IME Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0668 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0669 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0670 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0671 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0672 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0733 Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability Important No No 2 N/A EoP
CVE-2020-0666 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0667 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0735 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0752 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0730 Windows User Profile Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0704 Windows Wireless Network Manager Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0714 DirectX Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0746 Microsoft Graphics Components Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0717 Win32k Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0716 Win32k Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2020-0658 Windows Common Log File System Driver Information Disclosure Vulnerability Important No No 1 1 Info
CVE-2020-0744 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0698 Windows Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0736 Windows Kernel Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2020-0675 Windows Key Isolation Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0676 Windows Key Isolation Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0677 Windows Key Isolation Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0748 Windows Key Isolation Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0755 Windows Key Isolation Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0756 Windows Key Isolation Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0728 Windows Modules Installer Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0705 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0759 Microsoft Excel Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0688 Microsoft Exchange Memory Corruption Vulnerability Important No No 1 1 RCE
CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0655 Remote Desktop Services Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0708 Windows Imaging Library Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0696 Microsoft Outlook Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2020-0702 Surface Hub Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2020-0695 Microsoft Office Online Server Spoofing Vulnerability Important No No 2 N/A Spoof
CVE-2020-0697 Microsoft Office Tampering Vulnerabil ...



๐Ÿ“Œ The February 2020 Security Update Review


๐Ÿ“ˆ 23.35 Punkte

๐Ÿ“Œ The February 2019 Security Update Review


๐Ÿ“ˆ 20.78 Punkte

๐Ÿ“Œ The February 2019 Security Update Review


๐Ÿ“ˆ 20.78 Punkte

๐Ÿ“Œ The February 2021 Security Update Review


๐Ÿ“ˆ 20.78 Punkte

๐Ÿ“Œ The February 2022 Security Update Review


๐Ÿ“ˆ 20.78 Punkte

๐Ÿ“Œ The February 2024 Security Update Review


๐Ÿ“ˆ 20.78 Punkte

๐Ÿ“Œ February's Patch Tuesday (February 10, 2016)


๐Ÿ“ˆ 19.91 Punkte

๐Ÿ“Œ February's Patch Tuesday (February 10, 2016)


๐Ÿ“ˆ 19.91 Punkte

๐Ÿ“Œ Ukraine invasion, App Store Changes, and retail openings - Apple's February 2022 in review


๐Ÿ“ˆ 16.35 Punkte

๐Ÿ“Œ Cybersecurity Industry News Review: February 7, 2023


๐Ÿ“ˆ 16.35 Punkte

๐Ÿ“Œ Cybersecurity Industry News Review: February 15, 2023


๐Ÿ“ˆ 16.35 Punkte

๐Ÿ“Œ Cybersecurity Industry News Review: February 21, 2023


๐Ÿ“ˆ 16.35 Punkte

๐Ÿ“Œ Apple Watch ban threat, layoffs, and Jony Ive's red nose -- February 2023 in review


๐Ÿ“ˆ 16.35 Punkte

๐Ÿ“Œ Maemo Leste - Twelfth Update (February and March) 2020


๐Ÿ“ˆ 15.04 Punkte

๐Ÿ“Œ Two Point Hospital joins Xbox Game Pass in February 2020 (update)


๐Ÿ“ˆ 15.04 Punkte

๐Ÿ“Œ Android's February 2020 Update Patches Critical System Vulnerabilities


๐Ÿ“ˆ 15.04 Punkte

๐Ÿ“Œ The Xbox One February 2020 Update is now live


๐Ÿ“ˆ 15.04 Punkte

๐Ÿ“Œ Adobe Releases the February 2020 Security Updates


๐Ÿ“ˆ 14.44 Punkte

๐Ÿ“Œ February 2020 security updates are available


๐Ÿ“ˆ 14.44 Punkte

๐Ÿ“Œ Microsoft's February 2020 Patch Tuesday fixes 99 security bugs


๐Ÿ“ˆ 14.44 Punkte

๐Ÿ“Œ Microsoft Releases February 2020 Office Updates With Security Fixes


๐Ÿ“ˆ 14.44 Punkte

๐Ÿ“Œ .NET Framework February 2020 Security and Quality Rollup


๐Ÿ“ˆ 14.44 Punkte

๐Ÿ“Œ Adobe Released February 2020 Security Updates โ€“ Fixes Critical Bugs in 5 Software


๐Ÿ“ˆ 14.44 Punkte

๐Ÿ“Œ February 2020 security updates are available


๐Ÿ“ˆ 14.44 Punkte

๐Ÿ“Œ February 2020 security updates are available


๐Ÿ“ˆ 14.44 Punkte

๐Ÿ“Œ SAP Releases 13 Security Notes on February 2020 Patch Day


๐Ÿ“ˆ 14.44 Punkte

๐Ÿ“Œ Microsoftโ€™s February 2020 Patch Tuesday Fixes 99 Security Bugs โ€“ Expert Insight


๐Ÿ“ˆ 14.44 Punkte

๐Ÿ“Œ February 2019 Security Update Release


๐Ÿ“ˆ 14.39 Punkte

๐Ÿ“Œ Sony Starts Pushing February Security Update to Xperia Smartphones


๐Ÿ“ˆ 14.39 Punkte

๐Ÿ“Œ Google Releases February Security Update for Pixel and Nexus Devices


๐Ÿ“ˆ 14.39 Punkte

๐Ÿ“Œ February 2019 Security Update Release


๐Ÿ“ˆ 14.39 Punkte











matomo