Advisory Microsoft February 2020 Patch Tuesday
Total Page:16
File Type:pdf, Size:1020Kb
Advisory Microsoft February 2020 Patch Tuesday aeCERT One of Telecommunications Regulatory Authority (TRA) Initiatives P O Box 116688, Dubai, United Arab Emirates (UAE) www.aecert.ae | www.tra.gov.ae Version: 1.0 Ref: ADV-19-011 Document Date: 16/02/2020 Document Details Disclaimer Whilst every effort has been made to ensure the accuracy of the information contained within this report, aeCERT and the TRA bear no liability or responsibility for any recommendations issued or inadvertent damages that could be caused by the recipient of this information. Accessing third-party links in this advisory will direct you to an external website. Please note that aeCERT bears no responsibility for third-party website traffic. aeCERT will have no liability to the entities for the content or use of the content available through the hyperlinks that are referenced. Contents Contents 1 Summary 2 Details 2 Recommendations 9 References 9 1 | P a g e Summary aeCERT has received the latest Microsoft security updates that aim to patch recent vulnerabilities discovered in their system. The release has impact on some Microsoft products. In order to protect windows from security risks, users should install latest update as soon as possible. Details In addition to the Internet Explorer zero-day vulnerability discovered in the middle of January, Microsoft discovered other three vulnerabilities that were disclosed to the public but not exploited yet: • CVE-2020-0683 - Windows installer elevation of privilege vulnerability. • CVE-2020-0686 - Windows installer elevation of privilege vulnerability. • CVE-2020-0706 - Microsoft browser information disclosure vulnerability. Further details about the security update can be found on Microsoft’s website here. The table below shows resolved vulnerabilities and released advisories in the February 2020 patch update. Tag CVE ID CVE Title Severity Microsoft Scripting CVE-2020-0713 Scripting Engine Memory Corruption Vulnerability Critical Engine Microsoft Scripting CVE-2020-0711 Scripting Engine Memory Corruption Vulnerability Critical Engine Microsoft Scripting CVE-2020-0710 Scripting Engine Memory Corruption Vulnerability Critical Engine Microsoft Scripting CVE-2020-0712 Scripting Engine Memory Corruption Vulnerability Critical Engine 2 | P a g e Microsoft Scripting CVE-2020-0767 Scripting Engine Memory Corruption Vulnerability Critical Engine Microsoft Windows CVE-2020-0681 Remote Desktop Client Remote Code Execution Critical Vulnerability Remote Desktop CVE-2020-0734 Remote Desktop Client Remote Code Execution Critical Client Vulnerability Windows Hyper-V CVE-2020-0662 Windows Remote Code Execution Vulnerability Critical Windows Media CVE-2020-0738 Media Foundation Memory Corruption Vulnerability Critical Windows Shell CVE-2020-0729 LNK Remote Code Execution Vulnerability Critical Adobe flash player ADV200003 February 2020 Adobe Flash Security Update Important Microsoft Edge CVE-2020-0663 Microsoft Edge Elevation of Privilege Vulnerability Important Microsoft Edge CVE-2020-0706 Microsoft Browser Information Disclosure Important Vulnerability Microsoft Exchange CVE-2020-0692 Microsoft Exchange Server Elevation of Privilege Important Server Vulnerability Microsoft Exchange CVE-2020-0688 Microsoft Exchange Memory Corruption Important Server Vulnerability Microsoft Exchange CVE-2020-0696 Microsoft Outlook Security Feature Bypass Important Server Vulnerability Microsoft Graphics CVE-2020-0744 Windows GDI Information Disclosure Vulnerability Important Component Microsoft Graphics CVE-2020-0745 Windows Graphics Component Elevation of Important Component Privilege Vulnerability Microsoft Graphics CVE-2020-0714 DirectX Information Disclosure Vulnerability Important Component 3 | P a g e Microsoft Graphics CVE-2020-0715 Windows Graphics Component Elevation of Important Component Privilege Vulnerability Microsoft Graphics CVE-2020-0746 Microsoft Graphics Components Information Important Component Disclosure Vulnerability Microsoft Graphics CVE-2020-0709 DirectX Elevation of Privilege Vulnerability Important Component Microsoft Graphics CVE-2020-0792 Windows Graphics Component Elevation of Important Component Privilege Vulnerability Microsoft Malware CVE-2020-0733 Windows Malicious Software Removal Tool Important Protection Engine Elevation of Privilege Vulnerability Microsoft Office CVE-2020-0697 Microsoft Office Tampering Vulnerability Important Microsoft Office CVE-2020-0759 Microsoft Excel Remote Code Execution Important Vulnerability Microsoft Office CVE-2020-0695 Microsoft Office Online Server Spoofing Important Vulnerability Microsoft Office CVE-2020-0694 Microsoft Office SharePoint XSS Vulnerability Important SharePoint Microsoft Office CVE-2020-0693 Microsoft Office SharePoint XSS Vulnerability Important SharePoint Microsoft Windows CVE-2020-0741 Connected Devices Platform Service Elevation of Important Privilege Vulnerability Microsoft Windows CVE-2020-0742 Connected Devices Platform Service Elevation of Important Privilege Vulnerability Microsoft Windows CVE-2020-0740 Connected Devices Platform Service Elevation of Important Privilege Vulnerability Microsoft Windows CVE-2020-0658 Windows Common Log File System Driver Important Information Disclosure Vulnerability 4 | P a g e Microsoft Windows CVE-2020-0737 Windows Elevation of Privilege Vulnerability Important Microsoft Windows CVE-2020-0659 Windows Data Sharing Service Elevation of Important Privilege Vulnerability Microsoft Windows CVE-2020-0739 Windows Elevation of Privilege Vulnerability Important Microsoft Windows CVE-2020-0757 Windows SSH Elevation of Privilege Vulnerability Important Microsoft Windows CVE-2020-0732 DirectX Elevation of Privilege Vulnerability Important Microsoft Windows CVE-2020-0753 Windows Error Reporting Elevation of Privilege Important Vulnerability Microsoft Windows CVE-2020-0755 Windows Key Isolation Service Information Important Disclosure Vulnerability Microsoft Windows CVE-2020-0754 Windows Error Reporting Elevation of Privilege Important Vulnerability Microsoft Windows CVE-2020-0657 Windows Common Log File System Driver Important Elevation of Privilege Vulnerability Microsoft Windows CVE-2020-0667 Windows Search Indexer Elevation of Privilege Important Vulnerability Microsoft Windows CVE-2020-0743 Connected Devices Platform Service Elevation of Important Privilege Vulnerability Microsoft Windows CVE-2020-0666 Windows Search Indexer Elevation of Privilege Important Vulnerability Microsoft Windows CVE-2020-0748 Windows Key Isolation Service Information Important Disclosure Vulnerability Microsoft Windows CVE-2020-0747 Windows Data Sharing Service Elevation of Important Privilege Vulnerability Microsoft Windows CVE-2020-0668 Windows Kernel Elevation of Privilege Vulnerability Important 5 | P a g e Microsoft Windows CVE-2020-0704 Windows Wireless Network Manager Elevation of Important Privilege Vulnerability Microsoft Windows CVE-2020-0685 Windows COM Server Elevation of Privilege Important Vulnerability Microsoft Windows CVE-2020-0676 Windows Key Isolation Service Information Important Disclosure Vulnerability Microsoft Windows CVE-2020-0678 Windows Error Reporting Manager Elevation of Important Privilege Vulnerability Microsoft Windows CVE-2020-0703 Windows Backup Service Elevation of Privilege Important Vulnerability Microsoft Windows CVE-2020-0680 Windows Function Discovery Service Elevation of Important Privilege Vulnerability Microsoft Windows CVE-2020-0679 Windows Function Discovery Service Elevation of Important Privilege Vulnerability Microsoft Windows CVE-2020-0677 Windows Key Isolation Service Information Important Disclosure Vulnerability Microsoft Windows CVE-2020-0682 Windows Function Discovery Service Elevation of Important Privilege Vulnerability Microsoft Windows CVE-2020-0756 Windows Key Isolation Service Information Important Disclosure Vulnerability Microsoft Windows CVE-2020-0670 Windows Kernel Elevation of Privilege Vulnerability Important Microsoft Windows CVE-2020-0675 Windows Key Isolation Service Information Important Disclosure Vulnerability Microsoft Windows CVE-2020-0669 Windows Kernel Elevation of Privilege Vulnerability Important Microsoft Windows CVE-2020-0727 Connected User Experiences and Telemetry Important Service Elevation of Privilege Vulnerability 6 | P a g e Microsoft Windows CVE-2020-0671 Windows Kernel Elevation of Privilege Vulnerability Important Microsoft Windows CVE-2020-0672 Windows Kernel Elevation of Privilege Vulnerability Important Microsoft Windows CVE-2020-0698 Windows Information Disclosure Vulnerability Important Microsoft Windows CVE-2020-0701 Windows Client License Service Elevation of Important Privilege Vulnerability Microsoft Windows CVE-2020-0735 Windows Search Indexer Elevation of Privilege Important Search Component Vulnerability Secure Boot CVE-2020-0689 Microsoft Secure Boot Security Feature Bypass Important Vulnerability SQL Server CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Important Code Execution Vulnerability Windows CVE-2020-0665 Active Directory Elevation of Privilege Vulnerability Important Authentication Methods Windows COM CVE-2020-0752 Windows Search Indexer Elevation of Privilege Important Vulnerability Windows COM CVE-2020-0749 Connected Devices Platform Service Elevation of Important Privilege Vulnerability Windows COM CVE-2020-0750 Connected Devices Platform Service Elevation of Important Privilege Vulnerability Windows Hyper-V CVE-2020-0751 Windows Hyper-V Denial of Service Vulnerability Important Windows Hyper-V CVE-2020-0661 Windows