Advisory February 2020 Patch Tuesday

aeCERT One of Telecommunications Regulatory Authority (TRA) Initiatives P O Box 116688, Dubai, United Arab Emirates (UAE) www.aecert.ae | www.tra.gov.ae

Version: 1.0 Ref: ADV-19-011 Document Date: 16/02/2020

Document Details

Disclaimer

Whilst every effort has been made to ensure the accuracy of the information contained within this report, aeCERT and the TRA bear no liability or responsibility for any recommendations issued or inadvertent damages that could be caused by the recipient of this information.

Accessing third-party links in this advisory will direct you to an external website. Please note that aeCERT bears no responsibility for third-party website traffic. aeCERT will have no liability to the entities for the content or use of the content available through the hyperlinks that are referenced.

Contents

Contents 1

Summary 2

Details 2

Recommendations 9

References 9

1 | P a g e

Summary aeCERT has received the latest Microsoft security updates that aim to patch recent vulnerabilities discovered in their system. The release has impact on some Microsoft products. In order to protect windows from security risks, users should install latest update as soon as possible.

Details

In addition to the zero-day vulnerability discovered in the middle of January, Microsoft discovered other three vulnerabilities that were disclosed to the public but not exploited yet: • CVE-2020-0683 - elevation of privilege vulnerability. • CVE-2020-0686 - Windows installer elevation of privilege vulnerability. • CVE-2020-0706 - Microsoft browser information disclosure vulnerability.

Further details about the security update can be found on Microsoft’s website here.

The table below shows resolved vulnerabilities and released advisories in the February 2020 patch update.

Tag CVE ID CVE Title Severity

Microsoft Scripting CVE-2020-0713 Scripting Engine Memory Corruption Vulnerability Critical Engine

Microsoft Scripting CVE-2020-0711 Scripting Engine Memory Corruption Vulnerability Critical Engine

Microsoft Scripting CVE-2020-0710 Scripting Engine Memory Corruption Vulnerability Critical Engine

Microsoft Scripting CVE-2020-0712 Scripting Engine Memory Corruption Vulnerability Critical Engine

2 | P a g e

Microsoft Scripting CVE-2020-0767 Scripting Engine Memory Corruption Vulnerability Critical Engine

Microsoft Windows CVE-2020-0681 Remote Desktop Client Remote Code Execution Critical Vulnerability

Remote Desktop CVE-2020-0734 Remote Desktop Client Remote Code Execution Critical Client Vulnerability

Windows Hyper-V CVE-2020-0662 Windows Remote Code Execution Vulnerability Critical

Windows Media CVE-2020-0738 Memory Corruption Vulnerability Critical

Windows Shell CVE-2020-0729 LNK Remote Code Execution Vulnerability Critical

Adobe flash player ADV200003 February 2020 Adobe Flash Security Update Important

Microsoft Edge CVE-2020-0663 Elevation of Privilege Vulnerability Important

Microsoft Edge CVE-2020-0706 Microsoft Browser Information Disclosure Important Vulnerability

Microsoft Exchange CVE-2020-0692 Microsoft Exchange Elevation of Privilege Important Server Vulnerability

Microsoft Exchange CVE-2020-0688 Microsoft Exchange Memory Corruption Important Server Vulnerability

Microsoft Exchange CVE-2020-0696 Microsoft Outlook Security Feature Bypass Important Server Vulnerability

Microsoft Graphics CVE-2020-0744 Windows GDI Information Disclosure Vulnerability Important Component

Microsoft Graphics CVE-2020-0745 Windows Graphics Component Elevation of Important Component Privilege Vulnerability

Microsoft Graphics CVE-2020-0714 DirectX Information Disclosure Vulnerability Important Component

3 | P a g e

Microsoft Graphics CVE-2020-0715 Windows Graphics Component Elevation of Important Component Privilege Vulnerability

Microsoft Graphics CVE-2020-0746 Microsoft Graphics Components Information Important Component Disclosure Vulnerability

Microsoft Graphics CVE-2020-0709 DirectX Elevation of Privilege Vulnerability Important Component

Microsoft Graphics CVE-2020-0792 Windows Graphics Component Elevation of Important Component Privilege Vulnerability

Microsoft Malware CVE-2020-0733 Windows Malicious Software Removal Tool Important Protection Engine Elevation of Privilege Vulnerability

Microsoft Office CVE-2020-0697 Tampering Vulnerability Important

Microsoft Office CVE-2020-0759 Microsoft Excel Remote Code Execution Important Vulnerability

Microsoft Office CVE-2020-0695 Microsoft Office Online Server Spoofing Important Vulnerability

Microsoft Office CVE-2020-0694 Microsoft Office SharePoint XSS Vulnerability Important SharePoint

Microsoft Office CVE-2020-0693 Microsoft Office SharePoint XSS Vulnerability Important SharePoint

Microsoft Windows CVE-2020-0741 Connected Devices Platform Service Elevation of Important Privilege Vulnerability

Microsoft Windows CVE-2020-0742 Connected Devices Platform Service Elevation of Important Privilege Vulnerability

Microsoft Windows CVE-2020-0740 Connected Devices Platform Service Elevation of Important Privilege Vulnerability

Microsoft Windows CVE-2020-0658 Windows Common Log Driver Important Information Disclosure Vulnerability

4 | P a g e

Microsoft Windows CVE-2020-0737 Windows Elevation of Privilege Vulnerability Important

Microsoft Windows CVE-2020-0659 Windows Data Sharing Service Elevation of Important Privilege Vulnerability

Microsoft Windows CVE-2020-0739 Windows Elevation of Privilege Vulnerability Important

Microsoft Windows CVE-2020-0757 Windows SSH Elevation of Privilege Vulnerability Important

Microsoft Windows CVE-2020-0732 DirectX Elevation of Privilege Vulnerability Important

Microsoft Windows CVE-2020-0753 Elevation of Privilege Important Vulnerability

Microsoft Windows CVE-2020-0755 Isolation Service Information Important Disclosure Vulnerability

Microsoft Windows CVE-2020-0754 Windows Error Reporting Elevation of Privilege Important Vulnerability

Microsoft Windows CVE-2020-0657 Windows Driver Important Elevation of Privilege Vulnerability

Microsoft Windows CVE-2020-0667 Indexer Elevation of Privilege Important Vulnerability

Microsoft Windows CVE-2020-0743 Connected Devices Platform Service Elevation of Important Privilege Vulnerability

Microsoft Windows CVE-2020-0666 Windows Search Indexer Elevation of Privilege Important Vulnerability

Microsoft Windows CVE-2020-0748 Windows Key Isolation Service Information Important Disclosure Vulnerability

Microsoft Windows CVE-2020-0747 Windows Data Sharing Service Elevation of Important Privilege Vulnerability

Microsoft Windows CVE-2020-0668 Windows Kernel Elevation of Privilege Vulnerability Important

5 | P a g e

Microsoft Windows CVE-2020-0704 Windows Wireless Network Manager Elevation of Important Privilege Vulnerability

Microsoft Windows CVE-2020-0685 Windows COM Server Elevation of Privilege Important Vulnerability

Microsoft Windows CVE-2020-0676 Windows Key Isolation Service Information Important Disclosure Vulnerability

Microsoft Windows CVE-2020-0678 Windows Error Reporting Manager Elevation of Important Privilege Vulnerability

Microsoft Windows CVE-2020-0703 Windows Backup Service Elevation of Privilege Important Vulnerability

Microsoft Windows CVE-2020-0680 Windows Function Discovery Service Elevation of Important Privilege Vulnerability

Microsoft Windows CVE-2020-0679 Windows Function Discovery Service Elevation of Important Privilege Vulnerability

Microsoft Windows CVE-2020-0677 Windows Key Isolation Service Information Important Disclosure Vulnerability

Microsoft Windows CVE-2020-0682 Windows Function Discovery Service Elevation of Important Privilege Vulnerability

Microsoft Windows CVE-2020-0756 Windows Key Isolation Service Information Important Disclosure Vulnerability

Microsoft Windows CVE-2020-0670 Windows Kernel Elevation of Privilege Vulnerability Important

Microsoft Windows CVE-2020-0675 Windows Key Isolation Service Information Important Disclosure Vulnerability

Microsoft Windows CVE-2020-0669 Windows Kernel Elevation of Privilege Vulnerability Important

Microsoft Windows CVE-2020-0727 Connected User Experiences and Telemetry Important Service Elevation of Privilege Vulnerability

6 | P a g e

Microsoft Windows CVE-2020-0671 Windows Kernel Elevation of Privilege Vulnerability Important

Microsoft Windows CVE-2020-0672 Windows Kernel Elevation of Privilege Vulnerability Important

Microsoft Windows CVE-2020-0698 Windows Information Disclosure Vulnerability Important

Microsoft Windows CVE-2020-0701 Windows Client License Service Elevation of Important Privilege Vulnerability

Microsoft Windows CVE-2020-0735 Windows Search Indexer Elevation of Privilege Important Search Component Vulnerability

Secure Boot CVE-2020-0689 Microsoft Secure Boot Security Feature Bypass Important Vulnerability

SQL Server CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Important Code Execution Vulnerability

Windows CVE-2020-0665 Elevation of Privilege Vulnerability Important Authentication Methods

Windows COM CVE-2020-0752 Windows Search Indexer Elevation of Privilege Important Vulnerability

Windows COM CVE-2020-0749 Connected Devices Platform Service Elevation of Important Privilege Vulnerability

Windows COM CVE-2020-0750 Connected Devices Platform Service Elevation of Important Privilege Vulnerability

Windows Hyper-V CVE-2020-0751 Windows Hyper-V Denial of Service Vulnerability Important

Windows Hyper-V CVE-2020-0661 Windows Hyper-V Denial of Service Vulnerability Important

Windows Installer CVE-2020-0686 Windows Installer Elevation of Privilege Important Vulnerability

Windows Installer CVE-2020-0683 Windows Installer Elevation of Privilege Important Vulnerability

7 | P a g e

Windows Installer CVE-2020-0728 Windows Modules Installer Service Information Important Disclosure Vulnerability

Windows Kernel CVE-2020-0722 Win32k Elevation of Privilege Vulnerability Important

Windows Kernel CVE-2020-0721 Win32k Elevation of Privilege Vulnerability Important

Windows Kernel CVE-2020-0719 Win32k Elevation of Privilege Vulnerability Important

Windows Kernel CVE-2020-0720 Win32k Elevation of Privilege Vulnerability Important

Windows Kernel CVE-2020-0723 Win32k Elevation of Privilege Vulnerability Important

Windows Kernel CVE-2020-0731 Win32k Elevation of Privilege Vulnerability Important

Windows Kernel CVE-2020-0726 Win32k Elevation of Privilege Vulnerability Important

Windows Kernel CVE-2020-0724 Win32k Elevation of Privilege Vulnerability Important

Windows Kernel CVE-2020-0725 Win32k Elevation of Privilege Vulnerability Important

Windows Kernel CVE-2020-0717 Win32k Information Disclosure Vulnerability Important

Windows Kernel CVE-2020-0736 Windows Kernel Information Disclosure Important Vulnerability

Windows Kernel CVE-2020-0716 Win32k Information Disclosure Vulnerability Important

Windows Kernel- CVE-2020-0691 Win32k Elevation of Privilege Vulnerability Important Mode Drivers

Windows NDIS CVE-2020-0705 Windows Network Driver Interface Specification Important (NDIS) Information Disclosure Vulnerability

Windows RDP CVE-2020-0660 Windows Remote Desktop Protocol (RDP) Denial Important of Service Vulnerability

Windows Shell CVE-2020-0702 Surface Hub Security Feature Bypass Vulnerability Important

8 | P a g e

Windows Shell CVE-2020-0655 Remote Code Execution Important Vulnerability

Windows Shell CVE-2020-0730 Windows User Profile Service Elevation of Important Privilege Vulnerability

Windows Shell CVE-2020-0707 Windows IME Elevation of Privilege Vulnerability Important

Windows Update CVE-2020-0708 Windows Imaging Remote Code Execution Important Stack Vulnerability

Internet explorer CVE-2020-0674 Scripting engine memory corruption vulnerability Moderate

Internet explorer CVE-2020-0673 Scripting engine memory corruption vulnerability Moderate

Recommendations

To avoid exploitation due to the presence of the vulnerability, we highly recommend to have the latest security patches and updates installed.

References

BleepingComputer

9 | P a g e

aeCERT Contact Info

P.O. Box 116688 Dubai, United Arab Emirates

Tel (+971) 4 777 4003 Fax (+971) 4 777 4100 Email incident[at]aeCERT.ae Instagram @TheUAETRA Twitter @TheUAETRA

For secure communications with aeCERT with regards to sensitive or vulnerability information please send your correspondences to incident[at]aeCERT.ae

10 | P a g e