Security News > 2020 > February > If you're running Windows, I feel bad for you, son. Microsoft's got 99 problems, better fix each one
Microsoft had one of its largest patch bundles in recent memory, as the Windows giant released fixes for 99 CVE-listed vulnerabilities.
These include two elevation of privilege bugs in Windows Installer, a security bypass in Secure Boot, and an information disclosure vulnerability in Edge and IE. Once again, Remote Desktop was cause for alarm as patches for two remote code execution flaws in the client-side of the administration tool will need to be tested and installed when possible.
Exchange admins will want to pay close attention this month, as Microsoft has posted a fix for CVE-2020-0688, a flaw that allows remote code execution by way of poisoned e-mails.
For Flash Player, the patch addresses a single arbitrary code execution flaw, CVE-2020-3757, that would allow arbitrary code execution.
With Acrobat and Reader, a total of 17 bugs are addressed on Windows and macOS. The most serious will allow for arbitrary code execution, though no exploits have been reported in the wild.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/11/patch_tuesday_february_2020/
Related news
- Microsoft: Windows 11 22H2 reaches end of support in 60 days (source)
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft retires Windows updates causing 0x80070643 errors (source)
- Microsoft removes FAT32 partition size limit in Windows 11 (source)
- Microsoft to rollout Windows Recall to Insiders in October (source)
- Microsoft to roll out Windows Recall to Insiders in October (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
- Microsoft Delays Recall Launch for Windows Insider Members Until October (source)
- Microsoft is trying to reduce Windows 11's desktop spotlight clutter (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-13 | CVE-2020-3757 | Type Confusion vulnerability in multiple products Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. | 9.3 |
| 2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |