Security News > 2020 > February > If you're running Windows, I feel bad for you, son. Microsoft's got 99 problems, better fix each one
Microsoft had one of its largest patch bundles in recent memory, as the Windows giant released fixes for 99 CVE-listed vulnerabilities.
These include two elevation of privilege bugs in Windows Installer, a security bypass in Secure Boot, and an information disclosure vulnerability in Edge and IE. Once again, Remote Desktop was cause for alarm as patches for two remote code execution flaws in the client-side of the administration tool will need to be tested and installed when possible.
Exchange admins will want to pay close attention this month, as Microsoft has posted a fix for CVE-2020-0688, a flaw that allows remote code execution by way of poisoned e-mails.
For Flash Player, the patch addresses a single arbitrary code execution flaw, CVE-2020-3757, that would allow arbitrary code execution.
With Acrobat and Reader, a total of 17 bugs are addressed on Windows and macOS. The most serious will allow for arbitrary code execution, though no exploits have been reported in the wild.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/11/patch_tuesday_february_2020/
Related news
- Microsoft: Recent Windows updates cause Remote Desktop issues (source)
- Microsoft fixes printing issues caused by January Windows updates (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)
- Microsoft fixes Remote Desktop issues caused by Windows updates (source)
- Microsoft's killing script used to avoid Microsoft Account in Windows 11 (source)
- Microsoft tests new Windows 11 tool to remotely fix boot crashes (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
- Microsoft adds hotpatching support to Windows 11 Enterprise (source)
- Microsoft starts testing Windows 11 taskbar icon scaling (source)
- Windows 11 Forces Microsoft Account Sign In & Removes Bypass Trick Option (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-13 | CVE-2020-3757 | Type Confusion vulnerability in multiple products Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. | 8.8 |
| 2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |