Security News > 2020 > February > If you're running Windows, I feel bad for you, son. Microsoft's got 99 problems, better fix each one
Microsoft had one of its largest patch bundles in recent memory, as the Windows giant released fixes for 99 CVE-listed vulnerabilities.
These include two elevation of privilege bugs in Windows Installer, a security bypass in Secure Boot, and an information disclosure vulnerability in Edge and IE. Once again, Remote Desktop was cause for alarm as patches for two remote code execution flaws in the client-side of the administration tool will need to be tested and installed when possible.
Exchange admins will want to pay close attention this month, as Microsoft has posted a fix for CVE-2020-0688, a flaw that allows remote code execution by way of poisoned e-mails.
For Flash Player, the patch addresses a single arbitrary code execution flaw, CVE-2020-3757, that would allow arbitrary code execution.
With Acrobat and Reader, a total of 17 bugs are addressed on Windows and macOS. The most serious will allow for arbitrary code execution, though no exploits have been reported in the wild.
News URL
https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/11/patch_tuesday_february_2020/
Related news
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft removes Assassin’s Creed Windows 11 upgrade blocks (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- Microsoft: January Windows security updates break audio playback (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-13 | CVE-2020-3757 | Type Confusion vulnerability in multiple products Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. | 8.8 |
| 2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |