Microsoft Patch Tuesday Audit – February 2020

Microsoft-Patch-Tuesday-september-2020

Microsoft Fixes 99 Vulnerabilities

The February 2020 Microsoft Patch Tuesday security updates have arrived. Microsoft released fixes for 99 CVE-numbered vulnerabilities, 12 of which are classified as critical vulnerabilities.

Microsoft had one of its largest patch bundles, as the tech giant released fixes for 99 CVE-listed vulnerabilities. The good news in all of this is that updating OS, browsers, and Office will resolve most of your vulnerabilities from the Microsoft side.

Five of the bugs are listed as publicly known at the time of release, four of which are important in severity and one critical IE vulnerability that is also listed as under active attack.

Internet Explorer Zero-day Vulnerability

A critical vulnerability found in Internet Explorer (CVE-2020-0674) has been publicly disclosed and is currently being exploited in the wild.

Microsoft warned about this zero-day vulnerability in Internet Explorer (IE) browser last month, but fixes have officially been rolled out only on this month's Patch Tuesday.

This Scripting Engine Memory Corruption Vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

ESUs for Windows 7, Server 2008 and 2008 R2

Windows 7, Server 2008 and 2008 R2 Extended Security Updates are still being documented publicly, which is likely to cause some confusion. Bummer: this doesn't mean that everyone has access. You do need to meet certain criteria, which Microsoft has lined out in their Windows 7 ESU frequently asked questions.

Run the February 2020 Patch Tuesday Audit Report

Similar to previous months, we've created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible to protect Windows from security risks.

If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.

Overview: February 2020 Security Updates

Below is the full list of all vulnerabilities and released advisories in the February 2020 Patch Tuesday updates.

Affected ProductCVE CodeCVE TitleSeverity
Adobe Flash PlayerADV200003February 2020 Adobe Flash Security UpdateImportant
Internet ExplorerCVE-2020-0674Scripting Engine Memory Corruption VulnerabilityModerate
Internet ExplorerCVE-2020-0673Scripting Engine Memory Corruption VulnerabilityModerate
Microsoft EdgeCVE-2020-0663Microsoft Edge Elevation of Privilege VulnerabilityImportant
Microsoft EdgeCVE-2020-0706Microsoft Browser Information Disclosure VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-0692Microsoft Exchange Server Elevation of Privilege VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-0688Microsoft Exchange Memory Corruption VulnerabilityImportant
Microsoft Exchange ServerCVE-2020-0696Microsoft Outlook Security Feature Bypass VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0744Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0745Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0714DirectX Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0715Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0746Microsoft Graphics Components Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0709DirectX Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0792Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Malware Protection EngineCVE-2020-0733Windows Malicious Software Removal Tool Elevation of Privilege VulnerabilityImportant
Microsoft OfficeCVE-2020-0697Microsoft Office Tampering VulnerabilityImportant
Microsoft OfficeCVE-2020-0759Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-0695Microsoft Office Online Server Spoofing VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0694Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0693Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Scripting EngineCVE-2020-0713Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0711Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0710Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0712Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0767Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2020-0741Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0742Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0740Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0658Windows Common Log File System Driver Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0737Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0659Windows Data Sharing Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0739Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0757Windows SSH Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0732DirectX Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0753Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0755Windows Key Isolation Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0754Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0657Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0667Windows Search Indexer Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0743Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0666Windows Search Indexer Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0748Windows Key Isolation Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0747Windows Data Sharing Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0668Windows Kernel Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0704Windows Wireless Network Manager Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0685Windows COM Server Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0676Windows Key Isolation Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0678Windows Error Reporting Manager Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0703Windows Backup Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0680Windows Function Discovery Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0679Windows Function Discovery Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0681Remote Desktop Client Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-0677Windows Key Isolation Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0682Windows Function Discovery Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0756Windows Key Isolation Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0670Windows Kernel Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0675Windows Key Isolation Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0669Windows Kernel Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0727Connected User Experiences and Telemetry Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0671Windows Kernel Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0672Windows Kernel Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0698Windows Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0701Windows Client License Service Elevation of Privilege VulnerabilityImportant
Microsoft Windows Search ComponentCVE-2020-0735Windows Search Indexer Elevation of Privilege VulnerabilityImportant
Remote Desktop ClientCVE-2020-0734Remote Desktop Client Remote Code Execution VulnerabilityCritical
Secure BootCVE-2020-0689Microsoft Secure Boot Security Feature Bypass VulnerabilityImportant
SQL ServerCVE-2020-0618Microsoft SQL Server Reporting Services Remote Code Execution VulnerabilityImportant
Windows Authentication MethodsCVE-2020-0665Active Directory Elevation of Privilege VulnerabilityImportant
Windows COMCVE-2020-0752Windows Search Indexer Elevation of Privilege VulnerabilityImportant
Windows COMCVE-2020-0749Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Windows COMCVE-2020-0750Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Windows Hyper-VCVE-2020-0751Windows Hyper-V Denial of Service VulnerabilityImportant
Windows Hyper-VCVE-2020-0662Windows Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2020-0661Windows Hyper-V Denial of Service VulnerabilityImportant
Windows InstallerCVE-2020-0686Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0683Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0728Windows Modules Installer Service Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-0722Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0721Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0719Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0720Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0723Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0731Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0726Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0724Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0725Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0717Win32k Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-0736Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2020-0716Win32k Information Disclosure VulnerabilityImportant
Windows Kernel-Mode DriversCVE-2020-0691Win32k Elevation of Privilege VulnerabilityImportant
Windows MediaCVE-2020-0738Media Foundation Memory Corruption VulnerabilityCritical
Windows NDISCVE-2020-0705Windows Network Driver Interface Specification (NDIS) Information Disclosure VulnerabilityImportant
Windows RDPCVE-2020-0660Windows Remote Desktop Protocol (RDP) Denial of Service VulnerabilityImportant
Windows ShellCVE-2020-0702Surface Hub Security Feature Bypass VulnerabilityImportant
Windows ShellCVE-2020-0655Remote Desktop Services Remote Code Execution VulnerabilityImportant
Windows ShellCVE-2020-0730Windows User Profile Service Elevation of Privilege VulnerabilityImportant
Windows ShellCVE-2020-0729LNK Remote Code Execution VulnerabilityCritical
Windows ShellCVE-2020-0707Windows IME Elevation of Privilege VulnerabilityImportant
Windows Update StackCVE-2020-0708Windows Imaging Library Remote Code Execution VulnerabilityImportant

Source: February 2020 Security Updates - Release Notes

Receive the Latest Patch Tuesday Report for FREE Every Month

Share

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​
FREE WHITE PAPER
Why centralized IT Asset Discovery is more crucial than ever.