It’s one of the largest Patch Tuesday updates ever issued by Microsoft, and includes fixes for 12 security vulnerabilities that have been given the highest severity rating of “critical.”
The clock is ticking. IT teams should waste no time in readying themselves for a roll-out across the Windows computers for which they’re responsible.
Microsoft February 2020 Patch Tuesday updates address a total of 99 new vulnerabilities, including an Internet Explorer zero-day exploited in the wild.
Microsoft has released the Patch Tuesday updates for February 2020 that address a total of 99 vulnerabilities, including an Internet Explorer zero-day tracked as CVE-2020-0674 reportedly exploited by the APT group.
In January, Microsoft has published a security advisory (ADV200001) that includes mitigations for the CVE-2020-0674 zero-day remote code execution (RCE) flaw.
“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.” reads the advisory published by Microsoft. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
An attacker could exploit the flaw to can gain the same user permissions as the user logged into the compromised Windows device. If the user is logged on with administrative permissions, the attacker can exploit the flaw to take full control of the system.
The CVE-2020-0674 flaw could be triggered by tricking victims into visiting a website hosting a specially crafted content designed to exploit the issue through Internet Explorer.
Microsoft announced that it was working on a p
The flaw was reported by Google’s Threat Analysis Group and Chinese
The first Darkhotel espionage campaign was spotted by experts at Kaspersky Lab in late 2014, according to the researchers the APT group has been around for nearly a decade while targeting selected corporate executives traveling abroad. According to the
According to the experts, threat actors behind the Darkhotel campaign aimed to steal sensitive data from executives while they are staying in luxury hotels, the worrying news is that the hacking crew is still active.
The attackers appeared high skilled professionals that exfiltrated data of interest with a surgical precision and deleting any trace of their activity. The researchers noticed that the gang never go after the same target twice. The list of targets includes CEOs, senior vice presidents, top R&D engineers, sales and marketing directors from the USA and Asia traveling for business in the APAC region.
Security researchers believe the APT group is a N
12 of the total vulnerabilities fixed by Microsoft this month are rated as critical in severity, and the remaining ones have been rated as important.
Microsoft Patch Tuesday updates for February 2020 also address four important-severity vulnerabilities, two privilege escalation flaws in Windows, an information disclosure bug affecting IE and Edge, and a secure boot bypass method. All four flaws have been p
Ad usual let me suggest to give a look at the analysis of the security updates made by Trend Micro’s Zero Day Initiative (ZDI).
(SecurityAffairs – Patch Tuesday updates for February 2020 , hacking)
The post Microsoft Patch Tuesday updates for February 2020 fix IE 0day flaw appeared first on Security Affairs.
February 2020 Patch Tuesday is here. To mark the occasion, Microsoft has released fixes for 99 vulnerabilities – 12 critical, one of which is being exploited in the wild – and Adobe 42, most of which are critical and none actively exploited. Adobe patches Security updates have been provided for various products: Framemaker, a document processor designed for writing and editing large or complex documents Acrobat and Reader (for PDF file creation, encryption, publishing, viewing, … More
The post February 2020 Patch Tuesday: Microsoft fixes 99 vulnerabilities, Adobe 42 appeared first on Help Net Security.
The January 2020 Patch Tuesday was a light one as predicted; everyone was still catching up from the end-of-year holidays. As we gain momentum into February and move towards Valentine’s Day, I anticipate Microsoft, and at least Mozilla, will give plenty of love and attention to their applications and operating systems. LDAP Microsoft had announced back in August with Advisory 190023 that they were planning several updates to their implementation of the Lightweight Directory Access … More
The post February 2020 Patch Tuesday forecast: A lot of love coming our way appeared first on Help Net Security.
At 11am PST (7pm UK), Microsoft will release its last ever Patch Tuesday updates for Windows 7. After today, Microsoft says it won’t release any more security patches for the ageing operating system.