Microsoft Patch Tuesday fixes IE zero‑day and 98 other flaws

Microsoft Patch Tuesday fixes IE zero‑day and 98 other flaws

February may be the shortest month of the year, but it brings a bumper crop of patches



This month’s Patch Tuesday is here and with it come fixes for no fewer than 99 security vulnerabilities in Windows and other Microsoft software.


Twelve flaws have received the highest severity ranking of “critical”, while 5 security holes are listed as publicly known at the time of release.


In fact, one vulnerability ticks both boxes – an actively exploited zero-day in Internet Explorer (IE). Microsoft disclosed this flaw, indexed as CVE-2020-0674, three weeks ago but didn’t roll out an official patch at the time. Successful exploitation of this remote code execution (RCE) vulnerability enables remote attackers to run code of their choice on the vulnerable system.


Per this summary by the SANS Technology Institute, another 16 RCE holes are being plugged as part of this month’s bundle of security patches. This includes two severe vulnerabilities in the Windows Remote Desktop Client, CVE-2020-0681 and CVE-2020-0734, where exploitation is seen as likely by Microsoft.


Updates have been released for various flavors of Windows, as well as for Office, Edge, Exchange Server, SQL Server and a few more products. The number of fixes this m ..

Support the originator by clicking the read the rest link below.