Preethi KorothThreat Analysis Engineer
This month the vendor has patched 99 vulnerabilities, 13 of which are rated Critical.
As always, customers are advised to follow these security best practices:
Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the February 2020 releases can be found here:https://portal.msrc.microsoft.com/en-us/security-guidance
This month's update covers vulnerabilities in:
Internet Explorer
Edge
ChakraCore
Microsoft Office
Microsoft Windows
Microsoft Windows Kernel
Windows Hyper-V
Microsoft Graphics Component
Microsoft Exchange Server
SQL Server
The following is a breakdown of the issues being addressed this month: Cumulative Security Updates for Microsoft Browsers
Scripting Engine Memory Corruption Vulnerability (CVE-2020-0673) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability (CVE-2020-0674) MS Rating: Critical
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Scripting Engine Memory Corruption Vulnerability microsoft patch tuesday february
