A relatively modest 99-vulnerability February Patch Tuesday has arrived with a fix for the Internet Explorer 0-day CVE-2020-0674 (originally ADV200001) announced back on January 17. Fortunately, that is the only vulnerability reported this month that has been seen actively exploited in the wild. Our usual set of suspected software takes center stage today (operating systems, Internet Explorer, and Office-related software), but with some supporting cast-members in Exchange Server, and SQL Server. We also see a second consecutive special guest appearance with Adobe Flash in the form of CVE-2020-3757, a remote code execution vulnerability. So with that in mind, let's move forward with some notable entries this Patch Tuesday.
Let's talk about CVE-2020-0674. This vulnerability took advantage of memory corruption to allow arbitrary code to run in the context of the current user. With a lapse of good security hygiene, a user could be convinced to view an affected website allowing an attacker to install programs, alter data, or create new accounts with full user rights. The original workaround for this remote code execution vulnerability in the Internet Explorer scripting engine entailed restricting access to jscript.dll (not to be confused with jscript9.dll). But in order to fully remediate via patching, this workaround would need to be undon ..
Support the originator by clicking the read the rest link below.
