It’s one of the largest Patch Tuesday updates ever issued by Microsoft, and includes fixes for 12 security vulnerabilities that have been given the highest severity rating of “critical.”
Amid the updates from Microsoft is a patch for a zero-day flaw in Internet Explorer that has been actively exploited in targeted attacks.
In January, Microsoft warned that the vulnerability (known technically as CVE-2020-0674) was being actively exploited in targeted attacks against organisations.
At the time Microsoft described a “workaround” for CVE-2020-0674 that concerned users could implement while they waited for the all-important proper patch to be produced, but it later turned out that workaround was umm.. sub-optimal, as users began to see errors when they tried to print documents.
Some users believed they might be immune from the threat, as Edge has replaced Internet Explorer in the most recent versions of Windows. However, even if you don’t use Internet Explorer you can still be at risk through the way Windows handles embedded objects in Office documents.
Another critical bug addressed in the latest Microsoft update is a remote code execution vulnerability in the way Windows handles .LNK shortcut files. A similar bug was exploited by the infamous Stuxnet worm to infect the Natanz nuclear facility in Iran.
With the latest .LNK vulnerability (known as patch microsoft releases fixes security flaws being actively exploited hackers
