Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Patch Tuesday February 2020

February's Patch Tuesday is here and brings with it patches for 98 CVEs. These are split between 13 CVEs rated as "Critical" and 85 CVEs rated as "Important." Among the "Critical" patches, Remote Code Execution (RCE) vulnerabilities in the Scripting Engine make up more than half of the list. It's a regular piece of software patched pretty much every Patch Tuesday. Still, extra attention is currently on the Scripting Engine after a zero-day exploit (CVE-2020-0674) was discovered compromising systems just after January's Patch Tuesday. Closing out the "Critical" list are RCE vulnerabilities in Remote Desktop, Media Foundation, and LNK shortcuts.

The theme of the vulnerabilities in the list ranked as "Important" is "Privilege Escalation," with that class of vulnerability representing a full 53 out 85 patched. Privilege escalation vulnerabilities are a cornerstone of system exploitation. It allows an attacker to go from using just a regular "Joe User" account to full system ownership, potentially gaining administrative access to the entire network. Also included under "Important" are Remote Code Execution vulnerabilities in the Office Suite, MS Exchange, and MS-SQL server, as well as Denial of Service vulnerabilities in Windows Hyper-V.

Luckily, none of these vulnerabilities have any in the wild exploitation, so administrators have plenty of time to get the proper patches in place before there is public exploitation. So let's get patching and, as always, stay safe out there!

 

Critical

LNK Remote Code Execution Vulnerability
CVE-2020-0729
Remote Code Execution

Media Foundation Memory Corruption Vulnerability
CVE-2020-0738
Remote Code Execution

Remote Desktop Client Remote Code Execution Vulnerability
CVE-2020-0681, CVE-2020-0734
Remote Code Execution

Scripting Engine Memory Corruption Vulnerability
CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767
Remote Code Execution

Windows Remote Code Execution Vulnerability
CVE-2020-0662
Remote Code Execution

February 2020 Adobe Flash Security Update
ADV200003
Remote Code Execution

 

Important

Active Directory Elevation of Privilege Vulnerability
CVE-2020-0665
Elevation of Privilege

Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2020-0740, CVE-2020-0741, CVE-2020-0742, CVE-2020-0743, CVE-2020-0749, CVE-2020-0750
Elevation of Privilege

Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-0727
Elevation of Privilege

DirectX Elevation of Privilege Vulnerability
CVE-2020-0709, CVE-2020-0732
Elevation of Privilege

DirectX Information Disclosure Vulnerability
CVE-2020-0714
Information Disclosure

Microsoft Browser Information Disclosure Vulnerability
CVE-2020-0706
Information Disclosure

Microsoft Edge Elevation of Privilege Vulnerability
CVE-2020-0663
Elevation of Privilege

Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-0759
Remote Code Execution

Microsoft Exchange Memory Corruption Vulnerability
CVE-2020-0688
Remote Code Execution

Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2020-0692
Elevation of Privilege

Microsoft Graphics Components Information Disclosure Vulnerability
CVE-2020-0746
Information Disclosure

Microsoft Office Online Server Spoofing Vulnerability
CVE-2020-0695
Spoofing

Microsoft Office SharePoint XSS Vulnerability
CVE-2020-0694
Spoofing

Microsoft Office Tampering Vulnerability
CVE-2020-0697
Tampering

Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2020-0696
Security Feature Bypass

Microsoft Secure Boot Security Feature Bypass Vulnerability
CVE-2020-0689
Security Feature Bypass

Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
CVE-2020-0618
Remote Code Execution

Remote Desktop Services Remote Code Execution Vulnerability
CVE-2020-0655
Remote Code Execution

Win32k Elevation of Privilege Vulnerability
CVE-2020-0691, CVE-2020-0719, CVE-2020-0720, CVE-2020-0721, CVE-2020-0722, CVE-2020-0723, CVE-2020-0724, CVE-2020-0725, CVE-2020-0726, CVE-2020-0731
Elevation of Privilege

Win32k Information Disclosure Vulnerability
CVE-2020-0716, CVE-2020-0717
Information Disclosure

Windows Backup Service Elevation of Privilege Vulnerability
CVE-2020-0703
Elevation of Privilege

Windows Client License Service Elevation of Privilege Vulnerability
CVE-2020-0701
Elevation of Privilege

Windows COM Server Elevation of Privilege Vulnerability
CVE-2020-0685
Elevation of Privilege

Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-0657
Elevation of Privilege

Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2020-0658
Information Disclosure

Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2020-0659, CVE-2020-0747
Elevation of Privilege

Windows Elevation of Privilege Vulnerability
CVE-2020-0737, CVE-2020-0739
Elevation of Privilege

Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-0753, CVE-2020-0754
Elevation of Privilege

Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2020-0678
Elevation of Privilege

Windows Function Discovery Service Elevation of Privilege Vulnerability
CVE-2020-0679, CVE-2020-0680, CVE-2020-0682
Elevation of Privilege

Windows GDI Information Disclosure Vulnerability
CVE-2020-0744
Information Disclosure

Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-0715, CVE-2020-0745, CVE-2020-0792
Elevation of Privilege

Windows Hyper-V Denial of Service Vulnerability
CVE-2020-0661, CVE-2020-0751
Denial of Service

Windows Imaging Library Remote Code Execution Vulnerability
CVE-2020-0708
Remote Code Execution

Windows IME Elevation of Privilege Vulnerability
CVE-2020-0707
Elevation of Privilege

Windows Information Disclosure Vulnerability
CVE-2020-0698
Information Disclosure

Windows Installer Elevation of Privilege Vulnerability
CVE-2020-0683, CVE-2020-0686
Elevation of Privilege

Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0668, CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672
Elevation of Privilege

Windows Kernel Information Disclosure Vulnerability
CVE-2020-0736
Information Disclosure

Windows Key Isolation Service Information Disclosure Vulnerability
CVE-2020-0675, CVE-2020-0676, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756
Information Disclosure

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
CVE-2020-0733
Elevation of Privilege

Windows Modules Installer Service Information Disclosure Vulnerability
CVE-2020-0728
Information Disclosure

Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
CVE-2020-0705
Information Disclosure

Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2020-0660
Denial of Service

Windows Search Indexer Elevation of Privilege Vulnerability
CVE-2020-0666, CVE-2020-0667, CVE-2020-0735, CVE-2020-0752
Elevation of Privilege

Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2020-0730
Elevation of Privilege

Windows Wireless Network Manager Elevation of Privilege Vulnerability
CVE-2020-0704
Elevation of Privilege

Microsoft Office SharePoint XSS Vulnerability
CVE-2020-0693
Spoofing

Surface Hub Security Feature Bypass Vulnerability
CVE-2020-0702
Security Feature Bypass

Latest SpiderLabs Blogs

Zero Trust Essentials

This is Part 5 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

Read More

Why We Should Probably Stop Visually Verifying Checksums

Hello there! Thanks for stopping by. Let me get straight into it and start things off with what a checksum is to be inclusive of all audiences here, from Wikipedia [1]:

Read More

Agent Tesla's New Ride: The Rise of a Novel Loader

Malware loaders, critical for deploying malware, enable threat actors to deliver and execute malicious payloads, facilitating criminal activities like data theft and ransomware. Utilizing advanced...

Read More