Microsoft Patch Tuesday February 2020 releases patch for 99 security flaws

Microsoft has released its patches for the February Patch Tuesday which includes patches for an alarming count of 99 vulnerabilities, making it the biggest Patch Tuesday till date. Out of those 99 vulnerabilities, 12 were marked critical, 87 were mentioned as important.

This Microsoft Patch Tuesday February 2020 has patched a zero-day exploit in Internet Explorer.

Microsoft Patch Tuesday February 2020 with 12 critical vulnerabilities

One critical vulnerability is the Internet Explorer zero-day vulnerability with identifier CVE-2020-0674 that was reported last month. Microsoft did release a security advisory for this vulnerability earlier and has now patched the same. Apart from this vulnerability, 11 others were marked critical for remote code execution and memory corruption which needs to be patched as soon as possible.

The second critical flaw is RCE flaw with identifier CVE-2020-0662, which will allow an attacker with domain user account can own elevated permissions to run arbitrary codes on the targeted devices. While the third and fourth vulnerabilities exist in Remote Desktop Client and are wormable ones that can be used to breach into the systems while they connect with a malicious server. They are marked as CVE-2020-0681/ CVE-2020-0734. The connection to the malicious server can be achieved using social engineering techniques or Man-in-the-Middle(MITM) attacks.

Fifth vulnerability CVE-2020-0729 is again an arbitrary code flaw that exits in the Windows OS while parsing the LNK shortcuts, allowing attackers to take complete control of the same. Sixth exploit is a critical security feature bypass CVE-2020-0689 that would allow hackers to bypass the secure boot feature and run anonymous applications on the system. 

Apart from the above mentioned critical flaws, the remaining six vulnerabilities are issues with memory corruption in Chakra script engine, Internet Explorer and Edge, while few are privilege escalation vulnerabilities allowing attackers to run arbitrary codes in kernel mode. Adobe also patched five of its applications in Patch Tuesday February 2020.

Microsoft Patch Tuesday February 2020: The biggest Patch Tuesday in history

Users, IT administrators and technicians are requested to patch the 99 security flaws as soon as possible and do not ignore the vulnerabilities slightly. Vulnerabilities are the loopholes behind most of the cyberattacks. Patch the systems on time to keep the attacks on bay.

Personal computers can be patched using Windows updates. If you have turned OFF the automatic updates, please do the same manually by navigating to Update and Security and Installing the updates. In case of IT administrators, an automated patch deployment system should do the essentials.

Read Microsoft’s Patch Tuesday 2020 security guidance here.