Serviceteam IT Security News

February may be the shortest month of the year, but it brings a bumper crop of patches

This month’s Patch Tuesday is here and with it come fixes for no fewer than 99 security vulnerabilities in Windows and other Microsoft software.

Twelve flaws have received the highest severity ranking of “critical”, while 5 security holes are listed as publicly known at the time of release.

In fact, one vulnerability ticks both boxes – an actively exploited zero-day in Internet Explorer (IE). Microsoft disclosed this flaw, indexed as CVE-2020-0674, three weeks ago but didn’t roll out an official patch at the time. Successful exploitation of this remote code execution (RCE) vulnerability enables remote attackers to run code of their choice on the vulnerable system.

Per this summary by the SANS Technology Institute, another 16 RCE holes are being plugged as part of this month’s bundle of security patches. This includes two severe vulnerabilities in the Windows Remote Desktop Client, CVE-2020-0681 and CVE-2020-0734, where exploitation is seen as likely by Microsoft.

Updates have been released for various flavors of Windows, as well as for Office, Edge, Exchange Server, SQL Server and a few more products. The number of fixes this month is unusually high; for example, last month ‘only’ 49 vulnerabilities were fixed with the Patch Tuesday rollout.

The highest vulnerability score (CVSS) in this fresh update round, 8.8 out of 10, has been assigned to a memory corruption vulnerability in Windows Media Foundation. An attacker who abused this vulnerability, tracked as CVE-2020-0738, could run arbitrary code on the impacted system. A host of elevation-of-privilege and denial-of-service vulnerabilities are also being patched.

All updates are available via this Microsoft Update Catalog for all supported versions of Windows. It’s the first time that users of Windows 7 that don’t pay for extended support are out of luck after the operating system reached end of life last month.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!