Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Blog de Tenable

Suscribir

Microsoft’s February 2020 Patch Tuesday Addresses 99 CVEs Including Internet Explorer Zero-Day (CVE-2020-0674)

Microsoft smashes the CVE count with security patches for 99 CVEs, 12 of which are rated as critical.

Update 02/25/2020: Updated the section for CVE-2020-0688 to reflect a correction to Microsoft's original advisory description.

Microsoft addresses a staggering 99 CVEs in the February 2020 Patch Tuesday release. This update contains 17 remote code execution flaws and 12 vulnerabilities rated as critical. This month’s updates include patches for Microsoft Windows, Microsoft Office, Microsoft Edge, Internet Explorer, Microsoft Exchange Server, Microsoft SQL Server, Microsoft Office Service and Web Apps, Windows Malicious Software Removal Tool and Windows Surface Hub. The following is a breakdown of the most important CVEs from this month’s release.

CVE-2020-0673 and CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability

CVE-2020-0673 and CVE-2020-0674 are both remote code execution vulnerabilities due to the way in which the scripting engine handles objects in memory in Internet Explorer. Exploitation of these vulnerabilities could allow an attacker to corrupt memory and execute arbitrary code with the same level of privileges as the current user. CVE-2020-0674 was first noted as being exploited in the wild in January, where Microsoft released an out-of-band advisory (ADV200001). The advisory provided mitigation steps at that time. However, this month, Microsoft provided an update to correct these vulnerabilities, which modifies how the scripting engine handles objects in memory.

According to Google Project Zero researcher Maddie Stone, CVE-2020-0674 is the “3rd attempt” to patch this vulnerability after it had been patched two times before. The previous CVEs associated with this vulnerability are CVE-2019-1367 and CVE-2019-1429. CVE-2019-1367 was originally patched out-of-band in September 2019 after exploitation had been observed in the wild, while CVE-2019-1429 was patched in Microsoft’s November 2019 Patch Tuesday and also observed to be exploited in the wild.

CVE-2020-0662 | Windows Remote Code Execution Vulnerability

CVE-2020-0662 is a remote code execution vulnerability wherein an attacker with a domain account could manipulate Windows’ memory handling to execute injected code. The attacker could leverage the domain account to execute this attack from within the target network, without needing to directly log in to the affected device.

CVE-2020-0681 and CVE-2020-0734 | Remote Desktop Client Remote Code Execution Vulnerability

CVE-2020-0681 and CVE-2020-0734 are both remote code execution vulnerabilities within the Windows Remote Desktop Client. An attacker can exploit these flaws to execute arbitrary code on the connecting client. This requires the attacker to convince a user to connect to a malicious server or have control over a server that a user could be persuaded to connect to. While these CVEs are not reportedly exploited in the wild, Microsoft does rate these as Critical and label them as ‘Exploitation More Likely.’

CVE-2020-0655 | Remote Desktop Services Remote Code Execution Vulnerability

CVE-2020-0655 is a remote code execution vulnerability in Remote Desktop Services that allows an authenticated attacker to abuse clipboard redirection. If an attacker manages to successfully exploit this vulnerability, it could result in the execution of arbitrary code on the target system, allowing not only the viewing, alteration and deletion of data, but also the ability to install applications and create new users with admin-level privileges. For an attacker to exploit this vulnerability, they must already have compromised the target system running Remote Desktop Services and wait for a victim to connect to the service.

CVE-2020-0660 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability

CVE-2020-0660 is a denial of service (DoS) vulnerability in Windows RDP in which an attacker could connect to a target system using RDP while sending malicious requests in such a way that the protocol ceases to function. This could be used to stop administrators from connecting to critical infrastructure during an attack or isolate targets after infection.

CVE-2020-0688 | Microsoft Exchange Validation Key Remote Code Execution Vulnerability

CVE-2020-0688 is a remote code execution vulnerability in Microsoft Exchange server which occurs due to the server failing to create unique keys during installation. An attacker with knowledge of the validation key and a valid Exchange user account with any privileges could pass arbitrary serialized obejcts to a vulnerable Exchange server and run commands as the system user.

CVE-2020-0683 and CVE-2020-0686 | Windows Installer Elevation of Privilege Vulnerabilities

CVE-2020-0683 and CVE-2020-0686 are elevation of privilege vulnerabilities that exist in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploits this vulnerability could bypass access restrictions and add or remove files. To exploit this vulnerability, the attacker first needs to be able to log on to the target system and then execute a specially crafted application.

CVE-2020-0706 | Microsoft Browser Information Disclosure Vulnerability

CVE-2020-0706 is an information disclosure vulnerability in Microsoft browsers that affects how cross-origin requests are handled. An attacker who successfully exploits this vulnerability could ascertain the origin of all webpages visited in the vulnerable browser. For an attacker to exploit this vulnerability, they would have to insert specially crafted content on either a malicious website or a compromised website, and convince a victim to visit the malicious site and view the content.

CVE-2020-0738 | Windows Media Foundation Memory Corruption Vulnerability

CVE-2020-0738 is a memory corruption vulnerability in Windows Media Foundation. An attacker would need to trick a user into visiting a malicious webpage or open a malicious file. Once compromised, the attacker could completely modify local Windows user settings and therefore become an administrator on the target machine.

CVE-2020-0689 | Microsoft Secure Boot Security Feature Bypass Vulnerability

CVE-2020-0689 is a security feature bypass vulnerability in Microsoft’s implementation of Secure Boot. An attacker could exploit the flaw by running a specially crafted application, which would result in the bypass of secure boot, allowing the attacker to load untrusted software. Prior to applying the standalone security updates for this vulnerability, Microsoft advised the following prerequisite Servicing Stack Updates be installed.

Producto Servicing Stack Update Package Date Released
Windows Server 2012 4523208 November 2019
Windows 8.1/Server 2012 R2 4524445 November 2019
Windows 10 4523200 November 2019
Windows 10 Version 1607/Server 2016 4520724 November 2019
Windows 10 1709 4523202 November 2019
Windows 10 1803/Windows Server, version 1803 4523203 November 2019
Windows 10 1809/Server 2019 4523204 November 2019
Windows 10 1903/Windows Server, version 1903 4538674 Febrero de 2020
Windows 10 1909/Windows Server, version 1909 4538674 Febrero de 2020

CVE-2020-0757 | Windows SSH Elevation of Privilege Vulnerability

CVE-2020-0757 is an elevation of privilege vulnerability due to a flaw in how Windows handles Secure Socket Shell (SSH) remote commands. To exploit this flaw, an attacker would need to first log onto a system and execute a crafted application. This would allow an attacker to execute privileged commands with a lower-level user account.

Soluciones Tenable

Users can create scans that focus specifically on our Patch Tuesday plugins. From a new advanced scan, in the plugins tab, set an advanced filter for Plugin Name Contains February 2020.

With that filter set, click the plugin families to the left, and enable each plugin that appears on the right side. Nota: If your families on the left say Enabled, then all the plugins in that family are set. Disable the whole family before selecting the individual plugins for this scan. Here’s an example from Tenable.io:

A list of all the plugins released for Tenable’s February 2020 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

Obtenga más información

Únase al Equipo de respuesta de seguridad de Tenable en Tenable Community.

Obtenga más información sobre Tenable, la primera plataforma de Cyber Exposure para el control integral de la superficie de ataque moderna.

Obtenga una prueba gratuita por 30 días de Tenable.io Vulnerability Management.

Artículos relacionados

Noticias de ciberseguridad que le son útiles

Ingrese su correo electrónico y nunca se pierda alertas oportunas y orientación en seguridad de los expertos de Tenable.

Tenable Vulnerability Management

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable.

Su prueba de Tenable Vulnerability Management también incluye Tenable Lumin y Tenable Web App Scanning.

Tenable Vulnerability Management

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

100 activos

Seleccione su tipo de suscripción:

Comprar ahora

Tenable Vulnerability Management

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable.

Su prueba de Tenable Vulnerability Management también incluye Tenable Lumin y Tenable Web App Scanning.

Tenable Vulnerability Management

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

100 activos

Seleccione su tipo de suscripción:

Comprar ahora

Tenable Vulnerability Management

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable.

Su prueba de Tenable Vulnerability Management también incluye Tenable Lumin y Tenable Web App Scanning.

Tenable Vulnerability Management

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

100 activos

Seleccione su tipo de suscripción:

Comprar ahora

Probar Tenable Web App Scanning

Disfrute de acceso completo a nuestra última oferta de escaneo de aplicaciones web diseñada para aplicaciones modernas como parte de la plataforma Tenable One Exposure Management. Escanee de manera segura todo su portafolio en línea para detectar vulnerabilidades con alto grado de exactitud sin el esfuerzo manual intensivo ni la interrupción de aplicaciones web críticas. Registrarse ahora.

Su prueba de Tenable Web App Scanning también incluye Tenable Vulnerability Management y Tenable Lumin.

Comprar Tenable Web App Scanning

Disfrute el acceso completo a una plataforma moderna para la gestión de vulnerabilidades en la nube, que le permite ver y rastrear todos sus activos con una precisión inigualable. Compre una suscripción anual hoy mismo.

5 FQDN

USD 3578

Comprar ahora

Probar Tenable Lumin

Visualice y explore su gestión de exposición, realice un seguimiento de la reducción de riesgos a lo largo del tiempo y compárese con sus competidores con Tenable Lumin.

Su prueba de Tenable Lumin también incluye Tenable Vulnerability Management y Tenable Web App Scanning.

Comprar ahora Tenable Lumin

Póngase en contacto con un representante de ventas para saber cómo puede ayudarle Tenable Lumin a obtener información de toda su organización y gestionar el riesgo cibernético.

Probar Tenable Nessus Professional gratuitamente

GRATIS POR 7 DÍAS

Tenable Nessus es el escáner de vulnerabilidades más completo en el mercado hoy en día.

NUEVO - Tenable Nessus Expert
Ahora disponible

Nessus Expert viene con aún más funcionalidades, incluyendo escaneo de superficie de ataque externa y la capacidad de agregar dominios y escanear infraestructura en la nube. Haga clic aquí para probar Nessus Expert.

Rellene el formulario a continuación para continuar con la prueba de Nessus Pro.

Comprar Tenable Nessus Professional

Tenable Nessus es el escáner de vulnerabilidades más completo en el mercado hoy en día. Tenable Nessus Professional ayudará a automatizar el proceso de escaneo de vulnerabilidades, ahorrará tiempo en sus ciclos de cumplimiento y le permitirá involucrar a su equipo de TI.

Compre una licencia multi anual y ahorre. Agregue Soporte Avanzado para acceder a soporte por teléfono, chat y a través de la Comunidad las 24 horas del día, los 365 días del año.

Seleccione su licencia

Compre una licencia multi anual y ahorre.

Añada soporte y capacitación

Probar Tenable Nessus Expert gratuitamente

GRATIS POR 7 DÍAS

Diseñado para la superficie de ataque moderna, Nessus Expert le permite ver más y proteger a su organización contra las vulnerabilidades, desde TI hasta la nube.

¿Ya tiene Tenable Nessus Professional?
Actualice a Nessus Expert gratuitamente por 7 días.

Comprar Tenable Nessus Expert

Diseñado para la superficie de ataque moderna, Nessus Expert le permite ver más y proteger a su organización contra las vulnerabilidades, desde TI hasta la nube.

Seleccione su licencia

Compre una licencia plurianual y ahorre más.

Añada soporte y capacitación