Microsoft Patch Tuesday – February 2020
This month the vendor has patched 99 vulnerabilities, 13 of which are rated Critical.
This month the vendor has patched 99 vulnerabilities, 13 of which are rated Critical.
As always, customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the February 2020 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance
This month's update covers vulnerabilities in:
- Internet Explorer
- Edge
- ChakraCore
- Microsoft Office
- Microsoft Windows
- Microsoft Windows Kernel
- Windows Hyper-V
- Microsoft Graphics Component
- Microsoft Exchange Server
- SQL Server
The following is a breakdown of the issues being addressed this month:
-
Cumulative Security Updates for Microsoft Browsers
Scripting Engine Memory Corruption Vulnerability (CVE-2020-0673) MS Rating: Critical -
Cumulative Security Updates for Microsoft Office
Microsoft Office SharePoint XSS Vulnerability (CVE-2020-0693) MS Rating: Important -
Cumulative Security Updates for Microsoft Windows
LNK Remote Code Execution Vulnerability (CVE-2020-0729) MS Rating: Critical -
Cumulative Security Updates for Microsoft Windows Kernel
Windows Kernel Privilege Escalation Vulnerability (CVE-2020-0668) MS Rating: Important -
Cumulative Security Updates for Windows Hyper-V
Windows Hyper-V Denial of Service Vulnerability (CVE-2020-0661) MS Rating: Important -
Cumulative Security Updates for Microsoft Graphics Component
Windows Graphics Component Privilege Escalation Vulnerability (CVE-2020-0715) MS Rating: Important -
Cumulative Security Updates for Microsoft Exchange Server
Microsoft Exchange Memory Corruption Vulnerability (CVE-2020-0688) MS Rating: Important -
Security Update for SQL Server
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability (CVE-2020-0618) MS Rating: Important
More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.
We encourage you to share your thoughts on your favorite social platform.