Microsoft Patch Tuesday February 2020

IMHO, these are the two most interesting vulnerabilities in a recent Microsoft Patch Tuesday February 2020:

  • Mysterious Windows RCE CVE-2020-0662. “To exploit the vulnerability, an attacker who has a domain user account could create a specially crafted request, causing Windows to execute arbitrary code with elevated permissions.” Without needing to directly log in to the affected device!
  • Microsoft Exchange server seizure CVE-2020-0688. By sending a malicious email message the attacker can run commands on a vulnerable Exchange server as the system user (and monitor email communications). “the attacker could completely take control of an Exchange server through a single e-mail”.

There were also RCEs in Remote Desktop (Client and Service), a third attempt to fix RCEs in Internet Explorer, Elevation of Privilege, etc. But all this stuff we see in almost every Patch Tuesday and without fully functional exploits it’s not really interesting. 🙂

Read the full reviews in Tenable and Zero Day Initiative blogs.

1 thought on “Microsoft Patch Tuesday February 2020

  1. Pingback: Microsoft Patch Tuesday March 2020: a new record was set, SMBv3 “Wormable” RCE and updates for February goldies | Alexander V. Leonov

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.