Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable 博客

订阅

Microsoft’s February 2020 Patch Tuesday Addresses 99 CVEs Including Internet Explorer Zero-Day (CVE-2020-0674)

Microsoft smashes the CVE count with security patches for 99 CVEs, 12 of which are rated as critical.

Update 02/25/2020: Updated the section for CVE-2020-0688 to reflect a correction to Microsoft's original advisory description.

Microsoft addresses a staggering 99 CVEs in the February 2020 Patch Tuesday release. This update contains 17 remote code execution flaws and 12 vulnerabilities rated as critical. This month’s updates include patches for Microsoft Windows, Microsoft Office, Microsoft Edge, Internet Explorer, Microsoft Exchange Server, Microsoft SQL Server, Microsoft Office Service and Web Apps, Windows Malicious Software Removal Tool and Windows Surface Hub. The following is a breakdown of the most important CVEs from this month’s release.

CVE-2020-0673 and CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability

CVE-2020-0673 and CVE-2020-0674 are both remote code execution vulnerabilities due to the way in which the scripting engine handles objects in memory in Internet Explorer. Exploitation of these vulnerabilities could allow an attacker to corrupt memory and execute arbitrary code with the same level of privileges as the current user. CVE-2020-0674 was first noted as being exploited in the wild in January, where Microsoft released an out-of-band advisory (ADV200001). The advisory provided mitigation steps at that time. However, this month, Microsoft provided an update to correct these vulnerabilities, which modifies how the scripting engine handles objects in memory.

According to Google Project Zero researcher Maddie Stone, CVE-2020-0674 is the “3rd attempt” to patch this vulnerability after it had been patched two times before. The previous CVEs associated with this vulnerability are CVE-2019-1367 and CVE-2019-1429. CVE-2019-1367 was originally patched out-of-band in September 2019 after exploitation had been observed in the wild, while CVE-2019-1429 was patched in Microsoft’s November 2019 Patch Tuesday and also observed to be exploited in the wild.

CVE-2020-0662 | Windows Remote Code Execution Vulnerability

CVE-2020-0662 is a remote code execution vulnerability wherein an attacker with a domain account could manipulate Windows’ memory handling to execute injected code. The attacker could leverage the domain account to execute this attack from within the target network, without needing to directly log in to the affected device.

CVE-2020-0681 and CVE-2020-0734 | Remote Desktop Client Remote Code Execution Vulnerability

CVE-2020-0681 and CVE-2020-0734 are both remote code execution vulnerabilities within the Windows Remote Desktop Client. An attacker can exploit these flaws to execute arbitrary code on the connecting client. This requires the attacker to convince a user to connect to a malicious server or have control over a server that a user could be persuaded to connect to. While these CVEs are not reportedly exploited in the wild, Microsoft does rate these as Critical and label them as ‘Exploitation More Likely.’

CVE-2020-0655 | Remote Desktop Services Remote Code Execution Vulnerability

CVE-2020-0655 is a remote code execution vulnerability in Remote Desktop Services that allows an authenticated attacker to abuse clipboard redirection. If an attacker manages to successfully exploit this vulnerability, it could result in the execution of arbitrary code on the target system, allowing not only the viewing, alteration and deletion of data, but also the ability to install applications and create new users with admin-level privileges. For an attacker to exploit this vulnerability, they must already have compromised the target system running Remote Desktop Services and wait for a victim to connect to the service.

CVE-2020-0660 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability

CVE-2020-0660 is a denial of service (DoS) vulnerability in Windows RDP in which an attacker could connect to a target system using RDP while sending malicious requests in such a way that the protocol ceases to function. This could be used to stop administrators from connecting to critical infrastructure during an attack or isolate targets after infection.

CVE-2020-0688 | Microsoft Exchange Validation Key Remote Code Execution Vulnerability

CVE-2020-0688 is a remote code execution vulnerability in Microsoft Exchange server which occurs due to the server failing to create unique keys during installation. An attacker with knowledge of the validation key and a valid Exchange user account with any privileges could pass arbitrary serialized obejcts to a vulnerable Exchange server and run commands as the system user.

CVE-2020-0683 and CVE-2020-0686 | Windows Installer Elevation of Privilege Vulnerabilities

CVE-2020-0683 and CVE-2020-0686 are elevation of privilege vulnerabilities that exist in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploits this vulnerability could bypass access restrictions and add or remove files. To exploit this vulnerability, the attacker first needs to be able to log on to the target system and then execute a specially crafted application.

CVE-2020-0706 | Microsoft Browser Information Disclosure Vulnerability

CVE-2020-0706 is an information disclosure vulnerability in Microsoft browsers that affects how cross-origin requests are handled. An attacker who successfully exploits this vulnerability could ascertain the origin of all webpages visited in the vulnerable browser. For an attacker to exploit this vulnerability, they would have to insert specially crafted content on either a malicious website or a compromised website, and convince a victim to visit the malicious site and view the content.

CVE-2020-0738 | Windows Media Foundation Memory Corruption Vulnerability

CVE-2020-0738 is a memory corruption vulnerability in Windows Media Foundation. An attacker would need to trick a user into visiting a malicious webpage or open a malicious file. Once compromised, the attacker could completely modify local Windows user settings and therefore become an administrator on the target machine.

CVE-2020-0689 | Microsoft Secure Boot Security Feature Bypass Vulnerability

CVE-2020-0689 is a security feature bypass vulnerability in Microsoft’s implementation of Secure Boot. An attacker could exploit the flaw by running a specially crafted application, which would result in the bypass of secure boot, allowing the attacker to load untrusted software. Prior to applying the standalone security updates for this vulnerability, Microsoft advised the following prerequisite Servicing Stack Updates be installed.

产品 Servicing Stack Update Package Date Released
Windows Server 2012 4523208 November 2019
Windows 8.1/Server 2012 R2 4524445 November 2019
Windows 10 4523200 November 2019
Windows 10 Version 1607/Server 2016 4520724 November 2019
Windows 10 1709 4523202 November 2019
Windows 10 1803/Windows Server, version 1803 4523203 November 2019
Windows 10 1809/Server 2019 4523204 November 2019
Windows 10 1903/Windows Server, version 1903 4538674 February 2020
Windows 10 1909/Windows Server, version 1909 4538674 February 2020

CVE-2020-0757 | Windows SSH Elevation of Privilege Vulnerability

CVE-2020-0757 is an elevation of privilege vulnerability due to a flaw in how Windows handles Secure Socket Shell (SSH) remote commands. To exploit this flaw, an attacker would need to first log onto a system and execute a crafted application. This would allow an attacker to execute privileged commands with a lower-level user account.

Tenable 解决方案

Users can create scans that focus specifically on our Patch Tuesday plugins. From a new advanced scan, in the plugins tab, set an advanced filter for Plugin Name Contains February 2020.

With that filter set, click the plugin families to the left, and enable each plugin that appears on the right side. 注:If your families on the left say Enabled, then all the plugins in that family are set. Disable the whole family before selecting the individual plugins for this scan. Here’s an example from Tenable.io:

A list of all the plugins released for Tenable’s February 2020 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

获取更多信息

加入 Tenable Community 中的 Tenable 安全响应团队

了解有关 Tenable 这款首创 Cyber Exposure 平台的更多信息,全面管理现代攻击面。

获取 30 天免费试用版 Tenable.io Vulnerability Management

相关文章

您是否易受最新漏洞利用的攻击?

输入您的电子邮件以在收件箱中接收最新的 Cyber Exposure 警报。

tenable.io

可全面访问基于云的现代化漏洞管理平台,从而以无可比拟的精确度发现并追踪所有资产。

Tenable.io Vulnerability Management 试用版还包括 Tenable Lumin、Tenable.io Web Application Scanning 和 Tenable.cs Cloud Security。

tenable.io 购买

可全面访问基于云的现代化漏洞管理平台,从而以无可比拟的精确度发现并追踪所有资产。 立即购买年度订阅。

65 项资产

选择您的订阅选项:

立即购买

免费试用 Nessus Professional

免费试用 7 天

Nessus® 是当今市场上功能最全面的漏洞扫描器。Nessus Professional 可帮助自动化漏洞扫描流程、节省合规周期的时间,并让您调动起 IT 团队的积极性。

购买 Nessus Professional

Nessus® 是当今市场上功能最全面的漏洞扫描器。Nessus Professional 可帮助自动化漏洞扫描流程、节省合规周期的时间,并让您调动起 IT 团队的积极性。

购买多年期许可,即享优惠价格添加高级支持功能,获取一年 365 天、一天 24 小时的电话、社区和聊天支持。

选择您的许可证

购买多年期许可,即享优惠价格

添加支持和培训

Tenable.io

可全面访问基于云的现代化漏洞管理平台,从而以无可比拟的精确度发现并追踪所有资产。

Tenable.io Vulnerability Management 试用版还包括 Tenable Lumin、Tenable.io Web Application Scanning 和 Tenable.cs Cloud Security。

Tenable.io 购买

可全面访问基于云的现代化漏洞管理平台,从而以无可比拟的精确度发现并追踪所有资产。 立即购买年度订阅。

65 项资产

选择您的订阅选项:

立即购买

试用 Tenable.io Web Application Scanning

完整享有专为现代化应用程序而设、属于 Tenable.io 平台组成部分的最新 Web 应用程序扫描功能。可安全扫描全部在线资产组合的漏洞,具有高度准确性,而且无需繁重的手动操作或中断关键的 Web 应用程序。 立即注册。

Tenable Web Application Scanning 试用版还包括 Tenable.io Vulnerability Management、Tenable Lumin 和 Tenable.cs Cloud Security。

购买 Tenable.io Web Application Scanning

可全面访问基于云的现代化漏洞管理平台,从而以无可比拟的精确度发现并追踪所有资产。 立即购买年度订阅。

5 个 FQDN

$3,578

立即购买

试用 Tenable.io Container Security

完整获得已集成至漏洞管理平台之唯一容器安全产品的功能。监控容器映像中的漏洞、恶意软件和策略违规。与持续集成和持续部署 (CI/CD) 系统进行整合,以支持 DevOps 实践、增强安全性并支持企业政策合规。

购买 Tenable.io Container Security

Tenable.io Container Security 经由与构建流程的集成,可供全面了解容器映像的安全性,包括漏洞、恶意软件和策略违规,借以无缝且安全地启用 DevOps 流程。

试用 Tenable Lumin

通过 Tenable Lumin 直观呈现及探索 Cyber Exposure,长期追踪风险降低状况,并比照同行业者进行基准度量。

Tenable Lumin 试用版还包括 Tenable.io Vulnerability Management、Tenable.io Web Application Scanning 和 Tenable.cs Cloud Security。

购买 Tenable Lumin

联系销售代表,了解 Lumin 如何帮助获取整个企业的洞见并管理网络安全风险。

试用 Tenable.cs

获取检测和修复云基础设施错误配置以及查看运行时漏洞的完全访问权限。立即注册,免费试用。

Tenable.cs Cloud Security 试用版还包括 Tenable.io Vulnerability Management、Tenable Lumin 和 Tenable.io Web Application Scanning。

联系销售代表购买 Tenable.cs

联系销售代表,了解有关 Tenable.cs 云安全的更多信息,并了解如何轻松加入您的云帐户,并在几分钟内获得云错误配置和漏洞的可见性。

免费试用 Nessus Expert

免费试用 7 天

Nessus Expert 针对现代攻击面而量身打造,可以查看更多信息,保护企业免遭从 IT 到云中漏洞的攻击。

已经有 Nessus Professional?
免费升级到 Nessus Expert 7 天。

购买 Nessus Expert

Nessus Expert 针对现代攻击面而量身打造,可以查看更多信息,保护企业免遭从 IT 到云中漏洞的攻击。

选择您的许可证

促销价格延长到12 月 31 日。
购买多年许可证,节省幅度更大。

添加支持和培训