Table of Contents
Why you need this article
On Tuesday (2/11/2020) Microsoft released a litany (99 to be exact) of security fixes bundled in a new patch designed to resolve a number of security vulnerabilities. Additionally, an Enablement Package is included which unlocks some new and exciting features.
Titled: KB4532693 (OS Builds 18362.657 and 18363.657)
About The Update
The update patch released Tuesday focuses very heavily on fixes for Zero day vulnerabilities and Internet Explorer. Every part of this patch is security related so it’s highly advised that you allow this one to be installed. While the update doesn’t need any user intervention to install, checking for updates to make sure you are ‘Up to Date’ and no updates are pending is a great idea. Microsoft currently isn’t aware of any known issues in these two patches, so they should be pretty safe to install for everyone.
With the release of the February 2020 security updates, Microsoft has released one advisory for Flash Player and fixes for 99 vulnerabilities in Microsoft products. Of these vulnerabilities, 10 are classified as Critical, 87 as Important, and 2 as Moderate.
Critical, Important, Moderate
So what's the difference? Microsoft uses a number of terms when defining the class or necessity of an update. For the most part these descriptions are relatively simple to understand but once you get to Security updates it's important to know exactly which updates are the most needed.
See below for a quick and dirty run-down of each type, directly from Microsoft.
Priority One
Earlier this year Microsoft released an advisory about an Internet Explorer zero-day vulnerability (CVE-2020-0674) that was recorded publicly exploiting users. Tuesday's update includes a security update that directly addresses this vulnerability.
CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked "safe for initialization" in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
Published: 02/11/2020 | Last Updated : 02/12/2020
Microsoft
Critical Patches
In addition to the CVE-2020-0674 IE vulnerability, Microsoft states that three other vulnerabilities were publicly disclosed but not exploited in the wild (as far as they know).
These vulnerabilities are:
- CVE-2020-0683 – Windows Installer Elevation of Privilege Vulnerability
- CVE-2020-0686 – Windows Installer Elevation of Privilege Vulnerability
- CVE-2020-0706 – Microsoft Browser Information Disclosure Vulnerability
Image1
This update also includes another 'Enablement Package'. 'Enablement Packages' are detailed in New Features You Should Be Excited About in Windows 10 1909
Enablement Package
Windows 10, versions 1903 and 1909 share a common core operating system and an identical set of system files. As a result, the new features in Windows 10, version 1909 were included in the monthly quality update for Windows 10, version 1903 (released October 8, 2019), but were in a dormant state. These new features will remain dormant until they are turned on using an enablement package, which is a small, quick-to-install “master switch” that simply activates the Windows 10, version 1909 features.
Included in the latest Enablement Package are the following "Improvements and Fixes"
- Improves the installation experience when updating to Windows 10, version 1903.
- Updates to improve security when using Internet Explorer and Microsoft Edge.
- Updates to improve security when using Microsoft Office products.
- Updates to improve security when using input devices such as a mouse, keyboard, or stylus.
Security Patch List
Microsoft released the entire list, Click Here to expand the list and see every security patch and the severity
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
Adobe Flash Player | ADV200003 | February 2020 Adobe Flash Security Update | Important |
Internet Explorer | CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability | Moderate |
Internet Explorer | CVE-2020-0673 | Scripting Engine Memory Corruption Vulnerability | Moderate |
Microsoft Edge | CVE-2020-0663 | Microsoft Edge Elevation of Privilege Vulnerability | Important |
Microsoft Edge | CVE-2020-0706 | Microsoft Browser Information Disclosure Vulnerability | Important |
Microsoft Exchange Server | CVE-2020-0692 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
Microsoft Exchange Server | CVE-2020-0688 | Microsoft Exchange Memory Corruption Vulnerability | Important |
Microsoft Exchange Server | CVE-2020-0696 | Microsoft Outlook Security Feature Bypass Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0744 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0745 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0714 | DirectX Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0715 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0746 | Microsoft Graphics Components Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0709 | DirectX Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0792 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Malware Protection Engine | CVE-2020-0733 | Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | Important |
Microsoft Office | CVE-2020-0697 | Microsoft Office Tampering Vulnerability | Important |
Microsoft Office | CVE-2020-0759 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2020-0695 | Microsoft Office Online Server Spoofing Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-0694 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-0693 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Scripting Engine | CVE-2020-0713 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0711 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0710 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0712 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0767 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Windows | CVE-2020-0741 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0742 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0740 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0658 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0737 | Windows Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0659 | Windows Data Sharing Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0739 | Windows Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0757 | Windows SSH Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0732 | DirectX Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0753 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0755 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0754 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0657 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0667 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0743 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0666 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0748 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0747 | Windows Data Sharing Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0668 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0704 | Windows Wireless Network Manager Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0685 | Windows COM Server Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0676 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0678 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0703 | Windows Backup Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0680 | Windows Function Discovery Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0679 | Windows Function Discovery Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0681 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
Microsoft Windows | CVE-2020-0677 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0682 | Windows Function Discovery Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0756 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0670 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0675 | Windows Key Isolation Service Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0669 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0727 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0671 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0672 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0698 | Windows Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0701 | Windows Client License Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows Search Component | CVE-2020-0735 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
Remote Desktop Client | CVE-2020-0734 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
Secure Boot | CVE-2020-0689 | Microsoft Secure Boot Security Feature Bypass Vulnerability | Important |
SQL Server | CVE-2020-0618 | Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability | Important |
Windows Authentication Methods | CVE-2020-0665 | Active Directory Elevation of Privilege Vulnerability | Important |
Windows COM | CVE-2020-0752 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
Windows COM | CVE-2020-0749 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
Windows COM | CVE-2020-0750 | Connected Devices Platform Service Elevation of Privilege Vulnerability | Important |
Windows Hyper-V | CVE-2020-0751 | Windows Hyper-V Denial of Service Vulnerability | Important |
Windows Hyper-V | CVE-2020-0662 | Windows Remote Code Execution Vulnerability | Critical |
Windows Hyper-V | CVE-2020-0661 | Windows Hyper-V Denial of Service Vulnerability | Important |
Windows Installer | CVE-2020-0686 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2020-0683 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2020-0728 | Windows Modules Installer Service Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2020-0722 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-0721 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-0719 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-0720 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-0723 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-0731 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-0726 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-0724 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-0725 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-0717 | Win32k Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2020-0736 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2020-0716 | Win32k Information Disclosure Vulnerability | Important |
Windows Kernel-Mode Drivers | CVE-2020-0691 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Media | CVE-2020-0738 | Media Foundation Memory Corruption Vulnerability | Critical |
Windows NDIS | CVE-2020-0705 | Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability | Important |
Windows RDP | CVE-2020-0660 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important |
Windows Shell | CVE-2020-0702 | Surface Hub Security Feature Bypass Vulnerability | Important |
Windows Shell | CVE-2020-0655 | Remote Desktop Services Remote Code Execution Vulnerability | Important |
Windows Shell | CVE-2020-0730 | Windows User Profile Service Elevation of Privilege Vulnerability | Important |
Windows Shell | CVE-2020-0729 | LNK Remote Code Execution Vulnerability | Critical |
Windows Shell | CVE-2020-0707 | Windows IME Elevation of Privilege Vulnerability | Important |
Windows Update Stack | CVE-2020-0708 | Windows Imaging Library Remote Code Execution Vulnerability | Important |
Need help with your Puget Systems PC?
If something is wrong with your Puget Systems PC. We are readily accessible, and our support team comes from a wide range of technological backgrounds to better assist you!
Looking for more support guides?
If you are looking for a solution to a problem you are having with your PC, we also have a number of other support guides that may be able to assist you with other issues.