Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft Patch Tuesday for February 2020 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Patch Tuesday for February 2020

This month we got patches for 99 vulnerabilities total. Five of them have been previously disclosed, and one was being exploited, according to Microsoft. 

One of the patches fixes the CVE-2020-0674, a 0-day affecting Script Engine on Internet Explorer that has been exploited in the wild. Microsoft released an out-of-band advisory for this vulnerability on Jan, 17 ADV200001 [1] suggesting mitigations for the vulnerability - now fixed. The vulnerability could allow a malicious content to corrupt the memory in such a way an attacker could execute arbitrary code in the context of the current user. 

Among the other 16 RCE vulnerabilities, it's worth also mentioning CVE-2020-0738, a memory corruption vulnerability in Media Foundation. An attacker who successfully exploited the vulnerability could allow an attacker to run arbitrary code on the impacted system. The CVSS v3 for this vulnerability is 8.80 - the highest for this month's Patch Tuesday. 

It's also worth mentioning an elevation of privilege vulnerability affecting Windows SSH (CVE-2020-0757). The way Windows improperly handles Security Shell remote commands may allow an attacker to exploit the vulnerability and run arbitrary code with elevated privileges. To exploit the vulnerability, the attacker would first log into the system and run a specially crafted application. 

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Active Directory Elevation of Privilege Vulnerability
CVE-2020-0665 No No - - Important 6.6 5.9
Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2020-0740 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0741 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0742 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0743 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0749 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0750 No No Less Likely Less Likely Important 7.8 7.0
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-0727 No No Less Likely Less Likely Important 7.8 7.0
DirectX Elevation of Privilege Vulnerability
CVE-2020-0709 No No - - Important 7.0 6.3
CVE-2020-0732 No No - - Important 7.0 6.3
DirectX Information Disclosure Vulnerability
CVE-2020-0714 No No Less Likely Less Likely Important 4.7 4.2
February 2020 Adobe Flash Security Update
ADV200003 No No - - Important    
LNK Remote Code Execution Vulnerability
CVE-2020-0729 No No Less Likely Less Likely Critical 7.5 6.7
Media Foundation Memory Corruption Vulnerability
CVE-2020-0738 No No Less Likely Less Likely Critical 8.8 7.9
Microsoft Browser Information Disclosure Vulnerability
CVE-2020-0706 Yes No Less Likely Less Likely Important 4.3 3.9
Microsoft Edge Elevation of Privilege Vulnerability
CVE-2020-0663 No No - - Important 4.2 3.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-0759 No No Less Likely Less Likely Important    
Microsoft Exchange Memory Corruption Vulnerability
CVE-2020-0688 No No More Likely More Likely Important    
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2020-0692 No No More Likely More Likely Important    
Microsoft Graphics Components Information Disclosure Vulnerability
CVE-2020-0746 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Office Online Server Spoofing Vulnerability
CVE-2020-0695 No No - - Important    
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-0693 No No Less Likely Less Likely Important    
CVE-2020-0694 No No Less Likely Less Likely Important    
Microsoft Office Tampering Vulnerability
CVE-2020-0697 No No - - Important    
Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2020-0696 No No Less Likely Less Likely Important    
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
CVE-2020-0618 No No - - Important    
Microsoft Secure Boot Security Feature Bypass Vulnerability
CVE-2020-0689 Yes No Less Likely Less Likely Important 8.2 7.6
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2020-0681 No No More Likely More Likely Critical 7.5 6.7
CVE-2020-0734 No No More Likely More Likely Critical 7.5 6.7
Remote Desktop Services Remote Code Execution Vulnerability
CVE-2020-0655 No No - - Important 8.0 7.2
Scripting Engine Memory Corruption Vulnerability
CVE-2020-0673 No No - - Critical 6.4 5.8
CVE-2020-0674 Yes Yes Detected Detected Critical 6.4 5.9
CVE-2020-0710 No No - - Critical 4.2 3.8
CVE-2020-0711 No No - - Critical 4.2 3.8
CVE-2020-0712 No No - - Critical 4.2 3.8
CVE-2020-0713 No No - - Critical 4.2 3.8
CVE-2020-0767 No No - - Critical 4.2 3.8
Surface Hub Security Feature Bypass Vulnerability
CVE-2020-0702 No No Less Likely Less Likely Important    
Win32k Elevation of Privilege Vulnerability
CVE-2020-0691 No No Unlikely Unlikely Important 4.7 4.2
CVE-2020-0719 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0720 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0721 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0722 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0723 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0724 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0725 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0726 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0731 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2020-0716 No No - - Important 5.5 5.0
CVE-2020-0717 No No Less Likely Less Likely Important 5.5 5.0
Windows Backup Service Elevation of Privilege Vulnerability
CVE-2020-0703 No No Less Likely Less Likely Important 7.8 7.0
Windows COM Server Elevation of Privilege Vulnerability
CVE-2020-0685 No No Less Likely Less Likely Important 7.0 6.3
Windows Client License Service Elevation of Privilege Vulnerability
CVE-2020-0701 No No Less Likely Less Likely Important 7.8 7.0
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-0657 No No More Likely More Likely Important 7.8 7.0
Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2020-0658 No No - - Important 5.5 5.0
Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2020-0659 No No - - Important 7.8 7.0
CVE-2020-0747 No No Less Likely Less Likely Important 7.8 7.0
Windows Elevation of Privilege Vulnerability
CVE-2020-0737 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0739 No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-0753 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0754 No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2020-0678 No No Less Likely Less Likely Important 7.8 7.0
Windows Function Discovery Service Elevation of Privilege Vulnerability
CVE-2020-0679 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0680 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0682 No No Less Likely Less Likely Important 7.8 7.0
Windows GDI Information Disclosure Vulnerability
CVE-2020-0744 No No Less Likely Less Likely Important 5.5 5.0
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-0715 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0745 No No More Likely More Likely Important 7.8 7.0
CVE-2020-0792 No No Less Likely Less Likely Important 7.0 6.3
Windows Hyper-V Denial of Service Vulnerability
CVE-2020-0661 No No Less Likely Less Likely Important 6.8 6.1
CVE-2020-0751 No No - - Important 6.0 5.4
Windows IME Elevation of Privilege Vulnerability
CVE-2020-0707 No No Less Likely Less Likely Important 7.8 7.0
Windows Imaging Library Remote Code Execution Vulnerability
CVE-2020-0708 No No Less Likely Less Likely Important 7.8 7.0
Windows Information Disclosure Vulnerability
CVE-2020-0698 No No Less Likely Less Likely Important 5.5 5.0
Windows Installer Elevation of Privilege Vulnerability
CVE-2020-0683 Yes No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0686 Yes No Less Likely Less Likely Important 7.0 6.3
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0668 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0669 No No - - Important 7.8 7.0
CVE-2020-0670 No No - - Important 7.8 7.0
CVE-2020-0671 No No - - Important 7.8 7.0
CVE-2020-0672 No No - - Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2020-0736 No No - - Important 5.5 5.0
Windows Key Isolation Service Information Disclosure Vulnerability
CVE-2020-0675 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0676 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0677 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0748 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0755 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0756 No No Less Likely Less Likely Important 5.5 5.0
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
CVE-2020-0733 No No - - Important    
Windows Modules Installer Service Information Disclosure Vulnerability
CVE-2020-0728 No No Less Likely Less Likely Important 3.3 3.0
Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
CVE-2020-0705 No No Less Likely Less Likely Important 5.5 5.0
Windows Remote Code Execution Vulnerability
CVE-2020-0662 No No - - Critical 8.6 7.7
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2020-0660 No No Less Likely Less Likely Important 7.5 6.7
Windows SSH Elevation of Privilege Vulnerability
CVE-2020-0757 No No Less Likely Less Likely Important 8.2 7.4
Windows Search Indexer Elevation of Privilege Vulnerability
CVE-2020-0666 No No - - Important 7.8 7.0
CVE-2020-0667 No No - - Important 7.8 7.0
CVE-2020-0735 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0752 No No Less Likely Less Likely Important 7.8 7.0
Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2020-0730 No No Less Likely Less Likely Important 6.3 5.7
Windows Wireless Network Manager Elevation of Privilege Vulnerability
CVE-2020-0704 No No Less Likely Less Likely Important 7.8 7.0

Total Vulnerabilities: 99

References:

[1] https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001

--
Renato Marinho
Morphus Labs| LinkedIn| Twitter

Renato

70 Posts
ISC Handler
Feb 11th 2020
Thread locked Subscribe Feb 11th 2020
1 year ago
CVE-2020-0817 (Microsoft Remote Desktop Client Remote Code Execution Vulnerability) is missing in the monthly evaluation from DShield along with Renado's dashboard.

Palo Alto just put out emergency coverage for it today (12 Feb 2020).

Any chance of getting that added to the monthly review along with any news of in-the-wild reports please?

See:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0817
https://www.secpod.com/blog/patch-tuesday-microsoft-security-bulletin-summary-for-february-2020/

Thanks!
 Anonymous
Quote Feb 12th 2020
1 year ago

Sign Up for Free or Log In to start participating in the conversation!