February 2020 Patch Bulletin

February 2020 Patch Bulletin

This month we have 99 unique CVE’s, 9 technologies with updates, 4 technologies with critical updates, 5 publicly disclosed vulnerabilities, and a zero day vulnerability patched. 

Microsoft released update that fixes a zero day vulnerability originally described in ADV200001.  Of the 3 additional publicly disclosed vulnerabilities (CVE-2020-0683, CVE-2020-0686, CVE-2020-0689) we pay close attention to CVE-2020-0689 which has standalone security updates. This update fixes a security bypass for secure boot.

CVE-2020-0689  – A security feature bypass vulnerability exists in secure boot. An attacker who successfully exploited the vulnerability can bypass secure boot and load untrusted software.

To exploit the vulnerability, an attacker could run a specially crafted application.

The security update addresses the vulnerability by blocking vulnerable third-party bootloaders.

For additional details, please find the information from Microsoft below:

 

Technology Products Affected SeverityReferenceWorkaround/Exploited/ Publicly Disclosed Vulnerability Info
 
Windows Windows 7, 8.1, 8.1 RT, 10, Server 2008, 2012, 2016, 2019Critical CVE-2020-0655
CVE-2020-0657
CVE-2020-0658
CVE-2020-0659
CVE-2020-0660
CVE-2020-0661
CVE-2020-0662
CVE-2020-0665
CVE-2020-0666
CVE-2020-0667
CVE-2020-0668
CVE-2020-0669
CVE-2020-0670
CVE-2020-0671
CVE-2020-0672
CVE-2020-0675
CVE-2020-0676
CVE-2020-0677
CVE-2020-0678
CVE-2020-0679
CVE-2020-0680
CVE-2020-0681
CVE-2020-0682
CVE-2020-0683**
CVE-2020-0685
CVE-2020-0686**
CVE-2020-0689**
CVE-2020-0691
CVE-2020-0698
CVE-2020-0701
CVE-2020-0703
CVE-2020-0704
CVE-2020-0705
CVE-2020-0707
CVE-2020-0708
CVE-2020-0709
CVE-2020-0714
CVE-2020-0715
CVE-2020-0716
CVE-2020-0717
CVE-2020-0719
CVE-2020-0720
CVE-2020-0721
CVE-2020-0722
CVE-2020-0723
CVE-2020-0724
CVE-2020-0725
CVE-2020-0726
CVE-2020-0727
CVE-2020-0728
CVE-2020-0729
CVE-2020-0730
CVE-2020-0731
CVE-2020-0732
CVE-2020-0734
CVE-2020-0735
CVE-2020-0736
CVE-2020-0737
CVE-2020-0738
CVE-2020-0739
CVE-2020-0740
CVE-2020-0741
CVE-2020-0742
CVE-2020-0743
CVE-2020-0744
CVE-2020-0745
CVE-2020-0746
CVE-2020-0747
CVE-2020-0748
CVE-2020-0748
CVE-2020-0749
CVE-2020-0750
CVE-2020-0751
CVE-2020-0752
CVE-2020-0753
CVE-2020-0754
CVE-2020-0755
CVE-2020-0756
CVE-2020-0757
CVE-2020-0792
Workaround: No
Exploited: Yes**
Public: No
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Security Feature Bypass
EdgeMicrosoft Edge (EdgeHTML-based)CriticalCVE-2020-0663
CVE-2020-0706
CVE-2020-0710
CVE-2020-0711
CVE-2020-0712
CVE-2020-0713
CVE-2020-0767
Workaround: No
Exploited: No
Public: No
Remote Code Execution
Elevation of Privilege
Information Disclosure
ChakraCoreChakraCoreCriticalCVE-2020-0710
CVE-2020-0711
CVE-2020-0712
CVE-2020-0713
CVE-2020-0767
Workaround: No
Exploited: No
Public: No
Remote Code Execution
IE9, 10, 11CriticalCVE-2020-0673
CVE-2020-0674
CVE-2020-0706
Workaround: No
Exploited: Yes
Public: Yes
Remote Code Execution
Information Disclosure
Exchange ServerExchange Server 2010, 2013, 2016, 2019ImportantCVE-2020-0692
CVE-2020-0688
Workaround: No
Exploited: No
Public: No
Remote Code Execution
Elevation of Privilege
SQL ServerSQL Server 2012, 2014, 2016ImportantCVE-2020-0618Workaround: No
Exploited: No
Public: No
Remote Code Execution
Office, Office Services, Office Web AppsOffice 365 ProPlus
Excel 2010, 2013, 2016, 2019
Outlook 2010, 2013, 2016
SharePoint Enterprise Server 2016
SharePoint Foundation Server 2013, 2019
ImportantCVE-2020-0693
CVE-2020-0694
CVE-2020-0695
CVE-2020-0696
CVE-2020-0697
CVE-2020-0759
Workaround: No
Exploited: No
Public: No
Tampering
Security Feature Bypass
Remote Code Execution
Spoofing
Malicious Software Removal ToolAllImportantCVE-2020-0733Workaround: No
Exploited: No
Public: No
Elevation of Privilege
Surface HubAllImportantCVE-2020-0702Workaround: No
Exploited: No
Public: No
Security Feature Bypass

In case of any questions or clarifications please feel free to reach out to ECHO’s Service Desk.