Microsoft 11 lutego 2020 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 99 poprawek bezpieczeństwa, w tym 10 oznaczonych jako krytyczne.

Najistotniejsze podatności:

CVE-2020-0674 – Microsoft naprawił aktywnie wykorzystywaną podatność 0day w Internet Explorer w wersjach 9, 10 i 11. Exploit umożliwia napastnikowi wywołanie dowolnego kodu w kontekście użytkownika (w tym administratora) w wyniku otwarcia przez użytkownika odpowiednio przygotowanej strony WWW. Exploit wykorzystuje podatność silnika skryptowego.

Poniżej przedstawiamy szczegółowe zestawienie aktualizacji:

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Active Directory Elevation of Privilege Vulnerability
CVE-2020-0665 No No Important 6.6 5.9
Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2020-0740 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0741 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0742 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0743 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0749 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0750 No No Less Likely Less Likely Important 7.8 7.0
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-0727 No No Less Likely Less Likely Important 7.8 7.0
DirectX Elevation of Privilege Vulnerability
CVE-2020-0709 No No Important 7.0 6.3
CVE-2020-0732 No No Important 7.0 6.3
DirectX Information Disclosure Vulnerability
CVE-2020-0714 No No Less Likely Less Likely Important 4.7 4.2
February 2020 Adobe Flash Security Update
ADV200003 No No Important
LNK Remote Code Execution Vulnerability
CVE-2020-0729 No No Less Likely Less Likely Critical 7.5 6.7
Media Foundation Memory Corruption Vulnerability
CVE-2020-0738 No No Less Likely Less Likely Critical 8.8 7.9
Microsoft Browser Information Disclosure Vulnerability
CVE-2020-0706 Yes No Less Likely Less Likely Important 4.3 3.9
Microsoft Edge Elevation of Privilege Vulnerability
CVE-2020-0663 No No Important 4.2 3.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2020-0759 No No Less Likely Less Likely Important
Microsoft Exchange Memory Corruption Vulnerability
CVE-2020-0688 No No More Likely More Likely Important
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2020-0692 No No More Likely More Likely Important
Microsoft Graphics Components Information Disclosure Vulnerability
CVE-2020-0746 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Office Online Server Spoofing Vulnerability
CVE-2020-0695 No No Important
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-0693 No No Less Likely Less Likely Important
CVE-2020-0694 No No Less Likely Less Likely Important
Microsoft Office Tampering Vulnerability
CVE-2020-0697 No No Important
Microsoft Outlook Security Feature Bypass Vulnerability
CVE-2020-0696 No No Less Likely Less Likely Important
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
CVE-2020-0618 No No Important
Microsoft Secure Boot Security Feature Bypass Vulnerability
CVE-2020-0689 Yes No Less Likely Less Likely Important 8.2 7.6
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2020-0681 No No More Likely More Likely Critical 7.5 6.7
CVE-2020-0734 No No More Likely More Likely Critical 7.5 6.7
Remote Desktop Services Remote Code Execution Vulnerability
CVE-2020-0655 No No Important 8.0 7.2
Scripting Engine Memory Corruption Vulnerability
CVE-2020-0673 No No Critical 6.4 5.8
CVE-2020-0674 Yes Yes Detected Detected Critical 6.4 5.9
CVE-2020-0710 No No Critical 4.2 3.8
CVE-2020-0711 No No Critical 4.2 3.8
CVE-2020-0712 No No Critical 4.2 3.8
CVE-2020-0713 No No Critical 4.2 3.8
CVE-2020-0767 No No Critical 4.2 3.8
Surface Hub Security Feature Bypass Vulnerability
CVE-2020-0702 No No Less Likely Less Likely Important
Win32k Elevation of Privilege Vulnerability
CVE-2020-0691 No No Unlikely Unlikely Important 4.7 4.2
CVE-2020-0719 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0720 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0721 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0722 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0723 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0724 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0725 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0726 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0731 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2020-0716 No No Important 5.5 5.0
CVE-2020-0717 No No Less Likely Less Likely Important 5.5 5.0
Windows Backup Service Elevation of Privilege Vulnerability
CVE-2020-0703 No No Less Likely Less Likely Important 7.8 7.0
Windows COM Server Elevation of Privilege Vulnerability
CVE-2020-0685 No No Less Likely Less Likely Important 7.0 6.3
Windows Client License Service Elevation of Privilege Vulnerability
CVE-2020-0701 No No Less Likely Less Likely Important 7.8 7.0
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2020-0657 No No More Likely More Likely Important 7.8 7.0
Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2020-0658 No No Important 5.5 5.0
Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2020-0659 No No Important 7.8 7.0
CVE-2020-0747 No No Less Likely Less Likely Important 7.8 7.0
Windows Elevation of Privilege Vulnerability
CVE-2020-0737 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0739 No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-0753 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0754 No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2020-0678 No No Less Likely Less Likely Important 7.8 7.0
Windows Function Discovery Service Elevation of Privilege Vulnerability
CVE-2020-0679 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0680 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0682 No No Less Likely Less Likely Important 7.8 7.0
Windows GDI Information Disclosure Vulnerability
CVE-2020-0744 No No Less Likely Less Likely Important 5.5 5.0
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-0715 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0745 No No More Likely More Likely Important 7.8 7.0
CVE-2020-0792 No No Less Likely Less Likely Important 7.0 6.3
Windows Hyper-V Denial of Service Vulnerability
CVE-2020-0661 No No Less Likely Less Likely Important 6.8 6.1
CVE-2020-0751 No No Important 6.0 5.4
Windows IME Elevation of Privilege Vulnerability
CVE-2020-0707 No No Less Likely Less Likely Important 7.8 7.0
Windows Imaging Library Remote Code Execution Vulnerability
CVE-2020-0708 No No Less Likely Less Likely Important 7.8 7.0
Windows Information Disclosure Vulnerability
CVE-2020-0698 No No Less Likely Less Likely Important 5.5 5.0
Windows Installer Elevation of Privilege Vulnerability
CVE-2020-0683 Yes No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0686 Yes No Less Likely Less Likely Important 7.0 6.3
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0668 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0669 No No Important 7.8 7.0
CVE-2020-0670 No No Important 7.8 7.0
CVE-2020-0671 No No Important 7.8 7.0
CVE-2020-0672 No No Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2020-0736 No No Important 5.5 5.0
Windows Key Isolation Service Information Disclosure Vulnerability
CVE-2020-0675 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0676 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0677 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0748 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0755 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0756 No No Less Likely Less Likely Important 5.5 5.0
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
CVE-2020-0733 No No Important
Windows Modules Installer Service Information Disclosure Vulnerability
CVE-2020-0728 No No Less Likely Less Likely Important 3.3 3.0
Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
CVE-2020-0705 No No Less Likely Less Likely Important 5.5 5.0
Windows Remote Code Execution Vulnerability
CVE-2020-0662 No No Critical 8.6 7.7
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2020-0660 No No Less Likely Less Likely Important 7.5 6.7
Windows SSH Elevation of Privilege Vulnerability
CVE-2020-0757 No No Less Likely Less Likely Important 8.2 7.4
Windows Search Indexer Elevation of Privilege Vulnerability
CVE-2020-0666 No No Important 7.8 7.0
CVE-2020-0667 No No Important 7.8 7.0
CVE-2020-0735 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0752 No No Less Likely Less Likely Important 7.8 7.0
Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2020-0730 No No Less Likely Less Likely Important 6.3 5.7
Windows Wireless Network Manager Elevation of Privilege Vulnerability
CVE-2020-0704 No No Less Likely Less Likely Important 7.8 7.0