Login

Register

Login

Register

#cybersecurity | #hackerspace |

VERT Threat Alert: February 2020 Patch Tuesday Analysis


Today’s VERT Alert addresses Microsoft’s February 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-870 on Wednesday, February 12th. 

In-The-Wild & Disclosed CVEs

CVE-2020-0674

A vulnerability exists in the way that Internet Explorer’s scripting engine handles objects in memory. An attacker that successfully exploited this vulnerability would have would have the same access as the currently logged in user. This vulnerability has been publicly exploited.

Microsoft has rated this as a 0 (Exploitation Detected) on the latest software release on the Exploitability Index.

CVE-2020-0683 / CVE-2020-0686

A pair of vulnerabilities exist within the Windows Installer that could allow attackers to add or remove files from a system due to the way that symbolic links are processed within MSI packages. An attacker would need to be logged into the system and have a malicious application designed to target the vulnerability. These vulnerabilities has been publicly disclosed.

Microsoft has rated both CVE-2020-0683 and CVE-2020-0686 as a 2 (Exploitation Less Likely) on the latest software release on the Exploitability Index.

CVE-2020-0689

This publicly disclosed vulnerability in Microsoft Security Boot could allow an attacker by bypass secure boot and load untrusted software. It is important to pay attention to the FAQ for this vulnerability. The update is a standalone update (rare for Windows 10) and requires the November Servicing Stack Update be installed. Additionally, if you are using Windows Defender Credential Guard, multiple reboots will be required.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the latest software release on the Exploitability Index.

CVE-2020-0706

A vulnerability in the handling of cross-origin requests in Microsoft browsers could allow an attacker to identify the origin of all web pages in the targeted browser. Successful exploitation would require that the victim accesses attacker controlled content. (Read more…)



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
[spreaker type=player resource="show_id=4560538" width="100%" height="550px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]
HACKER FOR HIRE MURDERS
 [spreaker type=player resource="show_id=4569966" width="100%" height="350px" theme="light" playlist="show" playlist-continuous="true" autoplay="false" live-autoplay="false" chapters-image="true" episode-image-position="left" hide-logo="false" hide-likes="false" hide-comments="false" hide-sharing="false" hide-download="true"]

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW