Recent February “update Tuesday” became the largest for Microsoft in a long time: within its framework were fixed almost 100 different bugs, including the 0-day vulnerability in Internet Explorer, which was already under attack, and 11 other critical problems.
Recall that back in January 2020, Microsoft reported a zero-day vulnerability in Internet Explorer, which the attackers had already used for “limited targeted attacks.”
The problem received the identifier CVE-2020-0674 and was associated with a vulnerability in the Firefox browser, which also became known in January. Apparently, the mentioned “limited attacks” were part of a larger hacker campaign, which also included attacks on users of Firefox.
“The problem was related to the IE script engine and violation of the integrity of memory information. Exploiting the vulnerability allows an attacker to execute arbitrary code in the context of the current user. To do this, just lure the IE user to a malicious site”, – Microsoft specialists describe this sensational vulnerability.
After an official patch has been released for CVE-2020-0674, Microsoft reported that Google Analytics Group and Chinese experts from Qihoo 360 originally detected the problem.
While Google did not publish any information about the operation of the bug, Qihoo 360 reports that the problem is associated with hacker’s band DarkHotel, which many researchers link with North Korea.
Information about four more vulnerabilities that received patches this month was publicly disclosed before release of fixes (however, any of these problems was used for attacks): these are two privilege escalation errors in Windows Installer (CVE-2020-0683 and CVE-2020 -0686), Secure Boot bypass (CVE-2020-0689), and information disclosure vulnerability in Edge and IE browsers (CVE-2020-0706).
“Most of the critical problems this month are RCE vulnerabilities and bugs related to the violation of the integrity of information in memory. The Chakra scripting engine, the Media Foundation component and LNK files received corrections for such defects”, – say the experts.
Separately, it is worth highlighting the problems found in Remote Desktop: two RCE vulnerabilities allowed remote execution of arbitrary code on the client side (CVE-2020-0681 and CVE-2020-0734).
Additionally, another problem of remote execution of arbitrary code (CVE-2020-0688) was fixed in Exchange. It could be exploited using malicious emails.
Recently, however, the Free Software Foundation called on Microsoft to open Windows 7 code for the free-war support, but it is unlikely that the vendor will take this offer.