The February “update Tuesday” became the largest for Microsoft in a long time: almost 100 different bugs were fixed within its framework, including the 0-day vulnerability in Internet Explorer, which was already under attack, and another 11 critical problems.
Let me remind you that back in January 2020, Microsoft reported a zero-day vulnerability in Internet Explorer, which the attackers had already used for “limited targeted attacks.” The problem received the identifier CVE-2020-0674 and was associated with a vulnerability in the Firefox browser, which also became known in January. Apparently, the mentioned “limited attacks” were part of a larger hacker campaign, which also included attacks on users of Firefox.
The problem was related to the IE script engine and violation of the integrity of memory information. Exploiting the vulnerability allows an attacker to execute arbitrary code in the context of the current user. To do this, just lure the IE user to a malicious site.
Now that an official patch has been released for CVE-2020-0674, Microsoft reports that the problem was originally detected by Google Analytics Group and Chinese experts from Qihoo 360. While Google did not publish any information about the operation of the bug, Qihoo 360 reports that the problem is using hack band DarkHotel, which many researchers associate with North Korea.
Information about four more vulnerabilities that received patches this month was publicly disclosed before the fixes were released (however, none of these problems were used for attacks): these are two privilege escalation errors in Windows Installer (CVE-2020-0683 and CVE-2020-0686), Secure Boot bypass ( CVE-2020-0689 ), and Edge and IE information disclosure vulnerability ( CVE- 2020-0706 ).
Most of the critical problems this month are RCE vulnerabilities and bugs related to the violation of the integrity of information in memory. Corrections for such shortcomings were received by the Chakra scripting engine, Media Foundation component, LNK files and so on.
Also, another issue of remote arbitrary code execution (CVE-2020-0688) was fixed in Exchange, and it could be exploited using malicious emails.