Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0038 Microsoft Patch Tuesday updates for Windows (February 2020) 13 February 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows 10 Windows 7 Windows 8.1 Windows RT 8.1 Windows Server 2008 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 Windows Server 2019 Operating System: Windows Impact/Access: Administrator Compromise -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Create Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Delete Arbitrary Files -- Existing Account Access Confidential Data -- Existing Account Reduced Security -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-0818 CVE-2020-0817 CVE-2020-0792 CVE-2020-0757 CVE-2020-0756 CVE-2020-0755 CVE-2020-0754 CVE-2020-0753 CVE-2020-0752 CVE-2020-0751 CVE-2020-0750 CVE-2020-0749 CVE-2020-0748 CVE-2020-0747 CVE-2020-0746 CVE-2020-0745 CVE-2020-0744 CVE-2020-0743 CVE-2020-0742 CVE-2020-0741 CVE-2020-0740 CVE-2020-0739 CVE-2020-0738 CVE-2020-0737 CVE-2020-0736 CVE-2020-0735 CVE-2020-0734 CVE-2020-0732 CVE-2020-0731 CVE-2020-0730 CVE-2020-0729 CVE-2020-0728 CVE-2020-0727 CVE-2020-0726 CVE-2020-0725 CVE-2020-0724 CVE-2020-0723 CVE-2020-0722 CVE-2020-0721 CVE-2020-0720 CVE-2020-0719 CVE-2020-0717 CVE-2020-0716 CVE-2020-0715 CVE-2020-0714 CVE-2020-0709 CVE-2020-0708 CVE-2020-0707 CVE-2020-0705 CVE-2020-0704 CVE-2020-0703 CVE-2020-0701 CVE-2020-0698 CVE-2020-0691 CVE-2020-0689 CVE-2020-0686 CVE-2020-0685 CVE-2020-0683 CVE-2020-0682 CVE-2020-0681 CVE-2020-0680 CVE-2020-0679 CVE-2020-0678 CVE-2020-0677 CVE-2020-0676 CVE-2020-0675 CVE-2020-0672 CVE-2020-0671 CVE-2020-0670 CVE-2020-0669 CVE-2020-0668 CVE-2020-0667 CVE-2020-0666 CVE-2020-0665 CVE-2020-0662 CVE-2020-0661 CVE-2020-0660 CVE-2020-0659 CVE-2020-0658 CVE-2020-0657 CVE-2020-0655 Member content until: Saturday, March 14 2020 OVERVIEW Microsoft has released its monthly security patch update for the month of February 2020. This update resolves 81 vulnerabilities across the following products: [1] Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-0655 Remote Code Execution Important CVE-2020-0657 Elevation of Privilege Important CVE-2020-0658 Information Disclosure Important CVE-2020-0659 Elevation of Privilege Important CVE-2020-0660 Denial of Service Important CVE-2020-0661 Denial of Service Important CVE-2020-0662 Remote Code Execution Critical CVE-2020-0665 Elevation of Privilege Important CVE-2020-0666 Elevation of Privilege Important CVE-2020-0667 Elevation of Privilege Important CVE-2020-0668 Elevation of Privilege Important CVE-2020-0669 Elevation of Privilege Important CVE-2020-0670 Elevation of Privilege Important CVE-2020-0671 Elevation of Privilege Important CVE-2020-0672 Elevation of Privilege Important CVE-2020-0675 Information Disclosure Important CVE-2020-0676 Information Disclosure Important CVE-2020-0677 Information Disclosure Important CVE-2020-0678 Elevation of Privilege Important CVE-2020-0679 Elevation of Privilege Important CVE-2020-0680 Elevation of Privilege Important CVE-2020-0681 Remote Code Execution Critical CVE-2020-0682 Elevation of Privilege Important CVE-2020-0683 Elevation of Privilege Important CVE-2020-0685 Elevation of Privilege Important CVE-2020-0686 Elevation of Privilege Important CVE-2020-0689 Security Feature Bypass Important CVE-2020-0691 Elevation of Privilege Important CVE-2020-0698 Information Disclosure Important CVE-2020-0701 Elevation of Privilege Important CVE-2020-0703 Elevation of Privilege Important CVE-2020-0704 Elevation of Privilege Important CVE-2020-0705 Information Disclosure Important CVE-2020-0707 Elevation of Privilege Important CVE-2020-0708 Remote Code Execution Important CVE-2020-0709 Elevation of Privilege Important CVE-2020-0714 Information Disclosure Important CVE-2020-0715 Elevation of Privilege Important CVE-2020-0716 Information Disclosure Important CVE-2020-0717 Information Disclosure Important CVE-2020-0719 Elevation of Privilege Important CVE-2020-0720 Elevation of Privilege Important CVE-2020-0721 Elevation of Privilege Important CVE-2020-0722 Elevation of Privilege Important CVE-2020-0723 Elevation of Privilege Important CVE-2020-0724 Elevation of Privilege Important CVE-2020-0725 Elevation of Privilege Important CVE-2020-0726 Elevation of Privilege Important CVE-2020-0727 Elevation of Privilege Important CVE-2020-0728 Information Disclosure Important CVE-2020-0729 Remote Code Execution Critical CVE-2020-0730 Elevation of Privilege Important CVE-2020-0731 Elevation of Privilege Important CVE-2020-0732 Elevation of Privilege Important CVE-2020-0734 Remote Code Execution Critical CVE-2020-0735 Elevation of Privilege Important CVE-2020-0736 Information Disclosure Important CVE-2020-0737 Elevation of Privilege Important CVE-2020-0738 Remote Code Execution Critical CVE-2020-0739 Elevation of Privilege Important CVE-2020-0740 Elevation of Privilege Important CVE-2020-0741 Elevation of Privilege Important CVE-2020-0742 Elevation of Privilege Important CVE-2020-0743 Elevation of Privilege Important CVE-2020-0744 Information Disclosure Important CVE-2020-0745 Elevation of Privilege Important CVE-2020-0746 Information Disclosure Important CVE-2020-0747 Elevation of Privilege Important CVE-2020-0748 Information Disclosure Important CVE-2020-0749 Elevation of Privilege Important CVE-2020-0750 Elevation of Privilege Important CVE-2020-0751 Denial of Service Important CVE-2020-0752 Elevation of Privilege Important CVE-2020-0753 Elevation of Privilege Important CVE-2020-0754 Elevation of Privilege Important CVE-2020-0755 Information Disclosure Important CVE-2020-0756 Information Disclosure Important CVE-2020-0757 Elevation of Privilege Important CVE-2020-0792 Elevation of Privilege Important CVE-2020-0817 Remote Code Execution Critical CVE-2020-0818 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4537762, KB4537813, KB4537822, KB4502496, KB4524244 KB4537820, KB4537789, KB4537764, KB4537803, KB4532691 KB4532693, KB4537814, KB4537821, KB4537810, KB4537794 KB4537776 REFERENCES [1] Microsoft Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXkSxSGaOgq3Tt24GAQjDQg//QJUmb2itS820ay1HQq0Wipu/GezmrS9S pLyTjnJ5/of0HK7pWQJeUI4v6lIjWFgMeiBrnnNoo4i3f7bOTEa3i5CAgFBBz7O6 ZW8YGg+T0twV1oMVbi9kuyyo/R9qaBcaouKJH9cvS59c484pWDSadVfAFFumQ4NZ F5Cni51ycn7yRKz8D//Ozxa6tkIxqBX4clIFTYLVSZi8JfiRaWVTR3SVV2i3TvV4 Ngy/kgpIqA2eOxP2bkc+gH3naKeDhWLkpNxrrd8TIem0hxJmXjiVnL6hKDsyfaGB jkbgOw6ggcWpVFZBmLvoYGhs8OdO39N19AaOCE6iyUbCwhL+fso0ExtERZjy6mOD M+nFowqBCyrBHWujOYiae3mq7tBE4HVPYI8GWXwaOXgt4r+aHY/8T9UDbCPpeC2x rKW9oIsWCK8VhvWXBatCT72jkD5VHo4tZpRef8AXSB+mjzEa5EZsk1Y/AtAGXAjn pVwopGU4r3BHJKiih7ZjlO3MlCVfoUFUnmNgQGRt4tNq0lHffBhd0BPJMlkrSGQQ mN25KiRXbNmaDcFhJOVIfa0hi9BgAFJwEmioX00xKvArc5yprKJ2boJxchGxaD2D oQjOeFUrQ0doCIcMVXDTGi9Br41uquxEV2Yfhm4zjKeTL8Vvk9cVwqu9V4+D8vOD cIvjM8DBWBU= =SJtp -----END PGP SIGNATURE-----