Microsoft Patch Tuesday ? February 2020 NEW!
"Microsoft and NSA say a security bug affects millions of Windows 10 computers. Microsoft has released a security patch for a dangerous vulnerability affecting hundreds of millions of computers running Windows 10. The vulnerability is found in a decades-old Windows cryptographic component, known as". CryptoAPI.-14 Jan 2020
Microsoft Patch Tuesday – February 2020
Thee seems to be a lot of issues with this 2/11/2020 release. On two machines upon install, icons were missing, temp profile installed and custom background changed to default windows. Did not check files, etc.Had to uninstall the update and all returned OK.Lot of similar issues being posted on the microsoft form. I sent mine to Feedback Hub. Hopefully some action to resolve.
CVE-2020-0674 is the one other vulnerability that stands out this month, mostly because it has been found exploited in the wild, so its exploitation is not merely theoretical. Therefore SophosLabs urges to apply immediately the available patches to avoid being compromised by any of those vulnerabilities.
For the February 2020 Patch Tuesday, Microsoft released security updates for Windows 7, 2008 and 2008 R2 systems which are already end of life. Qualys released Patch Tuesday detections (QIDs) which check for these new ESU patches as well.
Microsoft officially ended the support for Windows 7, 2008/R2 on January 14, 2020 and provided the ESU (Extended Support Update) program for customers to keep receiving security updates. However, for this Patch Tuesday (February 12, 2020) they issued patches for customers which have ESU enabled and updates for these out-of-support systems.
Earlier this week, Microsoft rolled out its February 2020 Patch Tuesday updates. As we reported yesterday, the rollup included some important fixes, including patching a critical Internet Explorer zero-day. However, it seems some aspects of this months Patch Tuesday are causing problems.
The important-rated "Microsoft Secure Boot Security Feature Bypass Vulnerability" (CVE-2020-0689) allows an attacker who exploited it, as the name suggests, to bypass the secure boot protection offered by Windows 10. Which means they could then load untrusted and potentially malicious software, simply by running a specially crafted application. The good news, part one, is that there is no evidence that this vulnerability has been exploited in the wild. The good