{"id":6046,"date":"2020-02-12T22:58:07","date_gmt":"2020-02-12T22:58:07","guid":{"rendered":"https:\/\/www.n-able.com\/?p=6046"},"modified":"2022-06-10T18:23:05","modified_gmt":"2022-06-10T17:23:05","slug":"february-2020-patch-tuesday-update-one-largest-vulnerability-count","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count","title":{"rendered":"February 2020 Patch Tuesday Update: One of the Largest by Vulnerability Count"},"content":{"rendered":"

While January 2020\u2019s \u201cPatch Tuesday\u201d release from Microsoft wasn\u2019t large in size, it had a few \u201chigh profile\u201d vulnerabilities that demanded immediate attention. February is a different story.\u00a0 At the time the patches were released, Microsoft reported\u00a0only one<\/em>\u00a0of the vulnerabilities had an active exploit against it. There are a whopping 99 individual vulnerabilities fixed across operating systems and their components, browsers, Microsoft Office Suite (including SharePoint), Microsoft Exchange, and SQL Reporting Services.<\/p>\n

While most are listed as \u201cImportant\u201d or below, there are five \u201cCritical\u201d operating system and seven \u201cCritical\u201d browser vulnerabilities. There are another 87 vulnerabilities across multiple products listed as \u201cImportant.\u201d<\/p>\n

Critical operating system vulnerabilities\u00a0<\/b><\/h3>\n

CVE-2020-0681<\/a>\u00a0and\u00a0CVE-2020-0734<\/a>\u00a0are similar in that they both affect Remote Desktop client. In both cases, a bad actor would have to trick a user into connecting to a compromised Remote Desktop server in control of the bad actor. This vulnerability affects all Remote Desktop clients on Windows 7 through the current release of Windows 10 and all Server versions (including Core). Microsoft labeled these vulnerabilities as \u201cExploitation More Likely,\u201d as it has with many Remote Desktop vulnerabilities in the past.<\/p>\n

CVE-2020-0662<\/a>\u00a0is a Remote Code Execution vulnerability marked by Microsoft as \u201cExploitation Less Likely.\u201d To take advantage, a domain user would have to specially craft a request to elevate privilege on the target system.\u00a0 This affects all versions of Windows from Windows 7 up to the current release of Windows 10, as well as all Server versions (including Core).<\/p>\n

CVE-2020-0738<\/a>\u00a0is a Remote Code Execution vulnerability in Windows Media Foundation that would require a user to click on a malicious file or visit a malicious website. It\u2019s listed as \u201cExploitation Less Likely,\u201d and, like the others in this list, affects all versions of Windows Workstation and Server operating systems.<\/p>\n

CVE-2020-0729<\/a>\u00a0is also a Remote Code Execution vulnerability that would require a user to click on a .LNK file. This would result in elevation of privilege for the attacker to the level of the user that clicked on it. This one also affects all versions of Windows workstation and Server.<\/p>\n

Critical browser vulnerabilities<\/b><\/h3>\n

First up is the fix for the vulnerability that was reported on January 17, which was expected this Patch Tuesday.\u00a0CVE-2020-0674<\/a>\u00a0is a zero-day vulnerability in Internet Explorer reported by Microsoft as \u201cExploitation Detected\u201d in their release notes, which means it\u2019s under active attack. You should note that older versions of IE 9 and 10 are also listed as affected. Another vulnerability in the browser\u2019s scripting engine,\u00a0CVE-2020-0673<\/a>, lists a similar description to the above, but it\u2019s listed as \u201cExploitation More Likely.\u201d This means while there is no active exploit, one may show up soon after this disclosure.<\/p>\n

The remainder of the Critical browser vulnerabilities are in Microsoft Edge (the Edge HTML version) and affect varying operating systems. They\u2019re all listed as \u201cExploitation Less Likely.\u201d<\/p>\n

A reminder that now that Edge browser is based on the Chromium browser, you\u2019ll see advisories much like\u00a0ADV200002<\/a>\u00a0for vulnerabilities fixed in that version of the browser.<\/p>\n

Other applications<\/b><\/h3>\n

Microsoft Exchange Server\u00a0<\/b>(2010, 2013, 2016, and 2019) has two vulnerability fixes for\u00a0CVE-2020-0688<\/a>, and\u00a0CVE-2020-0692<\/a>. The first is a vulnerability that would require an attacker to send a specially crafted email to the Exchange Server and would give the attacker the ability to execute code in System context. The second one would allow an attacker to impersonate another user by submitting a manipulated user token to Exchange Web Services.<\/p>\n

Microsoft Office<\/b>\u00a0suite has many vulnerabilities listed as \u201cImportant.\u201d These include most all versions of Outlook, Excel 2010-2016, and SharePoint 2013, 2016, and 2019.<\/p>\n

Finally, there is one vulnerability in SQL Reporting services listed as \u201cExploitation Less Likely.\u201d<\/p>\n

So, from a prioritization standpoint, we know from Microsoft\u2019s report that browsers are an area of attention this month. If you need to prioritize one area over another, focus first on workstations that browse the internet. Then focus on the server operating systems for the Remote Desktop Client vulnerabilities. Then focus on Office, Exchange servers, and SQL reporting services.<\/p>\n

Microsoft publishes a\u00a0release note summary<\/a>\u00a0on Patch Tuesday, and in there you can find known issues at the end of the document. After reviewing, almost all the issues revolve around permission issues when performing a rename action on a Cluster Shared Volume without administrative privileges. Please read the notes and known issues if you have any concerns.<\/p>\n

As a note, most all of Microsoft\u2019s updates are now cumulative. This means that installing the Cumulative Update for that operating system will handle most of the vulnerabilities outside of Office and other applications. On older operating systems such as Server 2012 and Windows 8.1, there is generally a Security Only update or a Monthly Rollup. It\u2019s up to you which one of those you choose to approve, but in most cases, the Security Update can be smaller. If you\u2019re current on your updates from month to month, Security Updates can be quicker to install. If you\u2019re behind on your updates, it\u2019s always a good idea to install the Monthly Rollup to get current in one shot.<\/p>\n

On a final note, remember that Windows 7 updates will only apply if you have an Extended Security Update contract with Microsoft. This month, 47 of the vulnerabilities applied to Windows 7 operating system alone. If this is any indication of \u201cthe way things will be,\u201d it\u2019s a good idea to either consider purchasing Extended Security Updates or go ahead and plan to upgrade to a supported operating system soon. Each month may take you further away from a secure state.<\/p>\n

Let\u2019s stay safe out there!<\/p>\n

 <\/p>\n

Gill Langston is head security nerd for SolarWinds MSP. You can follow Gill on Twitter at\u00a0@cybersec_nerd<\/a><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"

February's Patch Tuesday offers a whopping 99 individual vulnerabilities fixes across operating systems and their components, browsers, Microsoft Office Suite (including SharePoint), Microsoft Exchange, and SQL Reporting Services. Gill Langston…<\/p>\n","protected":false},"author":27,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-6046","post","type-post","status-publish","format-standard","hentry","topic-head-nerds","topic-patch-management","topic-security"],"acf":[],"yoast_head":"\nFebruary 2020 Patch Tuesday Update: One of the Largest by Vulnerability Count - N-able<\/title>\n<meta name=\"description\" content=\"February's Patch Tuesday offers a whopping 99 individual vulnerabilities fixes across operating systems and their components, browsers, Microsoft Office Suite (including SharePoint), Microsoft Exchange, and SQL Reporting Services. Gill Langston takes a deeper look.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count\" \/>\n<meta property=\"og:locale\" content=\"es_ES\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"February 2020 Patch Tuesday Update: One of the Largest by Vulnerability Count - N-able\" \/>\n<meta property=\"og:description\" content=\"February's Patch Tuesday offers a whopping 99 individual vulnerabilities fixes across operating systems and their components, browsers, Microsoft Office Suite (including SharePoint), Microsoft Exchange, and SQL Reporting Services. Gill Langston takes a deeper look.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2020-02-12T22:58:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-10T17:23:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Gill Langston\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Gill Langston\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tiempo de lectura\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count\"},\"author\":{\"name\":\"Gill Langston\",\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/person\/ccb02e43837727da6ab962f5357e872a\"},\"headline\":\"February 2020 Patch Tuesday Update: One of the Largest by Vulnerability Count\",\"datePublished\":\"2020-02-12T22:58:07+00:00\",\"dateModified\":\"2022-06-10T17:23:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count\"},\"wordCount\":967,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/es#organization\"},\"articleSection\":[\"Head Nerds\",\"Patch Management\",\"Security\"],\"inLanguage\":\"es\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count\",\"url\":\"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count\",\"name\":\"February 2020 Patch Tuesday Update: One of the Largest by Vulnerability Count - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/es#website\"},\"datePublished\":\"2020-02-12T22:58:07+00:00\",\"dateModified\":\"2022-06-10T17:23:05+00:00\",\"description\":\"February's Patch Tuesday offers a whopping 99 individual vulnerabilities fixes across operating systems and their components, browsers, Microsoft Office Suite (including SharePoint), Microsoft Exchange, and SQL Reporting Services. Gill Langston takes a deeper look.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count#breadcrumb\"},\"inLanguage\":\"es\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/es\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"February 2020 Patch Tuesday Update: One of the Largest by Vulnerability Count\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/es#website\",\"url\":\"https:\/\/www.n-able.com\/es\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/es#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/es?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"es\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/es#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/es\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/es#\/schema\/person\/ccb02e43837727da6ab962f5357e872a\",\"name\":\"Gill Langston\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"es\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g\",\"caption\":\"Gill Langston\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"February 2020 Patch Tuesday Update: One of the Largest by Vulnerability Count - N-able","description":"February's Patch Tuesday offers a whopping 99 individual vulnerabilities fixes across operating systems and their components, browsers, Microsoft Office Suite (including SharePoint), Microsoft Exchange, and SQL Reporting Services. Gill Langston takes a deeper look.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count","og_locale":"es_ES","og_type":"article","og_title":"February 2020 Patch Tuesday Update: One of the Largest by Vulnerability Count - N-able","og_description":"February's Patch Tuesday offers a whopping 99 individual vulnerabilities fixes across operating systems and their components, browsers, Microsoft Office Suite (including SharePoint), Microsoft Exchange, and SQL Reporting Services. Gill Langston takes a deeper look.","og_url":"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2020-02-12T22:58:07+00:00","article_modified_time":"2022-06-10T17:23:05+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"Gill Langston","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Escrito por":"Gill Langston","Tiempo de lectura":"5 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count"},"author":{"name":"Gill Langston","@id":"https:\/\/www.n-able.com\/es#\/schema\/person\/ccb02e43837727da6ab962f5357e872a"},"headline":"February 2020 Patch Tuesday Update: One of the Largest by Vulnerability Count","datePublished":"2020-02-12T22:58:07+00:00","dateModified":"2022-06-10T17:23:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count"},"wordCount":967,"publisher":{"@id":"https:\/\/www.n-able.com\/es#organization"},"articleSection":["Head Nerds","Patch Management","Security"],"inLanguage":"es"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count","url":"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count","name":"February 2020 Patch Tuesday Update: One of the Largest by Vulnerability Count - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/es#website"},"datePublished":"2020-02-12T22:58:07+00:00","dateModified":"2022-06-10T17:23:05+00:00","description":"February's Patch Tuesday offers a whopping 99 individual vulnerabilities fixes across operating systems and their components, browsers, Microsoft Office Suite (including SharePoint), Microsoft Exchange, and SQL Reporting Services. Gill Langston takes a deeper look.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count#breadcrumb"},"inLanguage":"es","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/es\/blog\/february-2020-patch-tuesday-update-one-largest-vulnerability-count#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/es\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"February 2020 Patch Tuesday Update: One of the Largest by Vulnerability Count"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/es#website","url":"https:\/\/www.n-able.com\/es","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/es#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/es?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"es"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/es#organization","name":"N-able","url":"https:\/\/www.n-able.com\/es","logo":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/es#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/es#\/schema\/person\/ccb02e43837727da6ab962f5357e872a","name":"Gill Langston","image":{"@type":"ImageObject","inLanguage":"es","@id":"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7e3211da194e6f8c74fccea7140d31255418759757a5d157a8eb4fd12fd0f1f2?s=96&d=mm&r=g","caption":"Gill Langston"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/posts\/6046","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/users\/27"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/comments?post=6046"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/posts\/6046\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/es\/wp-json\/wp\/v2\/media?parent=6046"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}