Patch Tuesday, February 2020 saw patches for 99 vulnerabilities from Microsoft and 42 vulnerabilities from Adobe. One vulnerability from Microsoft is currently under active exploitation in the wild, and five of them are publicly known. None of the Adobe vulnerabilities were disclosed prior to patching.
Scripting Engine
This bug impacts IE and any applications that rely locally on the Trident rendering engine. Attackers can execute code on an affected system if the user browses maliciously crafted content on a compromised or malicious website, or through an affected application. The only workaround for this vulnerability involves disabling jscript.dll, which breaks a significant amount of functionality on the system. Microsoft rates this vulnerability as critical, and it is being actively exploited in the wild.
Microsoft Exchange
Microsoft may have chosen to rate CVE-2020-0688 as only important, but the consequences of this vulnerability are severe. An attacker only has to send a maliciously crafted email to an Exchange server to gain system-level command execution. No other user interaction is required.
Windows Installer
While probably not the most conspicuous component of Windows, the Windows Installer could be leveraged to elevate privileges. It became publicly known that two vulnerabilities in Windows Installer existed last month, and this month patches have finally rolled out. Microsoft rates these vulnerabilities as important.
LNK Remote Code Execution
LNK files are processed by the system whenever you connect to a file share or plug in a USB drive. If this sounds familiar, it is because Stuxnet used the same mechanism to propagate. Since a system process is being exploited, the attacker should be able to execute code at a system level, completely compromising a device. Penetration testers have used this technique to compromise air-gapped systems in the past.
Microsoft Remote Desktop
Microsoft Remote Desktop has a critical vulnerability allowing a malicious server to execute code on a client system attempting to connect to it. An attacker exploiting this vulnerability would execute code at a system level, allowing them to completely compromise the client. Microsoft rates this vulnerability as critical and likely for exploitation.
Research Team, BeyondTrust
Identity security threats are escalating at an alarming rate. Driven by the rapid evolution of technology, the increasing sophistication of malicious actors, and an ever-expanding attack surface, it is more important than ever that organizations adopt robust identity security measures that are capable of keeping pace ever-evolving attacks.
The BeyondTrust research and detection engineering teams believe the best way to fully understand cybersecurity threats is to work closely with our customers and partners, conducting real world research into the attacks that matter most to them. By dissecting emerging attack methods and exploitation techniques of threat actors as well as conducting novel research the teams mission is to help organizations defend against identity threats.