This week, Microsoft has rolled out one of the biggest Patch Tuesday update bundles ever. It contains fixes for 99 security vulnerabilities including a zero-day affecting the Internet Explorer.
Patch For Internet Explorer Zero-Day
Microsoft has addressed a serious security bug in Internet Explorer browser this week. It was a zero-day vulnerability with a critical severity rating about which Microsoft warned in January. However, January’s Patch Tuesday did not include any fix for that. Describing the vulnerability, CVE-2020-0674, in an advisory, Microsoft stated,
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
Consequently, exploiting this vulnerability could even let an attacker gain admin access to the system and perform any malicious activities. What made this bug more devastating was its public exploitation. An attacker could simply exploit the vulnerability through Internet Explorer by designing a maliciously crafted website and convincing the user to open the site accordingly via a phishing attack.
Now, with February updates, Microsoft has confirmed patching the bug.
Other Microsoft Patch Tuesday February
Other than the zero-day listed above, Microsoft also fixed 11 different critical security vulnerabilities that could allow remote code execution.
It addressed 87 important severity vulnerabilities including 4 publicly disclosed bugs as well that required immediate attention. These vulnerabilities existed in different programs and could result in elevation of privilege, information disclosure, remote code execution, denial of service, tampering, and XSS attacks.
Alongside Microsoft, Adobe also released its Patch Tuesday updates this week. It addressed security bugs in Adobe Experience Manager, Adobe Flash Player, Adobe Digital Editions, Adobe Framework, and Adobe Acrobat and Reader.
Users must ensure updating their respective devices to stay safe from potential cyberattacks.
Let us know your thoughts in the comments.