Microsoft tries again to plug exploited IE zero-day

By

Third time lucky?

Microsoft has fixed a critical vulnerability in the Internet Explorer web browser for its Windows operating system, which the company said in January was being exploited in the wild and which appears to be a carry-over from September last year.

Microsoft tries again to plug exploited IE zero-day

This is Microsoft's third try at fixing the memory corruption flaw in the Windows Scripting Engine component used by Internet Explorer, Google Project Zero security engineer Maddie Stone said.

An attacker can exploit the CVE-2020-0674 vulnerability remotely to execute arbitrary code with the same privileges as the user.

Neither Microsoft nor Google have revealed where and when the exploitation attempts took place.

A second criticial memory corruption bug in the Scripting Engine, CVE-2020-0673, that could be exploited remotely as well is also taken care of by Microsoft's set of security patches for this month.

The February 2020 Patch Wednesday collection contains a large amount of fixes for vulnerabilities, 99 in total.

Of these, 12 are rated as critical, and 17 allow for remote code execution.

Four vulnerabilities in Microsoft's Remote Desktop client, services and protocol are also fixed.

Two, CVEs 2020-0681 and 2020-0734 in the Remote Desktop client, were labelled by Microsoft as critical with a warning of "exploitation more likely".

Attackers could exploit the flaws through malicious servers, to remotely run code on connecting RDP clients.

Apart from Internet Explorer, Patch Wednesday contains bugs fixes for flaws that affect the newer versions of the Windows and Windows Server operating systems and components for these such as the Edge web browser and the Malicious Software Removal Tool.

Microsot's Office productivity suite also receives fixes, along with the Exchange mail and calendaring server software and the SQL Server database.

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
internet explorermicrosoftpatch wednesdaysecuritywindows

Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond

Events

Most Read Articles

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices
Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?