Microsoft Monthly Security Update (Feb 2020)

Last Update Date: 19 Sep 2024 Release Date: 12 Feb 2020 6400 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

[Updated on 2024-09-19]

Updated Description, Source and Related Links.

CVE-2020-0618 vulnerability is exploited in the wild. A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.

 

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserExtremely High Risk Extremely High RiskInformation Disclosure
Remote Code Execution
Elevation of Privilege		Exploited in the wild:
CVE-2020-0674
DeviceMedium Risk Medium RiskSecurity Restriction Bypass 
Exchange ServerMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege		 
Microsoft OfficeMedium Risk Medium RiskData Manipulation
Remote Code Execution
Spoofing
Security Restriction Bypass		 
SQL ServerExtremely High Risk Extremely High RiskRemote Code ExecutionCVE-2020-0618 is exploited in the wild. A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.
System CenterMedium Risk Medium RiskElevation of Privilege 
WindowsMedium Risk Medium RiskDenial of Service
Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Restriction Bypass		 

 

Number of 'Extremely High Risk' product(s): 2

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 5

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Extremely High Risk

Impact

  • Denial of Service
  • Remote Code Execution
  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing
  • Data Manipulation

System / Technologies affected

  • Browser
  • Device
  • Exchange Server
  • Microsoft Office
  • SQL Server
  • System Center
  • Windows

 

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

Related Tags

MicrosoftDenial of ServiceRemote Code ExecutionElevation of PrivilegeSecurity Restriction BypassInformation DisclosureSpoofingData ManipulationExploit In The Wild

Share with

Previous

Apple Products Multiple Vulnerabilities

19 Sep 2024 3614 Views

Next

Microsoft Monthly Security Update (Jun 2019)

12 Jun 2019 7045 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY