Perhaps the most noteworthy fix is a patch for a zero-day memory-corruption flaw that has already been exploited. Tracked as CVE-2020-0674 the vulnerability is denoted as critical and allows hackers to take over systems through remote code-execution attacks. Microsoft says the exploit is a remote code execution that gives bad actors the ability to access a system with the same privileges as someone logged in. If that access is on an admin account, the access would be total. “A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” Microsoft said in an advisory. Sticking with browsers, February 2020 Patch Tuesday is something of a milestone. It is the first patch event since Microsoft launched Chromium Edge last month. The company says it has solved 41 vulnerabilities on the new browser. However, these were not bundled in the Patch Tuesday fixes.
Full Patch Log
