Skip to main content

Microsoft Monthly Security Update (Feb 2020)

Last Update Date: 19 Sep 2024 Release Date: 12 Feb 2020 6163 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

[Updated on 2024-09-19]

Updated Description, Source and Related Links.

CVE-2020-0618 vulnerability is exploited in the wild. A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.

 

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserExtremely High Risk Extremely High RiskInformation Disclosure
Remote Code Execution
Elevation of Privilege
Exploited in the wild:
CVE-2020-0674
DeviceMedium Risk Medium RiskSecurity Restriction Bypass 
Exchange ServerMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege
 
Microsoft OfficeMedium Risk Medium RiskData Manipulation
Remote Code Execution
Spoofing
Security Restriction Bypass
 
SQL ServerExtremely High Risk Extremely High RiskRemote Code ExecutionCVE-2020-0618 is exploited in the wild. A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.
System CenterMedium Risk Medium RiskElevation of Privilege 
WindowsMedium Risk Medium RiskDenial of Service
Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Restriction Bypass
 

 

Number of 'Extremely High Risk' product(s): 2

Number of 'High Risk' product(s): 0

Number of 'Medium Risk' product(s): 5

Number of 'Low Risk' product(s): 0

Evaluation of overall 'Risk Level': Extremely High Risk


Impact

  • Denial of Service
  • Remote Code Execution
  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing
  • Data Manipulation

System / Technologies affected

  • Browser
  • Device
  • Exchange Server
  • Microsoft Office
  • SQL Server
  • System Center
  • Windows

 


Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor.

Vulnerability Identifier


Source


Related Link