February "Tuesday of updates" became the largest for Microsoft for a long time: it was eliminated within its framework almost 100 different bugs, including a 0-day vulnerability in Internet Explorer that was already under attack, and another 11 critical issues.
Let me remind you that back in January 2020, Microsoft reported a zero-day vulnerability in Internet Explorer, which the attackers had already used for "limited targeted attacks." Problem received id CVE-2020-0674 and was associated with a vulnerability in the Firefox browser, which also became known in January. Apparently, the mentioned "limited attacks" were part of a larger hacker campaign, which also included attacks on users of Firefox.
The problem was related to the IE script engine and violation of the integrity of memory information. Exploiting the vulnerability allows an attacker to execute arbitrary code in the context of the current user. To do this, just lure the IE user to a malicious site.
Now that an official patch has been released for CVE-2020-0674, Microsoft reports that the problem was originally detected by Google Analytics Group and Chinese experts from Qihoo 360. While Google did not publish any information about the operation of the bug, Qihoo 360 reports that the problem is using hack band DarkHotel, which many researchers associate with North Korea.
Information about four more vulnerabilities that received patches this month was publicly disclosed before the fixes were released (however, none of these problems was used for attacks): these are two privilege escalation errors in the Windows Installer (CVE-2020-0683 and CVE-2020-0686), bypassing protection in Secure Boot (CVE-2020-0689) and an information disclosure vulnerability in Edge and IE (CVE- 2020-0706)
Most of the critical problems this month are RCE vulnerabilities and bugs related to the violation of the integrity of information in memory. Corrections for such shortcomings were received by the Chakra scripting engine, the Media Foundation component, LNK files, and so on.
Also another issue of remote execution of arbitrary code (CVE-2020-0688) was fixed in Exchange, and it could be exploited using malicious emails.