• February 2020 Patch Tuesday foibles

    Posted on February 11, 2020 at 12:08 CST by Comment in the Forums

    …. and… we’re off.

    The Microsoft Update Catalog lists 151 separate patches. An enormous 99 different CVEs = individual security holes.

    The Knowledge Base article for the Win10 1903 and 1909 patches does NOT list any fixes to the very-buggy “optional non-security C/D Week” patch. I’d be most interested in hearing about the long-standing Win10 1909 File Explorer Search bugs.

    I don’t see a patch for Win7, in spite of the “Stretch”ed black wallpaper fix Preview released last week. No word on whether the manual-download-only fix is still clobbering boot files.

    Dustin Childs’s report for ZDI covers all the bases. Worthy of note:

    • That Internet Explorer JScript vulnerability, CVE 2020-0674, ADV200001 which Microsoft first talked about three weeks ago, is getting fixed. Except not for Win7, apparently, unless you pay for the patch. Microsoft lists it as being under active attack. Apparently it isn’t pressing enough to warrant an out-of-band patch, though, so those of you guarding state secrets and whistleblowers should probably worry about it sooner rather than later. The rest of us? I’ll wait until I see a widespread attack — or 0patch verifies that it’s plugged the problem.
    • The CVE 2020-0674 security hole is the only one listed as “Exploited.”

    Martin Brinkmann just posted his all-inclusive list. Five Win7 security holes that are only patched for Extended Support customers. The same five are fixed for Win8.1. Looks like Win10 versions 1803, 1809, 1903 and 1909 are all getting the same patches.

    Microsoft has released patches for every version of Win10 (except version 1511), back to the original 1507, whether they’re supported or not.

    The “classic” version of Edge is being patched, too, with 7 security holes filled. The Chromium based version of Edge was patched on Feb. 7. I’m surprised – there doesn’t seem to be a definitive statement about it – but it looks like the only fixed security holes in Chredge stem from the underlying Chromium engine.

    There are new Servicing Stack Updates for Win7/Server 2008 R2 and for Server 2008. Wonder if those were re-issued because of the deleted boot files? There’s another SSU for Win10 1903 and 1909.

    I expect we’ll hear much more about a pan-Win10 patch, KB 4524244, Security update for Windows 10, version 1607, 1703, 1709, 1803, 1809, and 1903: February 11, 2020. Childs seems to have missed it, although Brinkmann includes it. The description:

    Addresses an issue in which a third-party Unified Extensible Firmware Interface (UEFI) boot manager might expose UEFI-enabled computers to a security vulnerability.

    Seems very specific to one UEFI boot manager. I wonder which one?

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.