Microsoft Monthly Security Update (Feb 2020)

September 19, 2024

[Updated on 2024-09-19]

Updated Description, Source and Related Links.

CVE-2020-0618 vulnerability is exploited in the wild. A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.

 

Microsoft has released monthly security update for their products:

 

Vulnerable ProductRisk LevelImpactsNotes
BrowserExtremely High Risk Extremely High RiskInformation Disclosure
Remote Code Execution
Elevation of Privilege		Exploited in the wild:
CVE-2020-0674
DeviceMedium Risk Medium RiskSecurity Restriction Bypass 
Exchange ServerMedium Risk Medium RiskRemote Code Execution
Elevation of Privilege		 
Microsoft OfficeMedium Risk Medium RiskData Manipulation
Remote Code Execution
Spoofing
Security Restriction Bypass		 
SQL ServerExtremely High Risk Extremely High RiskRemote Code ExecutionCVE-2020-0618 is exploited in the wild. A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests. An attacker who successfully exploited this vulnerability could execute code in the context of the Report Server service account.
System CenterMedium Risk Medium RiskElevation of Privilege 
WindowsMedium Risk Medium RiskDenial of Service
Remote Code Execution
Elevation of Privilege
Information Disclosure
Security Restriction Bypass		 

 

Number of ‘Extremely High Risk’ product(s): 2

Number of ‘High Risk’ product(s): 0

Number of ‘Medium Risk’ product(s): 5

Number of ‘Low Risk’ product(s): 0

Evaluation of overall ‘Risk Level’: Extremely High Risk

RISK: Extremely High Risk

Extremely High Risk

TYPE: Operating Systems – Windows OS

TYPE: Windows OS

Impact

  • Denial of Service
  • Remote Code Execution
  • Elevation of Privilege
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing
  • Data Manipulation

System / Technologies affected

  • Browser
  • Device
  • Exchange Server
  • Microsoft Office
  • SQL Server
  • System Center
  • Windows

 

Solutions

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor.

Vulnerability Identifier

Source

Related Link

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

You may have missed

hkcert

Microsoft Monthly Security Update (Feb 2020)

September 19, 2024
hkcert

Microsoft Monthly Security Update (Jun 2019)

September 19, 2024
hkcert

Oracle Products Multiple Vulnerabilities

September 19, 2024
CISA Logo

CISA: New CISA Plan Aligns Federal Agencies in Cyber Defense

September 19, 2024
CISA Logo

CISA: Ivanti Releases Security Update for Cloud Services Appliance

September 19, 2024