This is one of Microsoft’s biggest Patch Tuesday known to date.

Microsoft has released the February 2020 Patch Tuesday security updates. This month’s updates include fixes for a whopping 99 vulnerabilities, making this Microsoft’s biggest Patch Tuesday known to date.

The highlight of this month’s security train represents the fix for CVE-2020-0674, a zero-day vulnerability in Internet Explorer. On January 17, Microsoft disclosed ongoing attacks where hackers were using this IE zero-day, however, at the time, the OS maker could not provide a patch. This patch is now included with this month’s cumulative security updates.

Thus, Microsoft has actively repaired the zero-day vulnerability in Internet Explorer versions 9, 10 and 11. The exploit allows the attacker to call up any code in the context of the user (including the administrator) as a result of the opening a properly prepared web page, using the vulnerability of the script engine.

On top of this patch, there are 98 others, of which, 11 bugs have received a grading of „critical,” the highest available.

Most of the critical bugs are remote code execution and memory corruption bugs in services such as the IE scripting engine, the Remote Desktop Protocol service, LNK files, and the Media Foundation component.

Other than that, there’s nothing really out of the ordinary to highlight. This month, Microsoft’s patches are just bulkier than ever.

However, a few days later Microsoft has removed a standalone security update from its Windows Update servers and enterprise update channels after acknowledging reports of „an issue affecting a sub-set of devices.” After investigating reports of those issues, Microsoft has yanked KB4524244 from its update servers.

The company says it’s „working on an improved version of this update in coordination with our partners and will release it in a future update.”

The security update, KB4524244, was released as part of the normal Patch Tuesday release cycle, and was targeted for all Windows 10 versions via Windows Update. It was intended to address a security vulnerability affecting third-party Unified Extensible Firmware Interface (UEFI) boot managers. A second, related update, KB4502496, which addresses the same issue for Windows 8.x and Windows 10 version 1507, has also been pulled.

In its documentation for the KB4524244 update, Microsoft says its engineers have confirmed at least two known issues:

  • You might encounter issues trying to install or after installing KB4524244.
  • Using the „Reset this PC” feature, also called „Push Button Reset” or PBR, might fail. You might restart into recovery with „Choose an option” at the top of the screen with various options or you might restart to desktop and receive the error „There was a problem resetting your PC.”

In the documentation for KB4502496, Microsoft reports that customers „might encounter issues trying to install or after installing [the update].”

According to reports from users on Microsoft’s support forums, some users encountered problems restarting after the update attempted to install, while others were signed in using a temporary user profile.

For those who are experiencing issues related to this update, Microsoft recommends uninstalling the update.

Patch Tuesday updates are delivered in bulk, so accepting this month’s fixes will automatically install patches for all the 99 security flaws at once.

Additional useful Patch Tuesday information is below:

  • Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
  • ZDNet also put together this page listing all security updates on one single page.
  • Additional analysis of today’s Patch Tuesday is also available from Trend Micro.

In the meantime, TSplus has released a new update to ensure full compatibility with the latest versions of Win 10, Server 2016, Win 8.1 and Server 2012 R2!

The download links are unchanged:

Full setup program:   https://dl-files.com/Setup-TSplus.exe   followed by your Setup program name

Update Release patch:   http://dl-files.com/data/UpdateRelease.exe

Source:

ZDnet

ZDnet