Don't miss a single vulnerability this Patch Tuesday. We'll be compiling all of February 2020's Patch Tuesday releases in one easy-to-read index. Stay tuned in and ready for the latest patches and updates from Microsoft and multiple third-party applications. We track the patches as they became available to the masses and insert all releases into the index below to help ensure you are minimizing your attack surface. We will have a breakdown blog released Wednesday.
Adobe released patches to 35 critical security vulnerabilities, with 21 in Framemaker, 12 in Acrobat and Reader, one in Digital Editions, and one in Flash Player. Mozilla also released updates for Firefox 73, Firefox ESR 68.5, and Thunderbird 68.5. Microsoft released 99 total patches, 12 of which are rated Critical. The lone Microsoft zero-day is an Internet Explorer Scripting Engine Memory Corruption Vulnerability under CVE-2020-0674. Our full patch index from February's Patch Tuesday is below.
Updated Live. Last Update 3:06 PM EST Feb. 11 2020.
 Adobe |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Adobe Framemaker | Arbitrary Code Execution | APSB20-04 | Critical |
| Adobe Acrobat and Reader | Arbitrary Code Execution | APSB20-05 | Critical |
| Adobe Flash Player | Arbitrary Code Execution | APSB20-06 | Critical |
| Adobe Digital Editions | Arbitrary Code Execution and Information Disclosure | APSB20-07 | Critical |
| Adobe Experience Manager | Denial-of-service | APSB20-08 | Important |
 Mozilla Firefox |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Thunderbird 68.5 | Message ID calculation was based on uninitialized data | CVE-2020-6792 | Low |
| Thunderbird 68.5 | Out-of-bounds read when processing certain email messages | CVE-2020-6793 | Medium |
| Thunderbird 68.5 | Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords | CVE-2020-6794 | Medium |
| Thunderbird 68.5 | Crash processing S/MIME messages with multiple signatures | CVE-2020-6795 | Medium |
| Firefox 73 and Firefox ESR 68.5 | Missing bounds check on shared memory read in the parent process | CVE-2020-6796 | High |
| Firefox 73, Firefox ESR 68.5, and Thunderbird 68.5 | Extensions granted downloads.open permission could open arbitrary applications on Mac OSX | CVE-2020-6797 | High |
| Firefox 73, Firefox ESR 68.5, and Thunderbird 68.5 | Incorrect parsing of template tag could result in JavaScript injection | CVE-2020-6798 | Medium |
| Firefox 73 and Firefox ESR 68.5 | Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader | CVE-2020-6799 | Medium |
| Firefox 73, Firefox ESR 68.5, and Thunderbird 68.5 | Memory safety bugs fixed | CVE-2020-6800 | High |
| Firefox 73 | Memory safety bugs fixed | CVE-2020-6801 | High |
 Microsoft |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Microsoft Edge (Chromium-based) | Microsoft Edge based on Chromium | ADV200002 | High |
| SQL Server 2012, 2014, 2016 | Microsoft SQL Server Reporting Services Remote Code Execution | CVE-2020-0618 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Remote Desktop Services Remote Code Execution Vulnerability | CVE-2020-0655 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2020-0657 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Common Log File System Driver Information Disclosure Vulnerability | CVE-2020-0658 | High |
| Windows 10 and Server 2016 and 2019 | Windows Data Sharing Service Elevation of Privilege Vulnerability | CVE-2020-0659 | High |
| Windows 8, 10 and Server 2012, 2016, 2019 | Windows Remote Desktop Protocol Denial of Service Vulnerability | CVE-2020-0660 | High |
| Windows 10 and Server 2016, 2019 | Windows Hyper-V Denial of Service Vulnerability | CVE-2020-0661 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Remote Code Execution Vulnerability | CVE-2020-0662 | Critical |
| Microsoft Edge on Windows 10 | Microsoft Edge Elevation of Privilege Vulnerability | CVE-2020-0663 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Active Directory Elevation of Privilege Vulnerability | CVE-2020-0665 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0666 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0667 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-0668 | High |
| Windows 10 and Server 2019 | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-0669 | High |
| Windows 10 and Server 2016, 2019 | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-0670 | High |
| Windows 10 and Server 2019 | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-0671 | High |
| Windows 10 and Server 2019 | Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-0672 | High |
| Internet Explorer 9, 10, 11 | Scripting Engine Memory Corruption Vulnerability | CVE-2020-0673 | Critical |
| Internet Explorer 9, 10, 11 | Scripting Engine Memory Corruption Vulnerability | CVE-2020-0674 | Critical |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Key Isolation Service Information Disclosure Vulnerability | CVE-2020-0675 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Key Isolation Service Information Disclosure Vulnerability | CVE-2020-0676 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Key Isolation Service Information Disclosure Vulnerability | CVE-2020-0677 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Error Reporting Manager Elevation of Privilege Vulnerability | CVE-2020-0678 | High |
| Windows 8, 10 and Server 2012, 2016, 2019 | Windows Function Discovery Service Elevation of Privilege Vulnerability | CVE-2020-0679 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Function Discovery Service Elevation of Privilege Vulnerability | CVE-2020-0680 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Remote Desktop Client Remote Code Execution Vulnerability | CVE-2020-0681 | Critical |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Function Discovery Service Elevation of Privilege Vulnerability | CVE-2020-0682 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Installer Elevation of Privilege Vulnerability | CVE-2020-0683 | High |
| Windows 10 and Server 2019 | Windows COM Server Elevation of Privilege Vulnerability | CVE-2020-0685 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Installer Elevation of Privilege Vulnerability | CVE-2020-0686 | High |
| Microsoft Exchange Server 2010, 2013, 2016, 2019 | Microsoft Exchange Memory Corruption Vulnerability | CVE-2020-0688 | High |
| Windows 8, 10 and Server 2012, 2016, 2019 | Microsoft Secure Boot Security Feature Bypass Vulnerability | CVE-2020-0689 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Win32k Elevation of Privilege Vulnerability | CVE-2020-0691 | High |
| Microsoft Exchange Server 2013, 2016, 2019 | Microsoft Exchange Server Elevation of Privilege Vulnerability | CVE-2020-0692 | High |
| Microsoft SharePoint Server 2013, 2019 | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-0693 | High |
| Microsoft SharePoint Server 2013, 2019 | Microsoft Office SharePoint XSS Vulnerability | CVE-2020-0694 | High |
| Office Online Server | Microsoft Office Online Server Spoofing Vulnerability | CVE-2020-0695 | High |
| Microsoft Office 2019 and Outlook 2010, 2013, 2016 | Microsoft Outlook Security Feature Bypass Vulnerability | CVE-2020-0696 | High |
| Office 365 ProPlus | Microsoft Office Tampering Vulnerability | CVE-2020-0697 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Information Disclosure Vulnerability | CVE-2020-0698 | High |
| Windows 10 and Server 2019 | Windows Client License Service Elevation of Privilege Vulnerability | CVE-2020-0701 | High |
| Microsoft Surface Hub | Surface Hub Security Feature Bypass Vulnerability | CVE-2020-0702 | High |
| Windows 7, 10 and Server 2008, 2012, 2016, 2019 | Windows Backup Service Elevation of Privilege Vulnerability | CVE-2020-0703 | High |
| Windows 10 and Server 2016, 2019 | Windows Wireless Network Manager Elevation of Privilege Vulnerability | CVE-2020-0704 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability | CVE-2020-0705 | High |
| Internet Explorer 10, 11 and Microsoft Edge | Microsoft Browser Information Disclosure Vulnerability | CVE-2020-0706 | High |
| Windows 8, 10 and Server 2012, 2016, 2019 | Windows IME Elevation of Privilege Vulnerability | CVE-2020-0707 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Imaging Library Remote Code Execution Vulnerability | CVE-2020-0708 | High |
| Windows 10 and Server 2016 | DirectX Elevation of Privilege Vulnerability | CVE-2020-0709 | High |
| Microsoft Edge | Scripting Engine Memory Corruption Vulnerability | CVE-2020-0710 | Critical |
| Microsoft Edge and ChakraCore | Scripting Engine Memory Corruption Vulnerability | CVE-2020-0711 | Critical |
| Microsoft Edge and ChakraCore | Scripting Engine Memory Corruption Vulnerability | CVE-2020-0712 | Critical |
| Microsoft Edge and ChakraCore | Scripting Engine Memory Corruption Vulnerability | CVE-2020-0713 | Critical |
| Windows 10 and Server 2019 | DirectX Information Disclosure Vulnerability | CVE-2020-0714 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Graphics Component Elevation of Privilege Vulnerability | CVE-2020-0715 | High |
| Windows 8, 10 and Server 2012, 2016 | Win32k Information Disclosure Vulnerability | CVE-2020-0716 | High |
| Windows 10 and Server 2019 | Win32k Information Disclosure Vulnerability | CVE-2020-0717 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Win32k Elevation of Privilege Vulnerability | CVE-2020-0719 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Win32k Elevation of Privilege Vulnerability | CVE-2020-0720 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Win32k Elevation of Privilege Vulnerability | CVE-2020-0721 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Win32k Elevation of Privilege Vulnerability | CVE-2020-0722 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Win32k Elevation of Privilege Vulnerability | CVE-2020-0723 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Win32k Elevation of Privilege Vulnerability | CVE-2020-0724 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Win32k Elevation of Privilege Vulnerability | CVE-2020-0725 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Win32k Elevation of Privilege Vulnerability | CVE-2020-0726 | High |
| Windows 10 and Server 2016, 2019 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | CVE-2020-0727 | High |
| Windows 10 and Server 2016, 2019 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | CVE-2020-0728 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | LNK Remote Code Execution Vulnerability | CVE-2020-0729 | Critical |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows User Profile Service Elevation of Privilege Vulnerability | CVE-2020-0730 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016 | Win32k Elevation of Privilege Vulnerability | CVE-2020-0731 | High |
| Windows 10 and Server 2016 | DirectX Elevation of Privilege Vulnerability | CVE-2020-0732 | High |
| Windows Malicious Software Removal Tool | Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability | CVE-2020-0733 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016 | Remote Desktop Client Remote Code Execution Vulnerability | CVE-2020-0734 | Critical |
| Windows 7, 8, 10 and Server 2008, 2012, 2016 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0735 | High |
| Windows 7 and Server 2008 | Windows Kernel Information Disclosure Vulnerability | CVE-2020-0736 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016 | Windows Elevation of Privilege Vulnerability | CVE-2020-0737 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016 | Media Foundation Memory Corruption Vulnerability | CVE-2020-0738 | Critical |
| Windows 10 and Server 2016, 2019 | Windows Elevation of Privilege Vulnerability | CVE-2020-0739 | High |
| Windows 10 and Server 2019 | Connected Devices Platform Service Elevation of Privilege Vulnerability | CVE-2020-0740 | High |
| Windows 10 and Server 2019 | Connected Devices Platform Service Elevation of Privilege Vulnerability | CVE-2020-0741 | High |
| Windows 10 and Server 2016, 2019 | Connected Devices Platform Service Elevation of Privilege Vulnerability | CVE-2020-0742 | High |
| Windows 10 and Server 2016, 2019 | Connected Devices Platform Service Elevation of Privilege Vulnerability | CVE-2020-0743 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows GDI Information Disclosure Vulnerability | CVE-2020-0744 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Graphics Component Elevation of Privilege Vulnerability | CVE-2020-0745 | High |
| Windows 10 and Server 2019 | Microsoft Graphics Components Information Disclosure Vulnerability | CVE-2020-0746 | High |
| Windows 10 and Server 2016, 2019 | Windows Data Sharing Service Elevation of Privilege Vulnerability | CVE-2020-0747 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Key Isolation Service Information Disclosure Vulnerability | CVE-2020-0748 | High |
| Windows 10 and Server 2016, 2019 | Connected Devices Platform Service Elevation of Privilege Vulnerability | CVE-2020-0749 | High |
| Windows 10 and Server 2016, 2019 | Connected Devices Platform Service Elevation of Privilege Vulnerability | CVE-2020-0750 | High |
| Windows 10 | Windows Hyper-V Denial of Service Vulnerability | CVE-2020-0751 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0752 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-0753 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-0754 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Key Isolation Service Information Disclosure Vulnerability | CVE-2020-0755 | High |
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Windows Key Isolation Service Information Disclosure Vulnerability | CVE-2020-0756 | High |
| Windows 10 and Server 2019 | Windows SSH Elevation of Privilege Vulnerability | CVE-2020-0757 | High |
| Microsoft Excel 2010, 2013, 2016 2and Microsoft Office 2016, 2019 | Windows SSH Elevation of Privilege Vulnerability | CVE-2020-0759 | High |
| Microsoft Edge and ChakraCore | Scripting Engine Memory Corruption Vulnerability | CVE-2020-0767 | Critical |
| Windows 10 | Windows Graphics Component Elevation of Privilege Vulnerability | CVE-2020-0792 | High |
About Automox
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.