This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
02/12/2020
VERT Threat Alert: February 2020 Patch Tuesday Analysis
Tripwire
Today’s VERT Alert addresses Microsoft’s February 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-870 on Wednesday, February 12th.
In-The-Wild & Disclosed CVEs
CVE-2020-0674
A vulnerability exists in the way that Internet Explorer’s scripting engine handles objects in memory. An attacker that successfully exploited this vulnerability would have would have the same access as the currently logged in user. This vulnerability has been publicly exploited.
Microsoft has rated this as a 0 (Exploitation Detected) on the latest software release on the Exploitability Index.
CVE-2020-0683 / CVE-2020-0686
A pair of vulnerabilities exist within the Windows Installer that could allow attackers to add or remove files from a system due to the way that symbolic links are processed within MSI packages. An attacker would need to be logged into the system and have a malicious application designed to target the vulnerability. These vulnerabilities has been publicly disclosed.
Microsoft has rated both CVE-2020-0683 and CVE-2020-0686 as a 2 (Exploitation Less Likely) on the latest software release on the Exploitability Index.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more information
Resources
Your electronic library to help in fighting financial fraud for all of our partners.
more information