← Back to all briefings
Infrastructure 5 min read Published Updated Credibility 73/100

Microsoft February 2020 Patch Tuesday addresses 99 CVEs

Microsoft's February 2020 Patch Tuesday fixed 99 CVEs—a big month. Critical bugs in IE, Remote Desktop, Exchange, and the Windows kernel. Prioritize and deploy.

Kodi C.

Editor & Research Lead

Accuracy-reviewed by the editorial team

Infrastructure pillar illustration for Zeph Tech briefings
Infrastructure supply chain and reliability briefings

On 11 February 2020, Microsoft released February 2020 Patch Tuesday security updates addressing 99 CVEs across Windows operating systems, Office applications, Exchange Server, Internet Explorer, Edge, SQL Server, and developer tooling. Twelve vulnerabilities received Critical severity ratings including scripting engine memory corruption bugs and remote code execution risks in Remote Desktop clients. The release delivered the final fix for CVE-2020-0674, an Internet Explorer vulnerability under active exploitation since January. Organizations must focus on deployment to internet-facing systems and workstations while maintaining systematic patch management across all affected platforms.

Critical Vulnerability Highlights

The February release addresses twelve Critical severity vulnerabilities requiring immediate attention. CVE-2020-0674, the Internet Explorer scripting engine memory corruption vulnerability, had been under active targeted exploitation since early January. Microsoft released Security Advisory ADV200001 acknowledging the vulnerability while patches were in development, making February's release particularly anticipated.

Remote Desktop Client vulnerabilities (CVE-2020-0681 and CVE-2020-0734) could enable remote code execution when users connect to malicious RDP servers. These client-side vulnerabilities differ from typical RDP server attacks and require organizations to consider scenarios where users might connect to untrusted remote systems.

Windows LNK file remote code execution vulnerability (CVE-2020-0729) enables attackers to exploit systems through specially crafted shortcut files. LNK vulnerabilities have historically been weaponized in targeted attacks including the Stuxnet operation, making this vulnerability class particularly concerning.

Media Foundation memory corruption vulnerabilities could enable remote code execution through malicious media files. These vulnerabilities affect video and audio processing components used throughout Windows.

Internet Explorer and Scripting

Beyond CVE-2020-0674, the February release addresses additional scripting engine vulnerabilities in Internet Explorer and the Chakra scripting engine used by legacy Edge. Organizations with significant IE usage for legacy applications should focus on these updates given the ongoing exploitation risk for browser scripting vulnerabilities.

The VBScript engine receives patches for memory corruption vulnerabilities that could enable remote code execution through malicious web content or Office documents. VBScript attacks commonly target legacy enterprise applications and internal web portals.

Edge (HTML) receives the final regular security updates as Microsoft transitions focus to Edge Chromium. If you are affected, plan browser standardization on Edge Chromium or Chrome to reduce legacy browser attack surface.

Windows Kernel and Core Components

Kernel vulnerabilities addressed in February include elevation of privilege issues that could allow attackers achieving initial code execution to escalate to SYSTEM privileges. Kernel exploitation provides attackers with complete system control and ability to bypass security controls.

Graphics Device Interface (GDI) vulnerabilities could enable information disclosure or elevation of privilege through specially crafted images or fonts. GDI vulnerabilities have been exploited in document-based attacks where malicious graphics embedded in Office documents trigger exploitation.

Windows Installer elevation of privilege vulnerabilities could allow local attackers to gain elevated privileges through malicious MSI packages. If you are affected, restrict administrative installation privileges and monitor for suspicious installer activity.

Office and Exchange Server

Microsoft Office receives patches for remote code execution vulnerabilities exploitable through malicious documents. Office document attacks remain the most common vector for initial access in enterprise environments, making Office patching essential for preventing phishing-based compromise.

Excel vulnerabilities enable code execution through specially crafted spreadsheets that exploit formula parsing or macro functionality. If you are affected, maintain macro restrictions while patching underlying vulnerabilities.

Exchange Server vulnerabilities addressed in February include remote code execution and information disclosure issues affecting organizations running on-premises Exchange deployments. Exchange servers represent high-value targets due to their exposure to internet email traffic and access to sensitive communications.

SharePoint Server receives patches for cross-site scripting and information disclosure vulnerabilities that could compromise intranet security. SharePoint often hosts sensitive internal documents and communications requiring protection.

Remote Desktop Services

The February release continues addressing Remote Desktop vulnerabilities following the high-profile BlueKeep (CVE-2019-0708) disclosure in 2019. While February's vulnerabilities are client-side rather than wormable server-side issues, RDP attack surface requires ongoing attention.

Remote Desktop Gateway vulnerabilities could enable remote code execution against gateway servers that provide secure remote access to internal networks. Gateway servers often face internet exposure, making them attractive targets.

Terminal Services and Remote Desktop licensing components receive patches for elevation of privilege and denial of service vulnerabilities affecting remote access infrastructure.

SQL Server and Developer Tools

SQL Server addresses remote code execution vulnerabilities that could be exploited through specially crafted queries or data. Database server compromise provides attackers with access to sensitive application data and potential pivot points for lateral movement.

Visual Studio receives patches for vulnerabilities that could enable code execution through malicious project files or repositories. Developer workstations often have elevated privileges and access to source code requiring protection.

.NET Framework vulnerabilities address denial of service and security feature bypass issues affecting applications built on Microsoft's managed code platform.

Deployment Prioritization Strategy

Internet-facing systems including Exchange servers, Remote Desktop Gateways, and web servers should receive highest patch priority due to direct exposure to external attackers. Active exploitation of CVE-2020-0674 makes IE-capable systems (including servers with IE installed) high priority.

User workstations face continuous exposure through email, web browsing, and document handling. Prioritize workstations of users with elevated privileges or access to sensitive data. Staged deployment enables identification of compatibility issues before broad rollout.

Server systems running Windows Server require patching for kernel and core component vulnerabilities even without browser or Office usage. Include SQL Server and SharePoint systems in deployment planning.

Testing and Validation

Pre-deployment testing should verify application compatibility with security updates. Test line-of-business applications, especially those using IE components, scripting functionality, or kernel-level operations. Exchange and SharePoint environments should receive staged deployment with monitoring for service impacts.

Post-deployment validation should confirm successful installation across the fleet. Vulnerability scanning identifies systems that failed to receive updates. Monitor application logs and user reports for compatibility issues requiring remediation.

Similar analysis

Additional analysis covering similar themes.

Continue in the Infrastructure pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Telecom Modernization Infrastructure Guide

    Modernise telecom infrastructure using 3GPP Release 18 roadmaps, O-RAN Alliance specifications, and ITU broadband benchmarks curated here.

  • Infrastructure Resilience Guide

    Coordinate capacity planning, supply chain, and reliability operations using DOE grid programmes, Uptime Institute benchmarks, and NERC reliability mandates covered here.

  • Edge Resilience Infrastructure Guide

    Engineer resilient edge estates using ETSI MEC standards, DOE grid assessments, and GSMA availability benchmarks documented here.

Coverage intelligence

Published
Coverage pillar
Infrastructure
Source credibility
73/100 — medium confidence
Topics
Patch Tuesday · Windows Security · CVE-2020-0674
Sources cited
3 sources (msrc.microsoft.com, portal.msrc.microsoft.com, iso.org)
Reading time
5 min

Further reading

  1. February 2020 Security Updates — Microsoft
  2. ADV200001 | Guidance on Scripting Engine Memory Corruption Vulnerability — Microsoft
  3. ISO/IEC 27017:2015 — Cloud Service Security Controls — International Organization for Standardization
  • Patch Tuesday
  • Windows Security
  • CVE-2020-0674
Back to curated briefings

Comments

Community

We publish only high-quality, respectful contributions. Every submission is reviewed for clarity, sourcing, and safety before it appears here.

    Share your perspective

    Submissions showing "Awaiting moderation" are in review. Spam, low-effort posts, or unverifiable claims will be rejected. We verify submissions with the email you provide, and we never publish or sell that address.

    Verification

    Complete the CAPTCHA to submit.