Patch Tuesday, February 2020 saw patches for 99 vulnerabilities from Microsoft and 42 vulnerabilities from Adobe. One vulnerability from Microsoft is currently under active exploitation in the wild, and five of them are publicly known. None of the Adobe vulnerabilities were disclosed prior to patching.
This bug impacts IE and any applications that rely locally on the Trident rendering engine. Attackers can execute code on an affected system if the user browses maliciously crafted content on a compromised or malicious website, or through an affected application. The only workaround for this vulnerability involves disabling jscript.dll, which breaks a significant amount of functionality on the system. Microsoft rates this vulnerability as critical, and it is being actively exploited in the wild.
Microsoft may have chosen to rate CVE-2020-0688 as only important, but the consequences of this vulnerability are severe. An attacker only has to send a maliciously crafted email to an Exchange server to gain system-level command execution. No other user interaction is required.
While probably not the most conspicuous component of Windows, the Windows Installer could be leveraged to elevate privileges. It became publicly known that two vulnerabilities in Windows Installer existed last month, and this month patches have finally rolled out. Microsoft rates these vulnerabilities as important.
LNK Remote Code Execution
LNK files are processed by the system whenever you connect to a file share or plug in a USB drive. If this sounds familiar, it is because Stuxnet used the same mechanism to propagate. Since a system process is being exploited, the attacker should be able to execute code at a system level, completely compromising a device. Penetration testers have used this technique to compromise air-gapped systems in the past.
Microsoft Remote Desktop
Microsoft Remote Desktop has a critical vulnerability allowing a malicious server to execute code on a client system attempting to connect to it. An attacker exploiting this vulnerability would execute code at a system level, allowing them to completely compromise the client. Microsoft rates this vulnerability as critical and likely for exploitation.