Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Blog
  • February 2020 Patch Tuesday current page
Link copied

February 2020 Patch Tuesday

Feb 11, 2020
Author:
400x400 Linkedin X Profile
Phantom Labs™
BeyondTrust
Blog banner default
February 2020 Patch Tuesday
400x400 Linkedin X Profile
Phantom Labs™
BeyondTrust

Patch Tuesday, February 2020 saw patches for 99 vulnerabilities from Microsoft and 42 vulnerabilities from Adobe. One vulnerability from Microsoft is currently under active exploitation in the wild, and five of them are publicly known. None of the Adobe vulnerabilities were disclosed prior to patching.

Scripting Engine

This bug impacts IE and any applications that rely locally on the Trident rendering engine. Attackers can execute code on an affected system if the user browses maliciously crafted content on a compromised or malicious website, or through an affected application. The only workaround for this vulnerability involves disabling jscript.dll, which breaks a significant amount of functionality on the system. Microsoft rates this vulnerability as critical, and it is being actively exploited in the wild.

Microsoft Exchange

Microsoft may have chosen to rate CVE-2020-0688 as only important, but the consequences of this vulnerability are severe. An attacker only has to send a maliciously crafted email to an Exchange server to gain system-level command execution. No other user interaction is required.

Windows Installer

While probably not the most conspicuous component of Windows, the Windows Installer could be leveraged to elevate privileges. It became publicly known that two vulnerabilities in Windows Installer existed last month, and this month patches have finally rolled out. Microsoft rates these vulnerabilities as important.

LNK Remote Code Execution

LNK files are processed by the system whenever you connect to a file share or plug in a USB drive. If this sounds familiar, it is because Stuxnet used the same mechanism to propagate. Since a system process is being exploited, the attacker should be able to execute code at a system level, completely compromising a device. Penetration testers have used this technique to compromise air-gapped systems in the past.

Microsoft Remote Desktop

Microsoft Remote Desktop has a critical vulnerability allowing a malicious server to execute code on a client system attempting to connect to it. An attacker exploiting this vulnerability would execute code at a system level, allowing them to completely compromise the client. Microsoft rates this vulnerability as critical and likely for exploitation.

Latest Posts
  • Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Jun 12, 2026 Hooked on Identity (Part 2): Abusing OAuth Trust Boundaries in Okta
    Blog
    7m
  • Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Jun 9, 2026 Hooked on Identity: Abusing SAML Assertion Inline Hooks in Okta
    Blog
    6m
  • Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Jun 8, 2026 Joining Project Glasswing: Securing the Privilege Backbone of the AI Era
    Blog
    5m
  • The Most Common & Most Dangerous Types of Shadow IT
    Jun 5, 2026 The Most Common & Most Dangerous Types of Shadow IT
    Blog
    19m
  • 14 Password Management Best Practices
    May 28, 2026 14 Password Management Best Practices
    Blog
    12m
Related
  • How to Leverage UX to Defragment Your Security Solution
    Jan 3, 2023 How to Leverage UX to Defragment Your Security Solution
    Blog
    1m
  • Cybersecurity Preparedness in Face of Global Conflict
    Feb 28, 2022 Cybersecurity Preparedness in Face of Global Conflict
    Blog
    1m
Share this Article
  • Link
Stay up to Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.