BetaNews: Microsoft fixes multiple actively exploited zero-day vulnerabilities as part of Patch Tuesday

BetaNews: Microsoft fixes multiple actively exploited zero-day vulnerabilities as part of Patch Tuesday. “Microsoft’s monthly Patch Tuesday security updates are always important, but the ones released this week are particularly important. Not only do the fixes address numerous zero-day vulnerabilities, but the security flaws they fix were being actively exploited. In all, Microsoft has plugged 113 CVE-numbered vulnerabilities this month. 17 of these are marked as being critical, and 96 as important.”

BetaNews: Microsoft releases emergency patch for critical SMB vulnerability in Windows 10 and Windows Server

BetaNews: Microsoft releases emergency patch for critical SMB vulnerability in Windows 10 and Windows Server. “Earlier this week, Microsoft inadvertently released details of a critical vulnerability in the SMBv3 protocol in Windows 10 and Windows Server. While there was no fix available at the time, the company did provide suggestions about how to mitigate against attacks. With the information out in the wild, Microsoft was under pressure to get a patch released to customers — and now it has managed to produce such a fix.”

Neowin: Google patches Chrome zero-day vulnerability currently being exploited

Neowin: Google patches Chrome zero-day vulnerability currently being exploited. “Google has released an update for Chrome that patches three security bugs, one of which is a zero-day vulnerability that is currently being exploited. The vulnerability, under the identifier CVE-2020-6418, was discovered by Clement Lecigne, a member of Google’s Threat Analysis Group, on February 18.”

BetaNews: Hacker demonstrates Remote Code Execution exploit for Windows Remote Desktop Gateway

BetaNews: Hacker demonstrates Remote Code Execution exploit for Windows Remote Desktop Gateway. “The exploit takes advantage of the CVE-2020-0609 and CVE-2020-0610 vulnerabilities which have already been shown to make a denial of service attack possible. Now Luca Marcelli has shown how the same vulnerabilities can be exploited in a Remote Code Execution attack.”

Bleeping Computer: Microsoft’s IE Zero-day Fix is Breaking Windows Printing

Bleeping Computer: Microsoft’s IE Zero-day Fix is Breaking Windows Printing. “Unfortunately, the scope of issues being caused by applying this fix is greater than originally thought. Since applying this fix, many users have reported that this fix is also causing printing to fail on HP printers and other USB printers. When users attempt to print they receive I/O errors and the print jobs fail.”

Lifehacker: Block Internet Explorer’s Latest Vulnerability With This Workaround

Lifehacker: Block Internet Explorer’s Latest Vulnerability With This Workaround. “Microsoft disclosed a troublesome vulnerability in Internet Explorer last week, affecting various permutations of Internet Explorer 9, 10, and 11 across Windows 7, 8.1, and Windows 10 (as well as various editions of Windows Server). The bad news is that Microsoft won’t likely patch this problem until February—when the next major batch of security updates hits. Thankfully, there are a few workarounds you can use right now to keep yourself safe from this new remote code execution vulnerability.”

BetaNews: 0patch releases micropatch for Internet Explorer vulnerability — including for Windows 7

BetaNews: 0patch releases micropatch for Internet Explorer vulnerability — including for Windows 7. “At the end of last week, a serious vulnerability was discovered in Internet Explorer, affecting all versions of Windows. Not only is the bug (CVE-2020-0674) being actively exploited, but for Windows 7 users the vulnerability was exposed right after their operating system reached the end of its life. Even for users of newer versions of Windows, and despite the severity of the security flaw, Microsoft said it would not be releasing a patch until February. Stepping in to plug the gap comes 0patch with a free micropatch for all versions of Windows affected by the vulnerability.” Third party patches make me wary (this is not because of 0patch, but just in general) but if you don’t want to wait until February…