BetaNews: Microsoft warns that hackers are exploiting two unpatched Windows bugs

BetaNews: Microsoft warns that hackers are exploiting two unpatched Windows bugs. “Microsoft has warned that all versions of Windows feature critical unpatched RCE vulnerabilities. The security problems stem from the Windows Adobe Type Manager Library, and relates to the parsing of fonts.”

Neowin: Google patches Chrome zero-day vulnerability currently being exploited

Neowin: Google patches Chrome zero-day vulnerability currently being exploited. “Google has released an update for Chrome that patches three security bugs, one of which is a zero-day vulnerability that is currently being exploited. The vulnerability, under the identifier CVE-2020-6418, was discovered by Clement Lecigne, a member of Google’s Threat Analysis Group, on February 18.”

BetaNews: Hacker demonstrates Remote Code Execution exploit for Windows Remote Desktop Gateway

BetaNews: Hacker demonstrates Remote Code Execution exploit for Windows Remote Desktop Gateway. “The exploit takes advantage of the CVE-2020-0609 and CVE-2020-0610 vulnerabilities which have already been shown to make a denial of service attack possible. Now Luca Marcelli has shown how the same vulnerabilities can be exploited in a Remote Code Execution attack.”

Bleeping Computer: Microsoft’s IE Zero-day Fix is Breaking Windows Printing

Bleeping Computer: Microsoft’s IE Zero-day Fix is Breaking Windows Printing. “Unfortunately, the scope of issues being caused by applying this fix is greater than originally thought. Since applying this fix, many users have reported that this fix is also causing printing to fail on HP printers and other USB printers. When users attempt to print they receive I/O errors and the print jobs fail.”

Lifehacker: Block Internet Explorer’s Latest Vulnerability With This Workaround

Lifehacker: Block Internet Explorer’s Latest Vulnerability With This Workaround. “Microsoft disclosed a troublesome vulnerability in Internet Explorer last week, affecting various permutations of Internet Explorer 9, 10, and 11 across Windows 7, 8.1, and Windows 10 (as well as various editions of Windows Server). The bad news is that Microsoft won’t likely patch this problem until February—when the next major batch of security updates hits. Thankfully, there are a few workarounds you can use right now to keep yourself safe from this new remote code execution vulnerability.”

BetaNews: 0patch releases micropatch for Internet Explorer vulnerability — including for Windows 7

BetaNews: 0patch releases micropatch for Internet Explorer vulnerability — including for Windows 7. “At the end of last week, a serious vulnerability was discovered in Internet Explorer, affecting all versions of Windows. Not only is the bug (CVE-2020-0674) being actively exploited, but for Windows 7 users the vulnerability was exposed right after their operating system reached the end of its life. Even for users of newer versions of Windows, and despite the severity of the security flaw, Microsoft said it would not be releasing a patch until February. Stepping in to plug the gap comes 0patch with a free micropatch for all versions of Windows affected by the vulnerability.” Third party patches make me wary (this is not because of 0patch, but just in general) but if you don’t want to wait until February…

The Register: It’s Friday, the weekend has landed… and Microsoft warns of an Internet Explorer zero day exploited in the wild

The Register: It’s Friday, the weekend has landed… and Microsoft warns of an Internet Explorer zero day exploited in the wild. “Microsoft let slip on Friday an advisory detailing an under-attack zero-day vulnerability (CVE-2020-0674) for Internet Explorer. The scripting engine flaw can be exploited to gain remote code execution on a vulnerable machine by way of a specially crafted webpage. The flaw can be mitigated by restricting access to the JavaScript component JScript.dll, and thus far there is no patch available.”