BetaNews: Hacker demonstrates Remote Code Execution exploit for Windows Remote Desktop Gateway

BetaNews: Hacker demonstrates Remote Code Execution exploit for Windows Remote Desktop Gateway. “The exploit takes advantage of the CVE-2020-0609 and CVE-2020-0610 vulnerabilities which have already been shown to make a denial of service attack possible. Now Luca Marcelli has shown how the same vulnerabilities can be exploited in a Remote Code Execution attack.”

Bleeping Computer: Microsoft’s IE Zero-day Fix is Breaking Windows Printing

Bleeping Computer: Microsoft’s IE Zero-day Fix is Breaking Windows Printing. “Unfortunately, the scope of issues being caused by applying this fix is greater than originally thought. Since applying this fix, many users have reported that this fix is also causing printing to fail on HP printers and other USB printers. When users attempt to print they receive I/O errors and the print jobs fail.”

Lifehacker: Block Internet Explorer’s Latest Vulnerability With This Workaround

Lifehacker: Block Internet Explorer’s Latest Vulnerability With This Workaround. “Microsoft disclosed a troublesome vulnerability in Internet Explorer last week, affecting various permutations of Internet Explorer 9, 10, and 11 across Windows 7, 8.1, and Windows 10 (as well as various editions of Windows Server). The bad news is that Microsoft won’t likely patch this problem until February—when the next major batch of security updates hits. Thankfully, there are a few workarounds you can use right now to keep yourself safe from this new remote code execution vulnerability.”

BetaNews: 0patch releases micropatch for Internet Explorer vulnerability — including for Windows 7

BetaNews: 0patch releases micropatch for Internet Explorer vulnerability — including for Windows 7. “At the end of last week, a serious vulnerability was discovered in Internet Explorer, affecting all versions of Windows. Not only is the bug (CVE-2020-0674) being actively exploited, but for Windows 7 users the vulnerability was exposed right after their operating system reached the end of its life. Even for users of newer versions of Windows, and despite the severity of the security flaw, Microsoft said it would not be releasing a patch until February. Stepping in to plug the gap comes 0patch with a free micropatch for all versions of Windows affected by the vulnerability.” Third party patches make me wary (this is not because of 0patch, but just in general) but if you don’t want to wait until February…

The Register: It’s Friday, the weekend has landed… and Microsoft warns of an Internet Explorer zero day exploited in the wild

The Register: It’s Friday, the weekend has landed… and Microsoft warns of an Internet Explorer zero day exploited in the wild. “Microsoft let slip on Friday an advisory detailing an under-attack zero-day vulnerability (CVE-2020-0674) for Internet Explorer. The scripting engine flaw can be exploited to gain remote code execution on a vulnerable machine by way of a specially crafted webpage. The flaw can be mitigated by restricting access to the JavaScript component JScript.dll, and thus far there is no patch available.”

Ars Technica: Firefox gets patch for critical zeroday that’s being actively exploited

Ars Technica: Firefox gets patch for critical zeroday that’s being actively exploited. “Mozilla has released a new version of Firefox that fixes an actively exploited zeroday that could allow attackers to take control of users’ computers. In an advisory, Mozilla rated the vulnerability critical and said it was ‘aware of targeted attacks in the wild abusing this flaw.'”

BetaNews: Google pushes out urgent Chrome update to patch actively exploited zero-day vulnerabilities

BetaNews: Google pushes out urgent Chrome update to patch actively exploited zero-day vulnerabilities. “The Chrome security team says that both vulnerabilities are use-after-free security issues which can be used to exploit arbitrary code. One vulnerability exists in an audio component of the browser, while the other can be found in the PDFium library. The Windows, macOS and Linux versions of Chrome are all affected.”