Welcome to this February Patch Tuesday Bulletin. This month we have 99 unique CVE’s, 9 technologies with updates, 4 technologies with critical updates, 5 publicly disclosed vulnerabilities, and a zero day vulnerability patched. The big news this month is the IE update that fixes a zero day vulnerability originally described in ADV200001. Take a look at CVE-2020-0674 and make sure that IE is updated. This vulnerability was issued Jan 17th, was known to be actively attacked, and could be exploited by navigating to a maliciously crafted website. Of the 3 additional publicly disclosed vulnerabilities (CVE-2020-0683, CVE-2020-0686, CVE-2020-0689, CVE-2020-0706) pay attention to CVE-2020-0689 which has standalone security updates. Microsoft states “These packages must be installed in addition to the normal security updates to be protected from this vulnerability”. This update fixes a security bypass for secure boot.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.