Hello, welcome to the Wednesday, February 12, 2020 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Well, the big event today, of course, Microsoft's Patch Tuesday, and with that we got patches for 99 different vulnerabilities.

Tenovitch are rated as critical, 87 as important and two as moderate.

Now the big highlight patch here is sort of for CVE 2020-064. This is the Internet Explorer Day that sort of became

public just a month ago, just a few days after the last patch Tuesday. This is the one where

Microsoft recommended you should disable jScript.dl in order to protect yourself.

Now, got a little bit more details now with the patch.

Apparently, this one affects actually Trident rendering engine in an Explorer, which also, by the way, means that Microsoft Office and so may be vulnerable to this same flaw

if you receive an Office document with some embedded HTML that would then also be rendered

using the Trident rendering engine. So this particular vulnerability has already been exploited in the wild and yes, should definitely be at the top of your patch list.

There are a total of four other vulnerabilities that have already been publicly disclosed.

Two are an elevation of perch bug in Windows installer.

Not really a huge deal, in my opinion.

Also, the security bypass in Secure Boot.

We had quite a few of those.

And there, of course, always a little bit tricky, like a secure boot is supposed to protect you if you're leaving, like, a computer unattended.

And then we have information disclosure bodily in Edge and IE. And Remote Desktop is that protocol is just not going away when it

comes to patch Tuesdays. Now this time we have two vulnerabilities that are remote code execution flaws in the

client component of remote desktop, so not the server.

Typically, to exploit these flaws, an attacker would have to convince you to connect to a malicious

...