Microsoft March 2020 Patch Tuesday Security Updates

Microsoft March 2020 Patch Tuesday Security Updates

Microsoft March 2020 Patch Tuesday

Microsoft March 2020 Patch Tuesday was yesterday and we are going to be sharing with you a bunch of new security updates that you should be pushing through as soon as possible.

Microsoft has released patches for 115 flaws with Windows with the introduction of the March 2020 security updates. Of those vulnerabilities, 24 are Critical, 88 Significant and 3 Moderate.

It is recommended by microsoft to install these security updates at the earliest opportunity to secure Windows against known security risks.

March 2020 interesting vulnerabilities

Stealing source code with CVE-2020-0872

A malicious actor can use the vulnerability CVE-2020-0872 named “Remote Code Execution Vulnerability in Application Inspector” to try and steal the file source code opened in Application Inspector.

“A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output. An attacker who exploited it could send sections of the report containing code snippets to an external server.

To exploit the vulnerability, an attacker needs to convince a user to run Application Inspector on source code that includes a malicious third-party component.”

Microsoft March 2020 Patch Tuesday. More information can be found here.

Microsoft March 2020 Patch Tuesday – Malicious LNK files and Word documents

Two new vulnerabilities have been patched yesterday which could allow attackers to build specially crafted. LNK files or Word documents which can execute code when opened.

The first vulnerability discovered is CVE-2020-0684, named “LNK Remote Code Execution Vulnerability” which allows an attacker to build malicious LNK files capable of executing code.

The second vulnerability discovered is CVE-2020-0852 and is called “Microsoft Word Remote Code Execution Vulnerability”. This vulnerability will allow an attacker to build malicious Word documents. These attacks can be executed when a user simply opens the document usually via email.

Microsoft March 2020 Patch Tuesday also noted that the vulnerability also works in Outlook’s preview pane!

March 2020 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the March 2020 Patch Tuesday updates. This list was taken from bleepingcomputer.

Tag CVE ID CVE Title Severity
Azure CVE-2020-0902 Service Fabric Elevation of Privilege Important
Azure DevOps CVE-2020-0758 Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability Important
Azure DevOps CVE-2020-0815 Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability Important
Azure DevOps CVE-2020-0700 Azure DevOps Server Cross-site Scripting Vulnerability Important
Internet Explorer CVE-2020-0824 Internet Explorer Memory Corruption Vulnerability Critical
Microsoft Browsers CVE-2020-0768 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Dynamics CVE-2020-0905 Dynamics Business Central Remote Code Execution Vulnerability Critical
Microsoft Edge CVE-2020-0816 Microsoft Edge Memory Corruption Vulnerability Critical
Microsoft Exchange Server CVE-2020-0903 Microsoft Exchange Server Spoofing Vulnerability Important
Microsoft Graphics Component CVE-2020-0774 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-0788 Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-0791 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-0690 DirectX Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-0853 Windows Imaging Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-0877 Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-0882 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-0883 GDI+ Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2020-0881 GDI+ Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2020-0880 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2020-0887 Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-0898 Windows Graphics Component Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2020-0885 Windows Graphics Component Information Disclosure Vulnerability Important
Microsoft Office CVE-2020-0850 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-0852 Microsoft Word Remote Code Execution Vulnerability Critical
Microsoft Office CVE-2020-0892 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-0851 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office CVE-2020-0855 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2020-0795 Microsoft SharePoint Reflective XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-0891 Microsoft SharePoint Reflective XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-0893 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2020-0894 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Scripting Engine CVE-2020-0830 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0829 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0813 Scripting Engine Information Disclosure Vulnerability Important
Microsoft Scripting Engine CVE-2020-0826 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0827 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0825 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0831 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0847 VBScript Remote Code Execution Vulnerability Moderate
Microsoft Scripting Engine CVE-2020-0811 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0828 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0848 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0823 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0832 Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2020-0812 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2020-0833 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2020-0897 Windows Work Folder Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0896 Windows Hard Link Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0871 Windows Network Connections Service Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-0874 Windows GDI Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-0876 Win32k Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-0775 Windows Error Reporting Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-0879 Windows GDI Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-0793 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0776 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0869 Media Foundation Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2020-0861 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-0863 Connected User Experiences and Telemetry Service Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-0860 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0857 Windows Search Indexer Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0858 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0865 Windows Work Folder Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0866 Windows Work Folder Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0864 Windows Work Folder Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0820 Media Foundation Information Disclosure Vulnerability Important
Microsoft Windows CVE-2020-0819 Windows Device Setup Manager Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0804 Windows Network Connections Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0779 Windows Installer Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0802 Windows Network Connections Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0803 Windows Network Connections Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0778 Windows Network Connections Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0809 Media Foundation Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2020-0810 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0807 Media Foundation Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2020-0808 Provisioning Runtime Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0797 Windows Work Folder Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0785 Windows User Profile Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0786 Windows Tile Object Service Denial of Service Vulnerability Important
Microsoft Windows CVE-2020-0787 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0783 Windows UPnP Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0800 Windows Work Folder Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0801 Media Foundation Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2020-0781 Windows UPnP Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0780 Windows Network List Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0777 Windows Work Folder Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0772 Windows Error Reporting Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0849 Windows Hard Link Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0845 Windows Network Connections Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0684 LNK Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2020-0769 Windows CSC Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0771 Windows CSC Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0841 Windows Hard Link Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0840 Windows Hard Link Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0806 Windows Error Reporting Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0843 Windows Installer Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0844 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2020-0842 Windows Installer Elevation of Privilege Vulnerability Important
Open Source Software CVE-2020-0872 Remote Code Execution Vulnerability in Application Inspector Important
Other CVE-2020-0765 Remote Desktop Connection Manager Information Disclosure Vulnerability Moderate
Visual Studio CVE-2020-0789 Visual Studio Extension Installer Service Denial of Service Vulnerability Important
Visual Studio CVE-2020-0884 Microsoft Visual Studio Spoofing Vulnerability Important
Windows Defender CVE-2020-0763 Windows Defender Security Center Elevation of Privilege Vulnerability Important
Windows Defender CVE-2020-0762 Windows Defender Security Center Elevation of Privilege Vulnerability Important
Windows Diagnostic Hub CVE-2020-0854 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Important
Windows IIS CVE-2020-0645 Microsoft IIS Server Tampering Vulnerability Important
Windows Installer CVE-2020-0814 Windows Installer Elevation of Privilege Vulnerability Important
Windows Installer CVE-2020-0773 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important
Windows Installer CVE-2020-0770 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important
Windows Installer CVE-2020-0822 Windows Language Pack Installer Elevation of Privilege Vulnerability Important
Windows Installer CVE-2020-0859 Windows Modules Installer Service Information Disclosure Vulnerability Important
Windows Installer CVE-2020-0868 Windows Update Orchestrator Service Elevation of Privilege Vulnerability Important
Windows Installer CVE-2020-0798 Windows Installer Elevation of Privilege Vulnerability Important
Windows Installer CVE-2020-0867 Windows Update Orchestrator Service Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-0834 Windows ALPC Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2020-0799 Windows Kernel Elevation of Privilege Vulnerability Important

Check out our Managed IT Services to see how we can help streamline your patch cycle! Microsoft March 2020 Patch Tuesday updates!

Posted on