Windows

Microsoft March 2020 Patch Tuesday was yesterday and we are going to be sharing with you a bunch of new security updates that you should be pushing through as soon as possible.

Microsoft has released patches for 115 flaws with Windows with the introduction of the March 2020 security updates. Of those vulnerabilities, 24 are Critical, 88 Significant and 3 Moderate.

It is recommended by microsoft to install these security updates at the earliest opportunity to secure Windows against known security risks.

March 2020 interesting vulnerabilities

Stealing source code with CVE-2020-0872

A malicious actor can use the vulnerability CVE-2020-0872 named “Remote Code Execution Vulnerability in Application Inspector” to try and steal the file source code opened in Application Inspector.

“A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output. An attacker who exploited it could send sections of the report containing code snippets to an external server.

To exploit the vulnerability, an attacker needs to convince a user to run Application Inspector on source code that includes a malicious third-party component.”

Microsoft March 2020 Patch Tuesday. More information can be found here.

Microsoft March 2020 Patch Tuesday – Malicious LNK files and Word documents

Two new vulnerabilities have been patched yesterday which could allow attackers to build specially crafted. LNK files or Word documents which can execute code when opened.

The first vulnerability discovered is CVE-2020-0684, named “LNK Remote Code Execution Vulnerability” which allows an attacker to build malicious LNK files capable of executing code.

The second vulnerability discovered is CVE-2020-0852 and is called “Microsoft Word Remote Code Execution Vulnerability”. This vulnerability will allow an attacker to build malicious Word documents. These attacks can be executed when a user simply opens the document usually via email.

Microsoft March 2020 Patch Tuesday also noted that the vulnerability also works in Outlook’s preview pane!