Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues affecting Windows, Word, Dynamics Business Central, Edge, and Internet Explorer have been rated as critical severity.
Microsoft’s Patch Tuesday updates for March 2020 also address vulnerability Exchange Server, Office, Azure DevOps, Windows Defender, Visual Studio, and Dynamics.
88 vulnerabilities have been rated as important in severity, and only one as moderate in severity, most of the overall issues fixed by Microsoft (79) affect Windows OS,
The good news is that Microsoft is not aware of attacks in the wild that exploited one of the vulnerabilities patched this month and no one of the issues is listed as being publicly known. Seven of these flaws were reported through the ZDI program.
Let’s give a look at some of the more interesting issues addressed by Microsoft for this month that could be abused by vxers.
CVE-2020-0852 – The flaw is Remote Code Execution Vulnerability that affects Word. The vulnerability could be exploited by attackers by simply tricking victims into viewing a specially crafted file in the Preview Pane. The flaw could allow code execution at the level of the logged-on user.
CVE-2020-0684 – The flaw is a LNK Remote Code Execution Vulnerability that could allow an attacker to create malicious LNK shortcut files that can perform code execution.
“The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary,” reads the advisory published by Microsoft. “When the user opens this drive
Other critical remote code execution vulnerabilities fixed by Microsoft impact Internet Explorer (CVE-2020-0833, CVE-2020-0824), the Edge browser (CVE-2020-0816), and the Chakra scripting engine (CVE-2020-0811).
Additional technical details on the Microsoft’s Patch Tuesday updates for March 2020 are available in the analysis published by
Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them.