Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues affecting Windows, Word, Dynamics Business Central, Edge, and Internet Explorer have been rated as critical severity.
Microsoft’s Patch Tuesday updates for March 2020 also address vulnerability Exchange Server, Office, Azure DevOps, Windows Defender, Visual Studio, and Dynamics.
88 vulnerabilities have been rated as important in severity, and only one as moderate in severity, most of the overall issues fixed by Microsoft (79) affect Windows OS,
The good news is that Microsoft is not aware of attacks in the wild that exploited one of the vulnerabilities patched this month and no one of the issues is listed as being publicly known. Seven of these flaws were reported through the ZDI program.
Let’s give a look at some of the more interesting issues addressed by Microsoft for this month that could be abused by vxers.
CVE-2020-0852 – The flaw is Remote Code Execution Vulnerability that affects Word. The vulnerability could be exploited by attackers by simply tricking victims into viewing a specially crafted file in the Preview Pane. The flaw could allow code execution at the level of the logged-on user.
CVE-2020-0684 – The flaw is a LNK Remote Code Execution Vulnerability that could allow an attacker to create malicious LNK shortcut files that can perform code execution.
“The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary,” reads the advisory published by Microsoft. “When the user opens this drive
Other critical remote code execution vulnerabilities fixed by Microsoft impact Internet Explorer (CVE-2020-0833, CVE-2020-0824), the Edge browser (CVE-2020-0816), and the Chakra scripting engine (CVE-2020-0811).
Additional technical details on the Microsoft’s Patch Tuesday updates for March 2020 are available in the analysis published by
Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.