Microsoft has released today its monthly roll-up of security updates known as Patch Tuesday. This month, the Redmond-based company patched 115 vulnerabilities, marking this month’s patches as the biggest in the company’s history.
However, despite this month’s pretty bulky release, nobody will be talking about it today.
Instead, they’ll be busy talking about how a Microsoft snafu leaked details online about a yet-to-be-patched SMBv3 vulnerability, that many experts fear could lead to the creation of another EternalBlue-like exploit.
Nevertheless, this month does have its own security updates. Of the 115 bugs Microsoft patched today, 26 have received a rating of Critical, meaning they’re both easy to exploit and will most likely result in a full device compromise if they ever are.
Microsoft Patch Tuesday updates are delivered as a giant package, so once you agree to install this month’s patches, you get all fixes, all at once.
However, if there’s one vulnerability that’s likely to come under attacks by malware developers, then it’s, without a doubt, CVE-2020-0684.
This is a bug in Windows LNK shortcut files that allows malware to execute code on a system when a malicious LNK file is processed by the Windows OS.
“The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system,” Microsoft explained.
Based on Microsoft’s description, this bug is a boon for criminal activity, allowing an easy way of planting malware on user devices.
But that’s not all that’s included with this month’s patches. Additional Patch Tuesday information is below, including links to security fixes published by other companies:
Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
ZDNet has also put together this page listing all security updates on one single place.
Additional analysis of today’s Patch Tuesday is also available from Cisco Talos, ISC SANS, Tenable, Trend Micro, and Trustwave.
Adobe said there will be no security updates this month.
SAP security updates will be detailed here in the coming days.
VMWare security updates will be detailed here in the coming days.
Google Chrome security updates will be released next Tuesday, March 17.
Firefox security updates were released today.
The Android Security Bulletin for March 2020 is detailed here. Patches started rolling out to users’ phones last week.
| Tag | CVE ID | CVE Title |
|---|---|---|
| Azure | CVE-2020-0902 | Service Fabric Elevation of Privilege |
| Azure DevOps | CVE-2020-0758 | Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability |
| Azure DevOps | CVE-2020-0815 | Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability |
| Azure DevOps | CVE-2020-0700 | Azure DevOps Server Cross-site Scripting Vulnerability |
| Internet Explorer | CVE-2020-0824 | Internet Explorer Memory Corruption Vulnerability |
| Microsoft Browsers | CVE-2020-0768 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Dynamics | CVE-2020-0905 | Dynamics Business Central Remote Code Execution Vulnerability |
| Microsoft Edge | CVE-2020-0816 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Exchange Server | CVE-2020-0903 | Microsoft Exchange Server Spoofing Vulnerability |
| Microsoft Graphics Component | CVE-2020-0774 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-0788 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-0791 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-0690 | DirectX Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-0853 | Windows Imaging Component Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-0877 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-0882 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-0883 | GDI+ Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2020-0881 | GDI+ Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2020-0880 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2020-0887 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-0898 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2020-0885 | Windows Graphics Component Information Disclosure Vulnerability |
| Microsoft Office | CVE-2020-0850 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-0852 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-0892 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-0851 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-0855 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2020-0795 | Microsoft SharePoint Reflective XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-0891 | Microsoft SharePoint Reflective XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-0893 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2020-0894 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0830 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0829 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0813 | Scripting Engine Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0826 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0827 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0825 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0831 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0847 | VBScript Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0811 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0828 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0848 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0823 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0832 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0812 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0833 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-0897 | Windows Work Folder Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0896 | Windows Hard Link Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0871 | Windows Network Connections Service Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0874 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0876 | Win32k Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0775 | Windows Error Reporting Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0879 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0793 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0776 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0869 | Media Foundation Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-0861 | Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0863 | Connected User Experiences and Telemetry Service Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0860 | Windows ActiveX Installer Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0857 | Windows Search Indexer Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0858 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0865 | Windows Work Folder Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0866 | Windows Work Folder Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0864 | Windows Work Folder Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0820 | Media Foundation Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2020-0819 | Windows Device Setup Manager Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0804 | Windows Network Connections Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0779 | Windows Installer Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0802 | Windows Network Connections Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0803 | Windows Network Connections Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0778 | Windows Network Connections Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0809 | Media Foundation Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-0810 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0807 | Media Foundation Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-0808 | Provisioning Runtime Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0797 | Windows Work Folder Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0785 | Windows User Profile Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0786 | Windows Tile Object Service Denial of Service Vulnerability |
| Microsoft Windows | CVE-2020-0787 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0783 | Windows UPnP Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0800 | Windows Work Folder Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0801 | Media Foundation Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-0781 | Windows UPnP Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0780 | Windows Network List Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0777 | Windows Work Folder Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0772 | Windows Error Reporting Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0849 | Windows Hard Link Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0845 | Windows Network Connections Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0684 | LNK Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-0769 | Windows CSC Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0771 | Windows CSC Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0841 | Windows Hard Link Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0840 | Windows Hard Link Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0806 | Windows Error Reporting Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0843 | Windows Installer Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0844 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2020-0842 | Windows Installer Elevation of Privilege Vulnerability |
| Open Source Software | CVE-2020-0872 | Remote Code Execution Vulnerability in Application Inspector |
| Other | CVE-2020-0765 | Remote Desktop Connection Manager Information Disclosure Vulnerability |
| Visual Studio | CVE-2020-0789 | Visual Studio Extension Installer Service Denial of Service Vulnerability |
| Visual Studio | CVE-2020-0884 | Microsoft Visual Studio Spoofing Vulnerability |
| Windows Defender | CVE-2020-0763 | Windows Defender Security Center Elevation of Privilege Vulnerability |
| Windows Defender | CVE-2020-0762 | Windows Defender Security Center Elevation of Privilege Vulnerability |
| Windows Diagnostic Hub | CVE-2020-0854 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability |
| Windows IIS | CVE-2020-0645 | Microsoft IIS Server Tampering Vulnerability |
| Windows Installer | CVE-2020-0814 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2020-0773 | Windows ActiveX Installer Service Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2020-0770 | Windows ActiveX Installer Service Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2020-0822 | Windows Language Pack Installer Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2020-0859 | Windows Modules Installer Service Information Disclosure Vulnerability |
| Windows Installer | CVE-2020-0868 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2020-0798 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2020-0867 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-0834 | Windows ALPC Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2020-0799 | Windows Kernel Elevation of Privilege Vulnerability |
