in

Microsoft March 2020 Patch Tuesday fixes 115 vulnerabilities

Microsoft Windows logo

Microsoft has released today its monthly roll-up of security updates known as Patch Tuesday. This month, the Redmond-based company patched 115 vulnerabilities, marking this month’s patches as the biggest in the company’s history.

However, despite this month’s pretty bulky release, nobody will be talking about it today.

Instead, they’ll be busy talking about how a Microsoft snafu leaked details online about a yet-to-be-patched SMBv3 vulnerability, that many experts fear could lead to the creation of another EternalBlue-like exploit.

Nevertheless, this month does have its own security updates. Of the 115 bugs Microsoft patched today, 26 have received a rating of Critical, meaning they’re both easy to exploit and will most likely result in a full device compromise if they ever are.

Microsoft Patch Tuesday updates are delivered as a giant package, so once you agree to install this month’s patches, you get all fixes, all at once.

However, if there’s one vulnerability that’s likely to come under attacks by malware developers, then it’s, without a doubt, CVE-2020-0684.

This is a bug in Windows LNK shortcut files that allows malware to execute code on a system when a malicious LNK file is processed by the Windows OS.

“The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system,” Microsoft explained.

Based on Microsoft’s description, this bug is a boon for criminal activity, allowing an easy way of planting malware on user devices.

But that’s not all that’s included with this month’s patches. Additional Patch Tuesday information is below, including links to security fixes published by other companies:

Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
ZDNet has also put together this page listing all security updates on one single place.
Additional analysis of today’s Patch Tuesday is also available from Cisco Talos, ISC SANS, Tenable, Trend Micro, and Trustwave.
Adobe said there will be no security updates this month.
SAP security updates will be detailed here in the coming days.
VMWare security updates will be detailed here in the coming days.
Google Chrome security updates will be released next Tuesday, March 17.
Firefox security updates were released today.
The Android Security Bulletin for March 2020 is detailed here. Patches started rolling out to users’ phones last week.

TagCVE IDCVE Title
AzureCVE-2020-0902Service Fabric Elevation of Privilege
Azure DevOpsCVE-2020-0758Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability
Azure DevOpsCVE-2020-0815Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability
Azure DevOpsCVE-2020-0700Azure DevOps Server Cross-site Scripting Vulnerability
Internet ExplorerCVE-2020-0824Internet Explorer Memory Corruption Vulnerability
Microsoft BrowsersCVE-2020-0768Scripting Engine Memory Corruption Vulnerability
Microsoft DynamicsCVE-2020-0905Dynamics Business Central Remote Code Execution Vulnerability
Microsoft EdgeCVE-2020-0816Microsoft Edge Memory Corruption Vulnerability
Microsoft Exchange ServerCVE-2020-0903Microsoft Exchange Server Spoofing Vulnerability
Microsoft Graphics ComponentCVE-2020-0774Windows GDI Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-0788Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-0791Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-0690DirectX Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-0853Windows Imaging Component Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-0877Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-0882Windows GDI Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-0883GDI+ Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-0881GDI+ Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-0880Windows GDI Information Disclosure Vulnerability
Microsoft Graphics ComponentCVE-2020-0887Win32k Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-0898Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics ComponentCVE-2020-0885Windows Graphics Component Information Disclosure Vulnerability
Microsoft OfficeCVE-2020-0850Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-0852Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-0892Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-0851Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-0855Microsoft Word Remote Code Execution Vulnerability
Microsoft Office SharePointCVE-2020-0795Microsoft SharePoint Reflective XSS Vulnerability
Microsoft Office SharePointCVE-2020-0891Microsoft SharePoint Reflective XSS Vulnerability
Microsoft Office SharePointCVE-2020-0893Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2020-0894Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting EngineCVE-2020-0830Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0829Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0813Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting EngineCVE-2020-0826Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0827Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0825Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0831Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0847VBScript Remote Code Execution Vulnerability
Microsoft Scripting EngineCVE-2020-0811Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0828Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0848Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0823Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0832Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0812Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0833Scripting Engine Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-0897Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0896Windows Hard Link Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0871Windows Network Connections Service Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-0874Windows GDI Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-0876Win32k Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-0775Windows Error Reporting Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-0879Windows GDI Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-0793Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0776Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0869Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-0861Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-0863Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-0860Windows ActiveX Installer Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0857Windows Search Indexer Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0858Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0865Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0866Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0864Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0820Media Foundation Information Disclosure Vulnerability
Microsoft WindowsCVE-2020-0819Windows Device Setup Manager Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0804Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0779Windows Installer Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0802Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0803Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0778Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0809Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-0810Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0807Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-0808Provisioning Runtime Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0797Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0785Windows User Profile Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0786Windows Tile Object Service Denial of Service Vulnerability
Microsoft WindowsCVE-2020-0787Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0783Windows UPnP Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0800Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0801Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-0781Windows UPnP Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0780Windows Network List Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0777Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0772Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0849Windows Hard Link Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0845Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0684LNK Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-0769Windows CSC Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0771Windows CSC Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0841Windows Hard Link Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0840Windows Hard Link Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0806Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0843Windows Installer Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0844Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2020-0842Windows Installer Elevation of Privilege Vulnerability
Open Source SoftwareCVE-2020-0872Remote Code Execution Vulnerability in Application Inspector
OtherCVE-2020-0765Remote Desktop Connection Manager Information Disclosure Vulnerability
Visual StudioCVE-2020-0789Visual Studio Extension Installer Service Denial of Service Vulnerability
Visual StudioCVE-2020-0884Microsoft Visual Studio Spoofing Vulnerability
Windows DefenderCVE-2020-0763Windows Defender Security Center Elevation of Privilege Vulnerability
Windows DefenderCVE-2020-0762Windows Defender Security Center Elevation of Privilege Vulnerability
Windows Diagnostic HubCVE-2020-0854Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
Windows IISCVE-2020-0645Microsoft IIS Server Tampering Vulnerability
Windows InstallerCVE-2020-0814Windows Installer Elevation of Privilege Vulnerability
Windows InstallerCVE-2020-0773Windows ActiveX Installer Service Elevation of Privilege Vulnerability
Windows InstallerCVE-2020-0770Windows ActiveX Installer Service Elevation of Privilege Vulnerability
Windows InstallerCVE-2020-0822Windows Language Pack Installer Elevation of Privilege Vulnerability
Windows InstallerCVE-2020-0859Windows Modules Installer Service Information Disclosure Vulnerability
Windows InstallerCVE-2020-0868Windows Update Orchestrator Service Elevation of Privilege Vulnerability
Windows InstallerCVE-2020-0798Windows Installer Elevation of Privilege Vulnerability
Windows InstallerCVE-2020-0867Windows Update Orchestrator Service Elevation of Privilege Vulnerability
Windows KernelCVE-2020-0834Windows ALPC Elevation of Privilege Vulnerability
Windows KernelCVE-2020-0799Windows Kernel Elevation of Privilege Vulnerability


Source: Information Technologies - zdnet.com

Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu

NZ ComCom consulting on calling 111 during power outages on fibre