Security News > 2020 > March > March 2020 Patch Tuesday: Microsoft fixes 115 vulnerabilities, Adobe none
It's March 2020 Patch Tuesday and Microsoft has dropped fixes for 115 CVE-numbered flaws: 26 are critical, 88 important, and one of moderate severity.
For the time being, Adobe seems to be skipping this Patch Tuesday and there's no indication whether the customary security updates are just delayed or there won't be any at all in the coming days.
CVE-2020-0872 is a RCE affecting Microsoft Application Inspector, the recently released source code analyzer that comes in handy for checking open source components for unwanted or risky features.
"To exploit the vulnerability, an attacker needs to convince a user to run Application Inspector on source code that includes a malicious third-party component," Microsoft explained.
Adobe might not have released security updates on this March 2020 Patch Tuesday, but Mozilla released Firefox 74, with TLS 1.0 and TLS 1.1 disabled by default, stricter rules for add-ons, a tool for preventing Facebook from tracking users around the web, and several developer features.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/nbj61tiFMM4/
Related news
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera (source)
- September 2024 Patch Tuesday forecast: Downgrade is the new exploit (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2020-0872 | Cross-site Scripting vulnerability in Microsoft Application Inspector 1.0.23 A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'. | 6.8 |