Security News > 2020 > March > March 2020 Patch Tuesday: Microsoft fixes 115 vulnerabilities, Adobe none

It's March 2020 Patch Tuesday and Microsoft has dropped fixes for 115 CVE-numbered flaws: 26 are critical, 88 important, and one of moderate severity.
For the time being, Adobe seems to be skipping this Patch Tuesday and there's no indication whether the customary security updates are just delayed or there won't be any at all in the coming days.
CVE-2020-0872 is a RCE affecting Microsoft Application Inspector, the recently released source code analyzer that comes in handy for checking open source components for unwanted or risky features.
"To exploit the vulnerability, an attacker needs to convince a user to run Application Inspector on source code that includes a malicious third-party component," Microsoft explained.
Adobe might not have released security updates on this March 2020 Patch Tuesday, but Mozilla released Firefox 74, with TLS 1.0 and TLS 1.1 disabled by default, stricter rules for add-ons, a tool for preventing Facebook from tracking users around the web, and several developer features.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/nbj61tiFMM4/
Related news
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- March 2025 Patch Tuesday forecast: A return to normalcy (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-03-12 | CVE-2020-0872 | Cross-site Scripting vulnerability in Microsoft Application Inspector 1.0.23 A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'. | 9.6 |