Security News > 2020 > March > Microsoft Patches 115 Vulnerabilities in Windows, Other Products
Microsoft Word RCE A Remote Code Execution vulnerability in Microsoft Word is also covered in today's patch release.
"We start with CVE-2020-0684, a Remote Code Execution vulnerability that exists in Windows 7 through 10 and Windows Server 2008 through 2019. The vulnerability exists in the way Windows processes.LNK files. In order to exploit this vulnerability an attacker would need to trick a victim into clicking on a.LNK file to a remote share or a removable drive that contained malware."
"Notable vulnerabilities include CVE-2020-0833, CVE-2020-0824, and CVE-2020-0847. Despite a heavy February Patch Tuesday, March continues the cadence with triple-digit vulnerabilities and even more critical vulnerabilities."
"Let's start off talking about CVE-2020-0688 from last month - the Microsoft Exchange Validation Key RCE vulnerability. At the time it was published February 11, 2020, the vulnerability had not seen active exploitation. As of March 9, 2020, there were increasing reports of activity happening on unpatched Exchange Servers surrounding this vulnerability. If you hadn't had a chance to take action on that, I would give it a bit of love over the whopping 112 new vulnerabilities brought forth by Microsoft this March 2020 Patch Tuesday. It's worth noting that Metasploit has a module out already to help detect this, as does InsightVM.".
While 112 vulnerabilities is not something to just brush aside, especially given a wide breadth of products and components patched up this month, we do get to enjoy the fact that almost all the vulnerabilities can be remediated simply by patching.
News URL
Related news
- Microsoft asks Windows Insiders to try out the controversial Recall feature (source)
- Microsoft blocks Windows 11 24H2 on some PCs with USB scanners (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft says having a TPM is "non-negotiable" for Windows 11 (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-12 | CVE-2020-0684 | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 8.8 |
| 2020-03-12 | CVE-2020-0824 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11 A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. | 7.5 |
| 2020-03-12 | CVE-2020-0833 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |
| 2020-03-12 | CVE-2020-0847 | Unspecified vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.5 |
| 2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |