Security News > 2020 > March > Microsoft Patches 115 Vulnerabilities in Windows, Other Products

Microsoft Word RCE A Remote Code Execution vulnerability in Microsoft Word is also covered in today's patch release.

"We start with CVE-2020-0684, a Remote Code Execution vulnerability that exists in Windows 7 through 10 and Windows Server 2008 through 2019. The vulnerability exists in the way Windows processes.LNK files. In order to exploit this vulnerability an attacker would need to trick a victim into clicking on a.LNK file to a remote share or a removable drive that contained malware."

"Notable vulnerabilities include CVE-2020-0833, CVE-2020-0824, and CVE-2020-0847. Despite a heavy February Patch Tuesday, March continues the cadence with triple-digit vulnerabilities and even more critical vulnerabilities."

"Let's start off talking about CVE-2020-0688 from last month - the Microsoft Exchange Validation Key RCE vulnerability. At the time it was published February 11, 2020, the vulnerability had not seen active exploitation. As of March 9, 2020, there were increasing reports of activity happening on unpatched Exchange Servers surrounding this vulnerability. If you hadn't had a chance to take action on that, I would give it a bit of love over the whopping 112 new vulnerabilities brought forth by Microsoft this March 2020 Patch Tuesday. It's worth noting that Metasploit has a module out already to help detect this, as does InsightVM.".

While 112 vulnerabilities is not something to just brush aside, especially given a wide breadth of products and components patched up this month, we do get to enjoy the fact that almost all the vulnerabilities can be remediated simply by patching.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/qb3-gLC8lMs/microsoft-patches-115-vulnerabilities-windows-other-products