HackDig : Dig high-quality web security articles for hackers

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

2020-03-11 07:35

Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues have been rated as critical severity.

Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues affecting Windows, Word, Dynamics Business Central, Edge, and Internet Explorer have been rated as critical severity.

Microsoft’s Patch Tuesday updates for March 2020 also address vulnerability Exchange Server, Office, Azure DevOps, Windows Defender, Visual Studio, and Dynamics.

88 vulnerabilities have been rated as important in severity, and only one as moderate in severity, most of the overall issues fixed by Microsoft (79) affect Windows OS,

The good news is that Microsoft is not aware of attacks in the wild that exploited one of the vulnerabilities patched this month and no one of the issues is listed as being publicly known. Seven of these flaws were reported through the ZDI program.

Patch Tuesday

Let’s give a look at some of the more interesting issues addressed by Microsoft for this month that could be abused by vxers.

CVE-2020-0852The flaw is Remote Code Execution Vulnerability that affects Word. The vulnerability could be exploited by attackers by simply tricking victims into viewing a specially crafted file in the Preview Pane. The flaw could allow code execution at the level of the logged-on user.

CVE-2020-0684The flaw is a LNK Remote Code Execution Vulnerability that could allow an attacker to create malicious LNK shortcut files that can perform code execution.

“The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary,” reads the advisory published by Microsoft. “When the user opens this drive(or remote share) in Windows Explorer or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice on the target system.”

Other critical remote code execution vulnerabilities fixed by Microsoft impact Internet Explorer (CVE-2020-0833CVE-2020-0824), the Edge browser (CVE-2020-0816), and the Chakra scripting engine (CVE-2020-0811).

Additional technical details on the Microsoft’s Patch Tuesday updates for March 2020 are available in the analysis published by Zero Day Initiative.

Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them.

Pierluigi Paganini

(SecurityAffairs – malware, Patch Tuesday)

The post Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues appeared first on Security Affairs.


Source: lmth.0202-hcram-yadseut-hctap-tfosorcim/ytiruces/85399/sserpdrow/oc.sriaffaytiruces

“Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools

Tag Cloud