Microsoft Patch Tuesday March 2020
Microsoft today released patches for a total of 117 vulnerabilities. 25 of these vulnerabilities are rated critical. None of the vulnerabilities had been disclosed before today. Microsoft also has not seen any of them exploited in the wild.
CVE-2020-0684: LNK files are back! Yet again, opening a .lnk file can lead to arbitrary code execution. Similar vulnerabilities have been exploited heavily in the past and this should be a "must patch".
As in most recent patch Tuesdays, a number of different critical remote code execution issues are exploitable via the scripting engine. These are exposed via the web browser.
For important vulnerabilities, we have a number of issues in Office (Word/Excel). These typically require some user interaction beyond just opening the document, and are only rated as "important" as a result.
So in general, there is nothing out of the ordinary in this set of patches. Adobe has so far not released a flash update for today. This update is usually rolled into the Microsoft patch Tuesday.
But wait. what about CVE-2020-0796? Some people noted that Cisco's Talos research lab summary of today's patch Tuesday included a different, CVE-2020-0796, rather serious description: ">CVE-2020-0796 is a remote code execution vulnerability in Microsoft Server Message Block 3.0 (SMBv3). An attacker could exploit this bug by sending a specially crafted packet to the target SMBv3 server, which the victim needs to be connected to. Users are encouraged to disable SMBv3 compression and block TCP port 445 on firewalls and client computers. The exploitation of this vulnerability opens systems up to a “wormable” attack, which means it would be easy to move from victim to victim.". This CVE, however, is assigned to the LNK vulnerability. It may be an early draft that had a preliminary description of the vulnerability. Blocking port 445 on the firewall is probably a good idea either way.
Update: There is now a Microsoft security advisory (ADV200005) about this flaw. It states, that clients, as well as servers, are vulnerable. To exploit the vulnerability, an attacker would send a crafted SMB3 packet to the server or trick the client to connect to a malicious server. At this point, Microsoft recommends to turn off compression on servers. There is no workaround for clients. This vulnerability has no CVE number assigned to it yet. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
March 2020 Security Updates
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
Azure DevOps Server Cross-site Scripting Vulnerability | |||||||
CVE-2020-0700 | No | No | Less Likely | Less Likely | Important | ||
Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability | |||||||
CVE-2020-0758 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-0815 | No | No | - | - | Important | ||
Chakra Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2020-0811 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2020-0812 | No | No | - | - | Critical | 4.2 | 3.8 |
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-0844 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Connected User Experiences and Telemetry Service Information Disclosure Vulnerability | |||||||
CVE-2020-0863 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | |||||||
CVE-2020-0810 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | |||||||
CVE-2020-0793 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
DirectX Elevation of Privilege Vulnerability | |||||||
CVE-2020-0690 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
Dynamics Business Central Remote Code Execution Vulnerability | |||||||
CVE-2020-0905 | No | No | Less Likely | Less Likely | Critical | ||
GDI+ Remote Code Execution Vulnerability | |||||||
CVE-2020-0881 | No | No | Less Likely | Less Likely | Critical | 6.7 | 6.0 |
CVE-2020-0883 | No | No | Less Likely | Less Likely | Critical | 6.7 | 6.0 |
Internet Explorer Memory Corruption Vulnerability | |||||||
CVE-2020-0824 | No | No | - | - | Critical | 6.4 | 5.8 |
LNK Remote Code Execution Vulnerability | |||||||
CVE-2020-0684 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.9 |
Media Foundation Information Disclosure Vulnerability | |||||||
CVE-2020-0820 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Media Foundation Memory Corruption Vulnerability | |||||||
CVE-2020-0801 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
CVE-2020-0807 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
CVE-2020-0809 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
CVE-2020-0869 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
Microsoft Edge Memory Corruption Vulnerability | |||||||
CVE-2020-0816 | No | No | - | - | Critical | 4.2 | 3.8 |
Microsoft Exchange Server Spoofing Vulnerability | |||||||
CVE-2020-0903 | No | No | Less Likely | Less Likely | Important | ||
Microsoft IIS Server Tampering Vulnerability | |||||||
CVE-2020-0645 | No | No | - | - | Important | 7.5 | 6.7 |
Microsoft Office SharePoint XSS Vulnerability | |||||||
CVE-2020-0893 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-0894 | No | No | Less Likely | Less Likely | Important | ||
Microsoft SharePoint Reflective XSS Vulnerability | |||||||
CVE-2020-0795 | No | No | - | - | Important | ||
CVE-2020-0891 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Visual Studio Spoofing Vulnerability | |||||||
CVE-2020-0884 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Word Remote Code Execution Vulnerability | |||||||
CVE-2020-0850 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-0851 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-0852 | No | No | Less Likely | Less Likely | Critical | ||
CVE-2020-0855 | No | No | Less Likely | Less Likely | Important | ||
CVE-2020-0892 | No | No | Less Likely | Less Likely | Important | ||
Provisioning Runtime Elevation of Privilege Vulnerability | |||||||
CVE-2020-0808 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Remote Code Execution Vulnerability in Application Inspector | |||||||
CVE-2020-0872 | No | No | Less Likely | Less Likely | Important | ||
Remote Desktop Connection Manager Information Disclosure Vulnerability | |||||||
CVE-2020-0765 | No | No | Less Likely | Less Likely | Moderate | ||
Scripting Engine Information Disclosure Vulnerability | |||||||
CVE-2020-0813 | No | No | - | - | Important | 4.3 | 3.9 |
Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2020-0768 | No | No | - | - | Critical | 6.4 | 5.8 |
CVE-2020-0823 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2020-0825 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2020-0826 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2020-0827 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2020-0828 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2020-0829 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2020-0830 | No | No | - | - | Critical | 7.5 | 6.7 |
CVE-2020-0831 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2020-0832 | No | No | More Likely | More Likely | Critical | 7.5 | 6.7 |
CVE-2020-0833 | No | No | - | - | Critical | 6.4 | 5.8 |
CVE-2020-0848 | No | No | - | - | Critical | 4.2 | 3.8 |
Service Fabric Elevation of Privilege | |||||||
CVE-2020-0902 | No | No | Less Likely | Less Likely | Important | ||
VBScript Remote Code Execution Vulnerability | |||||||
CVE-2020-0847 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
Visual Studio Extension Installer Service Denial of Service Vulnerability | |||||||
CVE-2020-0789 | No | No | Less Likely | Less Likely | Important | ||
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2020-0788 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
CVE-2020-0877 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2020-0887 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
Win32k Information Disclosure Vulnerability | |||||||
CVE-2020-0876 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows ALPC Elevation of Privilege Vulnerability | |||||||
CVE-2020-0834 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows ActiveX Installer Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-0770 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0773 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0860 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-0787 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows CSC Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-0769 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0771 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Defender Security Center Elevation of Privilege Vulnerability | |||||||
CVE-2020-0762 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0763 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Device Setup Manager Elevation of Privilege Vulnerability | |||||||
CVE-2020-0819 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Elevation of Privilege Vulnerability | |||||||
CVE-2020-0776 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0858 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Error Reporting Elevation of Privilege Vulnerability | |||||||
CVE-2020-0772 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0806 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Error Reporting Information Disclosure Vulnerability | |||||||
CVE-2020-0775 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows GDI Information Disclosure Vulnerability | |||||||
CVE-2020-0774 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
CVE-2020-0874 | No | No | Less Likely | Less Likely | Important | 4.7 | 4.2 |
CVE-2020-0879 | No | No | Less Likely | Less Likely | Important | 4.7 | 4.2 |
CVE-2020-0880 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
CVE-2020-0882 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Graphics Component Elevation of Privilege Vulnerability | |||||||
CVE-2020-0791 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0898 | No | No | - | - | Important | 7.0 | 6.3 |
Windows Graphics Component Information Disclosure Vulnerability | |||||||
CVE-2020-0885 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.9 |
Windows Hard Link Elevation of Privilege Vulnerability | |||||||
CVE-2020-0840 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0841 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0849 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0896 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Imaging Component Information Disclosure Vulnerability | |||||||
CVE-2020-0853 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.9 |
Windows Installer Elevation of Privilege Vulnerability | |||||||
CVE-2020-0779 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2020-0798 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0814 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0842 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0843 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2020-0799 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Language Pack Installer Elevation of Privilege Vulnerability | |||||||
CVE-2020-0822 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | |||||||
CVE-2020-0854 | No | No | Less Likely | Less Likely | Important | 7.1 | 6.4 |
Windows Modules Installer Service Information Disclosure Vulnerability | |||||||
CVE-2020-0859 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Network Connections Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-0778 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2020-0802 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0803 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0804 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0845 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Network Connections Service Information Disclosure Vulnerability | |||||||
CVE-2020-0871 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability | |||||||
CVE-2020-0861 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Network List Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-0780 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Search Indexer Elevation of Privilege Vulnerability | |||||||
CVE-2020-0857 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Tile Object Service Denial of Service Vulnerability | |||||||
CVE-2020-0786 | No | No | Less Likely | Less Likely | Important | 7.1 | 6.4 |
Windows UPnP Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-0781 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2020-0783 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Update Orchestrator Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-0867 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0868 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows User Profile Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-0785 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Work Folder Service Elevation of Privilege Vulnerability | |||||||
CVE-2020-0777 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2020-0797 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0800 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0864 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0865 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0866 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2020-0897 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Comments