Microsoft has released March Patch Tuesday security updates, addressing a total of 113 vulnerabilities in the family of Windows operating systems and related products. Out of these, 26 are classified as Critical and 86 as Important which includes Office Services and Web Apps, Internet Explorer, Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), Microsoft Exchange Server, Azure DevOps, and ChakraCore.

All of the critical bugs are remote code execution that resides in the Internet Explorer, Scripting engine, LNK files, and the Open Source Software. Microsoft did not report that the bugs being patched were publicly known or under active attack at the time of release.


Amongst the 26 critical vulnerabilities, the memory-corruption vulnerabilities in Microsoft Media Foundation, ChakraCore scripting engine gets the highest attention.

Media Foundation Memory Corruption Vulnerability |CVE-2020-0801|CVE-2020-0807|CVE-2020-0809|CVE-2020-086:

A memory corruption vulnerability exists in the Microsoft Media Foundation while handling objects in memory. These could permit an attacker to gain the ability to install programs, view, change or delete data or create new user accounts on the compromised machine.

A user could trigger this vulnerability by opening a maliciously crafted, document or website page. Attackers are well on the way to attempt to exploit this vulnerability through spam messages with malicious links and attachments.

Scripting Engine Memory Corruption Vulnerability |CVE-2020-0823|CVE-2020-0825|CVE-2020-0826:

A memory corruption vulnerability exists in the way the ChakraCore scripting engine handles objects in memory which leads to remote code execution. In the event of success, an attacker could corrupt the compromised machine’s memory in a manner that would permit them to execute arbitrary code in the context of the current user.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights


Critical Remote Code Execution In Server Message Block 3.1.1 (SMBv3) |ADV200005:

Microsoft unintentionally discloses the details of a new wormable vulnerability in the Microsoft Server Message Block 3.1.1 (SMB) protocol which exists due to an error in the handling of compressed data packets. Although they did not publish any technical detail.

To exploit the vulnerability, an attacker could send a specially crafted packet to the target SMBv3 server and would need to convince a user to connect to a malicious SMBv3 Server they’ve configured. The successful exploitation of this vulnerability opens systems up to a ‘wormable’ attack, which means it would be easy to move from victim to victim.

Possible workarounds and Microsoft’s response is to disable SMBv3 compression using PowerShell command below,

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” DisableCompression -Type DWORD -Value 1 -Force

and block TCP port 445 on firewalls and client computers.


Other Interesting Vulnerability:

LNK Remote Code Execution Vulnerability|CVE-2020-0684:

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a “.LNK” file is processed.

The attacker could present to the user a removable Pendrive, or remote share, that contains a malicious “.LNK” document and a related noxious binary At the point when the user opens this drive(or remote share) in Windows Explorer or other application that parses the.LNK document, the malignant binary will execute the code of the attacker’s decision, on the target machine.

An attacker who effectively exploited this vulnerability could gain similar user rights as the local/administrative user.

VBScript Remote Code Execution Vulnerability |CVE-2020-0847:

A remote code execution vulnerability exists in the manner that the VBScript engine handles objects in memory. The vulnerability could corrupt memory so that an attacker could execute arbitrary code with regards to the current user.

An attacker who effectively exploited the vulnerability could gain similar user rights as the current user. In the event, the current user is signed on with administrative rights, an attacker who effectively exploited the vulnerability could take control of the compromised system. An attacker could then install programs, view, change, or erase information, or make new accounts with full user rights.


Microsoft Security Bulletin Summary for March 2020:

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • ChakraCore
  • Internet Explorer
  • Microsoft Exchange Server
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Azure DevOps
  • Visual Studio
  • Open Source Software
  • Microsoft Dynamics

Product: Microsoft Windows
CVEs/Advisory: ADV200005, CVE-2020-0645, CVE-2020-0684, CVE-2020-0690, CVE-2020-0762, CVE-2020-0763, CVE-2020-0769, CVE-2020-0770, CVE-2020-0771, CVE-2020-0772, CVE-2020-0773, CVE-2020-0774, CVE-2020-0775, CVE-2020-0776, CVE-2020-0777, CVE-2020-0778, CVE-2020-0779, CVE-2020-0780, CVE-2020-0781, CVE-2020-0783, CVE-2020-0785, CVE-2020-0786, CVE-2020-0787, CVE-2020-0788, CVE-2020-0791, CVE-2020-0793, CVE-2020-0797, CVE-2020-0798, CVE-2020-0799, CVE-2020-0800, CVE-2020-0801, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0806, CVE-2020-0807, CVE-2020-0808, CVE-2020-0809, CVE-2020-0810, CVE-2020-0814, CVE-2020-0819, CVE-2020-0820, CVE-2020-0822, CVE-2020-0834, CVE-2020-0840, CVE-2020-0841, CVE-2020-0842, CVE-2020-0843, CVE-2020-0844, CVE-2020-0845, CVE-2020-0849, CVE-2020-0853, CVE-2020-0854, CVE-2020-0857, CVE-2020-0858, CVE-2020-0859, CVE-2020-0860, CVE-2020-0861, CVE-2020-0863, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0867, CVE-2020-0868, CVE-2020-0869, CVE-2020-0871, CVE-2020-0874, CVE-2020-0876, CVE-2020-0877, CVE-2020-0879, CVE-2020-0880, CVE-2020-0881, CVE-2020-0882, CVE-2020-0883, CVE-2020-0885, CVE-2020-0887, CVE-2020-0896, CVE-2020-0897, CVE-2020-0898
Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Tampering
Severity: Critical
KBs: 4538461, 4540670, 4540673, 4540681, 4540689, 4540693, 4540694, 4541505, 4541509, 4541510


Product :Microsoft Edge (EdgeHTML-based)
CVEs/Advisory: CVE-2020-0768, CVE-2020-0811, CVE-2020-0812, CVE-2020-0813, CVE-2020-0816, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0848
Impact: Information Disclosure, Remote Code Execution
Severity: Critical
KBs: 4538461, 4540670, 4540673, 4540681, 4540689, 4540693


Product: ChakraCore
CVEs/Advisory :CVE-2020-0768, CVE-2020-0811, CVE-2020-0812, CVE-2020-0813, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0848
Impact: Information Disclosure, Remote Code Execution
Severity: Critical


Product: Internet Explorer
CVEs/Advisory: CVE-2020-0768, CVE-2020-0824, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0847
Impact: Remote Code Execution
Severity: Critical
KBs: 4540670, 4540671, 4540688, 4540693, 4541509, 4541510


Product: Microsoft Exchange Server
CVEs/Advisory: CVE-2020-0903
Impact: Spoofing
Severity: Important
KBs: 4540123


Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory: CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892
Impact: Information Disclosure, Remote Code Execution
Severity: Critical
KBs: 4475602, 4484237, 4484270


Product: Azure DevOps
CVEs/Advisory: CVE-2020-0700, CVE-2020-0758, CVE-2020-0815
Impact: Elevation of Privilege, Spoofing
Severity: Important


Product: Visual Studio
CVEs/Advisory: CVE-2020-0789, CVE-2020-0793, CVE-2020-0810, CVE-2020-0884
Impact: Denial of Service, Elevation of Privilege, Spoofing
Severity: Important
KBs: 4538032, 4538032


Product: Open Source Software
CVEs/Advisory: CVE-2020-0872
Impact: Remote Code Execution
Severity: Important


Product: Microsoft Dynamics
CVEs/Advisory: CVE-2020-0905
Impact: Remote Code Execution
Severity: Critical
KBs: 4538708, 4538884


SanerNow detects this vulnerability and automatically fixes it by applying security updates. Download SanerNow and keep your systems updated and secure.


Subscribe For Latest Updates

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
Summary
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *