Patch Tuesday: Microsoft Security Bulletin Summary for March 2020

Microsoft Patch Tuesday March 2020 has released March Patch Tuesday security updates, addressing a total of 113 vulnerabilities in the family of Windows operating systems and related products. Out of these, 26 are classified as Critical and 86 as Important which includes Office Services and Web Apps, Internet Explorer, Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), Microsoft Exchange Server, Azure DevOps, and ChakraCore. These vulnerabilities can be scanned using a vulnerability scanning tool.

All of the critical bugs are remote code execution that resides in the Internet Explorer, Scripting engine, LNK files, and then Open Source Software. However, Microsoft did not report that the bugs being patched were publicly known or under active attack at the time of release. However, a bug like this can be patched using a patch management tool.

Amongst the 26 critical vulnerabilities, the memory-corruption vulnerabilities in Microsoft Media Foundation and then ChakraCore scripting engine gets the highest attention.

Media Foundation Memory Corruption Vulnerability |CVE-2020-0801|CVE-2020-0807|CVE-2020-0809|CVE-2020-086:

A memory corruption vulnerability exists in the Microsoft Media Foundation while handling objects in memory. These could permit an attacker to gain the ability to install programs, view, change or delete data or create new user accounts on the compromised machine.

A user could trigger this vulnerability by opening a maliciously crafted, document or website page. Attackers are well on the way to attempt to exploit this vulnerability through spam messages with malicious links and attachments.

Scripting Engine Memory Corruption Vulnerability |CVE-2020-0823|CVE-2020-0825|CVE-2020-0826:

A memory corruption vulnerability exists in the way the ChakraCore scripting engine handles objects in memory which leads to remote code execution. In the event of success, an attacker could corrupt the compromised machine’s memory in a manner that would permit them to execute arbitrary code in the context of the current user.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights

Critical Remote Code Execution In Server Message Block 3.1.1 (SMBv3) |ADV200005:

Microsoft unintentionallydiscloses the details of a new wormable vulnerability in the Microsoft Server Message Block 3.1.1 (SMB) protocol which exists due to an error in the handling of compressed data packets. Although they did not publish any technical detail.

To exploit the vulnerability, however an attacker could send a specially crafted packet to the target SMBv3 server and would need to convince a user to connect to a malicious SMBv3 Server they’ve configured. Therefore, the successful exploitation of this vulnerability opens systems up to a ‘wormable’ attack, which means it would be easy to move from victim to victim.

Possible workarounds and Microsoft’s response is to disable SMBv3 compression using PowerShell command below,

and block TCP port 445 on firewalls and client computers.

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a “.LNK” file is processed.

The attacker could present to the user a removable Pendrive, or remote share, that contains a malicious “.LNK” document and a related noxious binary At the point when the user opens this drive(or remote share) in Windows Explorer or other application that parses the.LNK document, the malignant binary will execute the code of the attacker’s decision, on the target machine.

Moreover, an attacker who effectively exploited this vulnerability could gain similar user rights as the local/administrative user.

A remote code execution vulnerability exists in the manner that the VBScript engine handles objects in memory. The vulnerability could corrupt memory so that an attacker could execute arbitrary code with regards to the current user.

An attacker who effectively exploited the vulnerability could gain similar user rights as the current user. In the event, the current user is signed on with administrative rights, an attacker who effectively exploited the vulnerability could take control of the compromised system. An attacker could then install programs, view, change, or erase information, or make new accounts with full user rights.

Microsoft Patch Tuesday March 2020 Security Bulletin Summary:

• Microsoft Windows
• Microsoft Edge (EdgeHTML-based)
• ChakraCore
• Internet Explorer
• Microsoft Exchange Server
• Microsoft Office and Microsoft Office Services and Web Apps
• Azure DevOps
• Visual Studio
• Open Source Software
• Microsoft Dynamics

1. Product: Microsoft WindowsCVEs/Advisory: ADV200005, CVE-2020-0645, CVE-2020-0684, CVE-2020-0690, CVE-2020-0762, CVE-2020-0763, CVE-2020-0769, CVE-2020-0770, CVE-2020-0771, CVE-2020-0772, CVE-2020-0773, CVE-2020-0774, CVE-2020-0775, CVE-2020-0776, CVE-2020-0777, CVE-2020-0778, CVE-2020-0779, CVE-2020-0780, CVE-2020-0781, CVE-2020-0783, CVE-2020-0785, CVE-2020-0786, CVE-2020-0787, CVE-2020-0788, CVE-2020-0791, CVE-2020-0793, CVE-2020-0797, CVE-2020-0798, CVE-2020-0799, CVE-2020-0800, CVE-2020-0801, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0806, CVE-2020-0807, CVE-2020-0808, CVE-2020-0809, CVE-2020-0810, CVE-2020-0814, CVE-2020-0819, CVE-2020-0820, CVE-2020-0822, CVE-2020-0834, CVE-2020-0840, CVE-2020-0841, CVE-2020-0842, CVE-2020-0843, CVE-2020-0844, CVE-2020-0845, CVE-2020-0849, CVE-2020-0853, CVE-2020-0854, CVE-2020-0857, CVE-2020-0858, CVE-2020-0859, CVE-2020-0860, CVE-2020-0861, CVE-2020-0863, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0867, CVE-2020-0868, CVE-2020-0869, CVE-2020-0871, CVE-2020-0874, CVE-2020-0876, CVE-2020-0877, CVE-2020-0879, CVE-2020-0880, CVE-2020-0881, CVE-2020-0882, CVE-2020-0883, CVE-2020-0885, CVE-2020-0887, CVE-2020-0896, CVE-2020-0897 and then CVE-2020-0898Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution and then TamperingSeverity: CriticalKBs: 4538461, 4540670, 4540673, 4540681, 4540689, 4540693, 4540694, 4541505, 4541509 and then 4541510

2. Product :Microsoft Edge (EdgeHTML-based)CVEs/Advisory: CVE-2020-0768, CVE-2020-0811, CVE-2020-0812, CVE-2020-0813, CVE-2020-0816, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831 and then CVE-2020-0848Impact: Information Disclosure and then Remote Code ExecutionSeverity: CriticalKBs: 4538461, 4540670, 4540673, 4540681, 4540689 and then 4540693

3. Product: ChakraCoreCVEs/Advisory :CVE-2020-0768, CVE-2020-0811, CVE-2020-0812, CVE-2020-0813, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831 and then CVE-2020-0848Impact: Information Disclosure and then Remote Code ExecutionSeverity: Critical

4. Product: Internet ExplorerCVEs/Advisory: CVE-2020-0768, CVE-2020-0824, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833 and then CVE-2020-0847Impact: Remote Code ExecutionSeverity: CriticalKBs: 4540670, 4540671, 4540688, 4540693, 4541509 and then 4541510

5. Product: Microsoft Exchange ServerCVEs/Advisory: CVE-2020-0903Impact: SpoofingSeverity: ImportantKBs: 4540123

6. Product: Microsoft Office and Microsoft Office Services and Web AppsCVEs/Advisory: CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855 and then CVE-2020-0892Impact: Information Disclosure and then Remote Code ExecutionSeverity: CriticalKBs: 4475602, 4484237, 4484270

7. Product: Azure DevOpsCVEs/Advisory: CVE-2020-0700, CVE-2020-0758 and then CVE-2020-0815Impact: Elevation of Privilege and then SpoofingSeverity: Important

8. Product: Visual StudioCVEs/Advisory: CVE-2020-0789, CVE-2020-0793, CVE-2020-0810 and then CVE-2020-0884Impact: Denial of Service, Elevation of Privilege and then SpoofingSeverity: ImportantKBs: 4538032, 4538032

9. Product: Open Source SoftwareCVEs/Advisory: CVE-2020-0872Impact: Remote Code ExecutionSeverity: Important

10. Product: Microsoft DynamicsCVEs/Advisory: CVE-2020-0905Impact: Remote Code ExecutionSeverity: CriticalKBs:4538708, 4538884

However, SanerNow detects this vulnerability and automatically fixes it by applying security updates. In conclusion, download SanerNow and keep your systems updated and secure.