Lädt...

🕵️ The March 2020 Security Update Review


Nachrichtenbereich: 🕵️ Hacking
🔗 Quelle: thezdi.com

March is upon us, and it brings a bumper crop of security patches from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.

Adobe Patches for March 2020

Oddly, Adobe has released no patches for March. In February, Adobe had multiple releases, so it’s very likely security patches will be released at some point in March. We will update this blog with information should this happen.

Microsoft Patches for March 2020

For March, Microsoft released patches for a massive 115 CVEs covering Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer (IE), Exchange Server, Office and Office Services and Web Apps, Azure DevOps, Windows Defender, Visual Studio, and Open Source Software. Of these 115, 26 are listed as Critical, 88 are listed as Important, and one is listed as Moderate in severity. Seven of these vulnerabilities were reported through the ZDI program. None of the bugs being patched are listed as being publicly known or under active attack at the time of release. The first quarter of 2020 has certainly been a busy one for Microsoft patches. Including today’s patches, there have been 265 patches in the first quarter. It will be interesting to see if this pace continues throughout the year.

Let’s take a closer look at some of the more interesting updates for this month, starting with a bug sure to be a hit with malware authors:

 -       CVE-2020-0852 – Microsoft Word Remote Code Execution Vulnerability
Most code execution bugs in Office products require a user to open a specially crafted file and are thus Important in severity. This Critical-rated Word bug requires no such user interaction. Instead, simply viewing a specially crafted file in the Preview Pane could allow code execution at the level of the logged-on user. Emailing malicious documents is a common tactic for malware and ransomware authors. Having a bug that doesn’t require tricking someone into opening a file will be enticing to them.

-       CVE-2020-0905 – Dynamics Business Central Remote Code Execution Vulnerability
This bug in the business management solution could allow attackers to execute arbitrary shell commands on a target system. Exploitation of this Critical-rated bug won’t be straightforward, as an authenticated attacker would need to convince the target into connecting to a malicious Dynamics Business Central client or elevate permission to System to perform the code execution. Still, considering the target is likely a mission-critical server, you should test and deploy this patch quickly.

-       CVE-2020-0684 – LNK Remote Code Execution Vulnerability
If this looks familiar, it could be because Microsoft released a nearly identical patch for LNK last month (CVE-2020-0729). Back-to-back patches is an indicator of a failed patch, but the lower CVE number for this month’s bug makes me think this is not the case here. Regardless, an attacker could use this vulnerability to get code execution by having an affected system process a specially crafted .LNK file, so leave those sketchy USB drives you found in the parking lot alone.

-       CVE-2020-0872 – Remote Code Execution Vulnerability in Application Inspector
This bug could allow an attacker to execute their code on a target system if they can convince a user to run Application Inspector on code that includes a specially crafted third-party component. Although Microsoft doesn’t list this as being publicly known at the time of release, it appears this was actually fixed in version 1.0.24, which released back in January. It’s not clear why it’s being included in this month’s patch release, but if you use Application Inspector, definitely go grab the new version.

Here’s the full list of CVEs released by Microsoft for March 2020.

CVE Title Severity Public Exploited XI - Latest XI - Older Impact
CVE-2020-0852 Microsoft Word Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0905 Dynamics Business Central Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0684 LNK Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0811 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0812 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0881 GDI+ Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0883 GDI+ Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2020-0801 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-0807 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-0809 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-0869 Media Foundation Memory Corruption Vulnerability Critical No No 2 2 RCE
CVE-2020-0768 Microsoft Browser Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0830 Microsoft Browser Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0816 Microsoft Edge Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0823 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0825 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0826 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0827 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0828 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0829 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0831 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0832 Scripting Engine Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2020-0833 Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2020-0848 Scripting Engine Memory Corruption Vulnerability Critical No No 2 N/A RCE
CVE-2020-0824 VBScript Remote Code Execution Vulnerability Critical No No 1 N/A RCE
CVE-2020-0847 VBScript Remote Code Execution Vulnerability Critical No No 1 1 RCE
CVE-2020-0758 Azure DevOps Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0815 Azure DevOps Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0700 Azure DevOps Server Cross-site Scripting Vulnerability Important No No 2 2 XSS
CVE-2020-0844 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0863 Connected User Experiences and Telemetry Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0793 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0690 DirectX Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0820 Media Foundation Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0762 Microsoft Defender Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0763 Microsoft Defender Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0903 Microsoft Exchange Server Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-0645 Microsoft IIS Server Tampering Vulnerability Important No No 2 2 Tampering
CVE-2020-0893 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-0894 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2020-0795 Microsoft SharePoint Reflective XSS Vulnerability Important No No N/A 2 XSS
CVE-2020-0891 Microsoft SharePoint Reflective XSS Vulnerability Important No No 2 2 XSS
CVE-2020-0884 Microsoft Visual Studio Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2020-0850 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0851 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0855 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0892 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2020-0808 Provisioning Runtime Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0872 Remote Code Execution Vulnerability in Application Inspector Important No No 2 2 RCE
CVE-2020-0813 Scripting Engine Information Disclosure Vulnerability Important No No 2 N/A Info
CVE-2020-0902 Service Fabric Elevation of Privilege Important No No 2 2 EoP
CVE-2020-0789 Visual Studio Extension Installer Service Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2020-0788 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0877 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0887 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2020-0876 Win32k Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0770 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0773 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0860 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0834 Windows ALPC Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0787 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0769 Windows CSC Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0771 Windows CSC Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0819 Windows Device Setup Manager Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0810 Windows Diagnostics Hub Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0776 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0858 Windows Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0772 Windows Error Reporting Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0806 Windows Error Reporting Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0775 Windows Error Reporting Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0774 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0874 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0879 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0880 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0882 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0791 Windows Graphics Component Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0898 Windows Graphics Component Elevation of Privilege Vulnerability Important No No N/A 1 EoP
CVE-2020-0885 Windows Graphics Component Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0840 Windows Hard Link Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0841 Windows Hard Link Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0849 Windows Hard Link Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0896 Windows Hard Link Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0853 Windows Imaging Component Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0779 Windows Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0798 Windows Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0814 Windows Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0842 Windows Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0843 Windows Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0799 Windows Kernel Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0822 Windows Language Pack Installer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0854 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0859 Windows Modules Installer Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0778 Windows Network Connections Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0802 Windows Network Connections Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0803 Windows Network Connections Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0804 Windows Network Connections Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0845 Windows Network Connections Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0871 Windows Network Connections Service Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0861 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2020-0780 Windows Network List Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0857 Windows Search Indexer Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2020-0786 Windows Tile Object Service Denial of Service Vulnerability Important No No 2 2 DoS

🔧 Tìm Hiểu Về RAG: Công Nghệ Đột Phá Đang "Làm Mưa Làm Gió" Trong Thế Giới Chatbot


📈 38.33 Punkte
🔧 Programmierung

🕵️ The March 2020 Security Update Review


📈 20.92 Punkte
🕵️ Hacking

🕵️ Coronavirus-themed attacks March 15 – March 21, 2020


📈 20.2 Punkte
🕵️ Hacking

🕵️ Coronavirus-themed attacks March 22 – March 28, 2020


📈 20.2 Punkte
🕵️ Hacking

🕵️ The March 2019 Security Update Review


📈 18.56 Punkte
🕵️ Hacking

🕵️ The March 2019 Security Update Review


📈 18.56 Punkte
🕵️ Hacking

🕵️ The March 2021 Security Update Review


📈 18.56 Punkte
🕵️ Hacking

🕵️ The March 2022 Security Update Review


📈 18.56 Punkte
🕵️ Hacking

🕵️ The March 2023 Security Update Review


📈 18.56 Punkte
🕵️ Hacking

🕵️ The March 2024 Security Update Review


📈 18.56 Punkte
🕵️ Hacking

📰 BlackBerry Aurora to Be Introduced on March 9, Out on March 16


📈 17.84 Punkte
📰 IT Security Nachrichten

🔧 .NET Framework March 2020 Update for Windows 10 1607 (Anniversary Update) and Windows Server 2016.


📈 15.69 Punkte
🔧 Programmierung

🍏 Mac Studio hit, Studio display miss, and the iPhone SE - Apple's March 2022 in review


📈 14.71 Punkte
🍏 iOS / Mac OS

📰 Cybersecurity Industry News Review: March 7, 2023


📈 14.71 Punkte
📰 IT Security Nachrichten

📰 Cybersecurity Industry News Review – March 14, 2023


📈 14.71 Punkte
📰 IT Security Nachrichten

📰 Cybersecurity Industry News Review – March 21, 2023


📈 14.71 Punkte
📰 IT Security Nachrichten

📰 Cybersecurity Industry News Review – March 28, 2023


📈 14.71 Punkte
📰 IT Security Nachrichten

🍏 Classical music, ChatGPT, and a yellow iPhone -- March 2023 in review


📈 14.71 Punkte
🍏 iOS / Mac OS

🐧 Maemo Leste - Twelfth Update (February and March) 2020


📈 13.48 Punkte
🐧 Linux Tipps

🐧 Librem 5 March 2020 Software Update


📈 13.48 Punkte
🐧 Linux Tipps

📰 Just Security’s Early Edition: March 4, 2020


📈 12.92 Punkte
📰 IT Security Nachrichten

📰 March 2020 security updates are available


📈 12.92 Punkte
📰 IT Security Nachrichten

📰 Microsoft Issues March 2020 Updates to Patch 115 Security Flaws


📈 12.92 Punkte
📰 IT Security Nachrichten

📰 Microsoft Releases the March 2020 Security Updates for Office


📈 12.92 Punkte
📰 IT Security Nachrichten

📰 Apple delivers March 2020 security updates for iDevices and software


📈 12.92 Punkte
📰 IT Security Nachrichten

📰 March 2020 security updates are available


📈 12.92 Punkte
📰 IT Security Nachrichten

📰 March 2020 security updates are available


📈 12.92 Punkte
📰 IT Security Nachrichten

📰 Google Releases Android Security Update (March 7 and 8, 2016)


📈 12.77 Punkte
📰 IT Security Nachrichten

📰 Google Releases Android Security Update (March 7 and 8, 2016)


📈 12.77 Punkte
📰 IT Security Nachrichten

📰 Google Releases March Security Update for Nexus and Pixel Devices


📈 12.77 Punkte
📰 IT Security Nachrichten

📰 BlackBerry Starts Rolling Out March Security Update


📈 12.77 Punkte
📰 IT Security Nachrichten

📰 March Android Security Update Breaks SafetyNet, Android Pay


📈 12.77 Punkte
📰 IT Security Nachrichten

📰 March 2019 Security Update Release


📈 12.77 Punkte
📰 IT Security Nachrichten

matomo