Patch Tuesday: Microsoft Security Bulletin Summary for March 2020

  • Post author:
  • Reading time:22 mins read

Microsoft Patch Tuesday March 2020 has released March Patch Tuesday security updates, addressing a total of 113 vulnerabilities in the family of Windows operating systems and related products. Out of these, 26 are classified as Critical and 86 as Important which includes Office Services and Web Apps, Internet Explorer, Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), Microsoft Exchange Server, Azure DevOps, and ChakraCore. These vulnerabilities can be scanned using a vulnerability scanning tool.

All of the critical bugs are remote code execution that resides in the Internet Explorer, Scripting engine, LNK files, and then Open Source Software. However, Microsoft did not report that the bugs being patched were publicly known or under active attack at the time of release. However, a bug like this can be patched using a patch management tool.


Amongst the 26 critical vulnerabilities, the memory-corruption vulnerabilities in Microsoft Media Foundation and then ChakraCore scripting engine gets the highest attention.

Media Foundation Memory Corruption Vulnerability |CVE-2020-0801|CVE-2020-0807|CVE-2020-0809|CVE-2020-086:

A memory corruption vulnerability exists in the Microsoft Media Foundation while handling objects in memory. These could permit an attacker to gain the ability to install programs, view, change or delete data or create new user accounts on the compromised machine.

A user could trigger this vulnerability by opening a maliciously crafted, document or website page. Attackers are well on the way to attempt to exploit this vulnerability through spam messages with malicious links and attachments.

Scripting Engine Memory Corruption Vulnerability |CVE-2020-0823|CVE-2020-0825|CVE-2020-0826:

A memory corruption vulnerability exists in the way the ChakraCore scripting engine handles objects in memory which leads to remote code execution. In the event of success, an attacker could corrupt the compromised machine’s memory in a manner that would permit them to execute arbitrary code in the context of the current user.

An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights


Critical Remote Code Execution In Server Message Block 3.1.1 (SMBv3) |ADV200005:

Microsoft unintentionally discloses the details of a new wormable vulnerability in the Microsoft Server Message Block 3.1.1 (SMB) protocol which exists due to an error in the handling of compressed data packets. Although they did not publish any technical detail.

To exploit the vulnerability, however an attacker could send a specially crafted packet to the target SMBv3 server and would need to convince a user to connect to a malicious SMBv3 Server they’ve configured. Therefore, the successful exploitation of this vulnerability opens systems up to a ‘wormable’ attack, which means it would be easy to move from victim to victim.

Possible workarounds and Microsoft’s response is to disable SMBv3 compression using PowerShell command below,

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” DisableCompression -Type DWORD -Value 1 -Force

and block TCP port 445 on firewalls and client computers.


Other Interesting Vulnerability in Microsoft Patch Tuesday March 2020:

LNK Remote Code Execution Vulnerability|CVE-2020-0684:

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a “.LNK” file is processed.

The attacker could present to the user a removable Pendrive, or remote share, that contains a malicious “.LNK” document and a related noxious binary At the point when the user opens this drive(or remote share) in Windows Explorer or other application that parses the.LNK document, the malignant binary will execute the code of the attacker’s decision, on the target machine.

Moreover, an attacker who effectively exploited this vulnerability could gain similar user rights as the local/administrative user.

VBScript Remote Code Execution Vulnerability |CVE-2020-0847:

A remote code execution vulnerability exists in the manner that the VBScript engine handles objects in memory. The vulnerability could corrupt memory so that an attacker could execute arbitrary code with regards to the current user.

An attacker who effectively exploited the vulnerability could gain similar user rights as the current user. In the event, the current user is signed on with administrative rights, an attacker who effectively exploited the vulnerability could take control of the compromised system. An attacker could then install programs, view, change, or erase information, or make new accounts with full user rights.


Microsoft Patch Tuesday March 2020 Security Bulletin Summary:

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • ChakraCore
  • Internet Explorer
  • Microsoft Exchange Server
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Azure DevOps
  • Visual Studio
  • Open Source Software
  • Microsoft Dynamics

  1. Product: Microsoft Windows
    CVEs/Advisory: ADV200005, CVE-2020-0645, CVE-2020-0684, CVE-2020-0690, CVE-2020-0762, CVE-2020-0763, CVE-2020-0769, CVE-2020-0770, CVE-2020-0771, CVE-2020-0772, CVE-2020-0773, CVE-2020-0774, CVE-2020-0775, CVE-2020-0776, CVE-2020-0777, CVE-2020-0778, CVE-2020-0779, CVE-2020-0780, CVE-2020-0781, CVE-2020-0783, CVE-2020-0785, CVE-2020-0786, CVE-2020-0787, CVE-2020-0788, CVE-2020-0791, CVE-2020-0793, CVE-2020-0797, CVE-2020-0798, CVE-2020-0799, CVE-2020-0800, CVE-2020-0801, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0806, CVE-2020-0807, CVE-2020-0808, CVE-2020-0809, CVE-2020-0810, CVE-2020-0814, CVE-2020-0819, CVE-2020-0820, CVE-2020-0822, CVE-2020-0834, CVE-2020-0840, CVE-2020-0841, CVE-2020-0842, CVE-2020-0843, CVE-2020-0844, CVE-2020-0845, CVE-2020-0849, CVE-2020-0853, CVE-2020-0854, CVE-2020-0857, CVE-2020-0858, CVE-2020-0859, CVE-2020-0860, CVE-2020-0861, CVE-2020-0863, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0867, CVE-2020-0868, CVE-2020-0869, CVE-2020-0871, CVE-2020-0874, CVE-2020-0876, CVE-2020-0877, CVE-2020-0879, CVE-2020-0880, CVE-2020-0881, CVE-2020-0882, CVE-2020-0883, CVE-2020-0885, CVE-2020-0887, CVE-2020-0896, CVE-2020-0897 and then CVE-2020-0898
    Impact: Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution and then Tampering
    Severity: Critical
    KBs: 4538461, 4540670, 4540673, 4540681, 4540689, 4540693, 4540694, 4541505, 4541509 and then 4541510

2. Product :Microsoft Edge (EdgeHTML-based)
CVEs/Advisory: CVE-2020-0768, CVE-2020-0811, CVE-2020-0812, CVE-2020-0813, CVE-2020-0816, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831 and then CVE-2020-0848
Impact: Information Disclosure and then Remote Code Execution
Severity: Critical
KBs: 4538461, 4540670, 4540673, 4540681, 4540689 and then 4540693


3. Product: ChakraCore
CVEs/Advisory :CVE-2020-0768, CVE-2020-0811, CVE-2020-0812, CVE-2020-0813, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831 and then CVE-2020-0848
Impact: Information Disclosure and then Remote Code Execution
Severity: Critical


4. Product: Internet Explorer
CVEs/Advisory: CVE-2020-0768, CVE-2020-0824, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833 and then CVE-2020-0847
Impact: Remote Code Execution
Severity: Critical
KBs: 4540670, 4540671, 4540688, 4540693, 4541509 and then 4541510


5. Product: Microsoft Exchange Server
CVEs/Advisory: CVE-2020-0903
Impact: Spoofing
Severity: Important
KBs: 4540123


6. Product: Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory: CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855 and then CVE-2020-0892
Impact: Information Disclosure and then Remote Code Execution
Severity: Critical
KBs: 4475602, 4484237, 4484270


7. Product: Azure DevOps
CVEs/Advisory: CVE-2020-0700, CVE-2020-0758 and then CVE-2020-0815
Impact: Elevation of Privilege and then Spoofing
Severity: Important


8. Product: Visual Studio
CVEs/Advisory: CVE-2020-0789, CVE-2020-0793, CVE-2020-0810 and then CVE-2020-0884
Impact: Denial of Service, Elevation of Privilege and then Spoofing
Severity: Important
KBs: 4538032, 4538032


9. Product: Open Source Software
CVEs/Advisory: CVE-2020-0872
Impact: Remote Code Execution
Severity: Important


10. Product: Microsoft Dynamics
CVEs/Advisory: CVE-2020-0905
Impact: Remote Code Execution
Severity: Critical
KBs: 4538708, 4538884


However, SanerNow detects this vulnerability and automatically fixes it by applying security updates. In conclusion, download SanerNow and keep your systems updated and secure.