X
Tech
Home Tech Security

Microsoft March 2020 Patch Tuesday fixes 115 vulnerabilities

The March 2020 Patch Tuesday is the largest Patch Tuesday release in Microsoft's history.
Written by Catalin Cimpanu, Contributor

TechRepubli

Microsoft has released today its monthly roll-up of security updates known as Patch Tuesday. This month, the Redmond-based company patched 115 vulnerabilities, marking this month's patches as the biggest in the company's history.

However, despite this month's pretty bulky release, nobody will be talking about it today.

Instead, they'll be busy talking about how a Microsoft snafu leaked details online about a yet-to-be-patched SMBv3 vulnerability, that many experts fear could lead to the creation of another EternalBlue-like exploit.

Nevertheless, this month does have its own security updates. Of the 115 bugs Microsoft patched today, 26 have received a rating of Critical, meaning they're both easy to exploit and will most likely result in a full device compromise if they ever are.

Microsoft Patch Tuesday updates are delivered as a giant package, so once you agree to install this month's patches, you get all fixes, all at once.

However, if there's one vulnerability that's likely to come under attacks by malware developers, then it's, without a doubt, CVE-2020-0684.

This is a bug in Windows LNK shortcut files that allows malware to execute code on a system when a malicious LNK file is processed by the Windows OS.

"The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker's choice, on the target system," Microsoft explained.

Based on Microsoft's description, this bug is a boon for criminal activity, allowing an easy way of planting malware on user devices.

But that's not all that's included with this month's patches. Additional Patch Tuesday information is below, including links to security fixes published by other companies:

Microsoft's official Security Update Guide portal lists all security updates in a filterable table.
ZDNet has also put together this page listing all security updates on one single place.
Additional analysis of today's Patch Tuesday is also available from Cisco Talos, ISC SANS, Tenable, Trend Micro, and Trustwave.
Adobe said there will be no security updates this month.
SAP security updates will be detailed here in the coming days.
VMWare security updates will be detailed here in the coming days.
Google Chrome security updates will be released next Tuesday, March 17.
Firefox security updates were released today.
The Android Security Bulletin for March 2020 is detailed here. Patches started rolling out to users' phones last week.

TagCVE IDCVE Title
Azure CVE-2020-0902 Service Fabric Elevation of Privilege
Azure DevOps CVE-2020-0758 Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability
Azure DevOps CVE-2020-0815 Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability
Azure DevOps CVE-2020-0700 Azure DevOps Server Cross-site Scripting Vulnerability
Internet Explorer CVE-2020-0824 Internet Explorer Memory Corruption Vulnerability
Microsoft Browsers CVE-2020-0768 Scripting Engine Memory Corruption Vulnerability
Microsoft Dynamics CVE-2020-0905 Dynamics Business Central Remote Code Execution Vulnerability
Microsoft Edge CVE-2020-0816 Microsoft Edge Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2020-0903 Microsoft Exchange Server Spoofing Vulnerability
Microsoft Graphics Component CVE-2020-0774 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0788 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0791 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0690 DirectX Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0853 Windows Imaging Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0877 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0882 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0883 GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-0881 GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2020-0880 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2020-0887 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0898 Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2020-0885 Windows Graphics Component Information Disclosure Vulnerability
Microsoft Office CVE-2020-0850 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0852 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0892 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0851 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2020-0855 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2020-0795 Microsoft SharePoint Reflective XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0891 Microsoft SharePoint Reflective XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0893 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2020-0894 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2020-0830 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0829 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0813 Scripting Engine Information Disclosure Vulnerability
Microsoft Scripting Engine CVE-2020-0826 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0827 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0825 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0831 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0847 VBScript Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2020-0811 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0828 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0848 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0823 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0832 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0812 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2020-0833 Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2020-0897 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0896 Windows Hard Link Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0871 Windows Network Connections Service Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0874 Windows GDI Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0876 Win32k Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0775 Windows Error Reporting Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0879 Windows GDI Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0793 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0776 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0869 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2020-0861 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0863 Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0860 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0857 Windows Search Indexer Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0858 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0865 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0866 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0864 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0820 Media Foundation Information Disclosure Vulnerability
Microsoft Windows CVE-2020-0819 Windows Device Setup Manager Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0804 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0779 Windows Installer Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0802 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0803 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0778 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0809 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2020-0810 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0807 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2020-0808 Provisioning Runtime Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0797 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0785 Windows User Profile Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0786 Windows Tile Object Service Denial of Service Vulnerability
Microsoft Windows CVE-2020-0787 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0783 Windows UPnP Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0800 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0801 Media Foundation Memory Corruption Vulnerability
Microsoft Windows CVE-2020-0781 Windows UPnP Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0780 Windows Network List Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0777 Windows Work Folder Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0772 Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0849 Windows Hard Link Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0845 Windows Network Connections Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0684 LNK Remote Code Execution Vulnerability
Microsoft Windows CVE-2020-0769 Windows CSC Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0771 Windows CSC Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0841 Windows Hard Link Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0840 Windows Hard Link Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0806 Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0843 Windows Installer Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0844 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2020-0842 Windows Installer Elevation of Privilege Vulnerability
Open Source Software CVE-2020-0872 Remote Code Execution Vulnerability in Application Inspector
Other CVE-2020-0765 Remote Desktop Connection Manager Information Disclosure Vulnerability
Visual Studio CVE-2020-0789 Visual Studio Extension Installer Service Denial of Service Vulnerability
Visual Studio CVE-2020-0884 Microsoft Visual Studio Spoofing Vulnerability
Windows Defender CVE-2020-0763 Windows Defender Security Center Elevation of Privilege Vulnerability
Windows Defender CVE-2020-0762 Windows Defender Security Center Elevation of Privilege Vulnerability
Windows Diagnostic Hub CVE-2020-0854 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
Windows IIS CVE-2020-0645 Microsoft IIS Server Tampering Vulnerability
Windows Installer CVE-2020-0814 Windows Installer Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0773 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0770 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0822 Windows Language Pack Installer Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0859 Windows Modules Installer Service Information Disclosure Vulnerability
Windows Installer CVE-2020-0868 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0798 Windows Installer Elevation of Privilege Vulnerability
Windows Installer CVE-2020-0867 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0834 Windows ALPC Elevation of Privilege Vulnerability
Windows Kernel CVE-2020-0799 Windows Kernel Elevation of Privilege Vulnerability

The FBI's most wanted cybercriminals

Editorial standards
Show Comments

Related

windows10againgettyimages-491570204

Want to keep getting Windows 10 updates next year? Here's what it will cost

Program like StartAllBack may not be able to run in Windows 11 24H2

Microsoft may try to block third-party customization apps in Windows 11 24H2

stacksocial-windows-11

Upgrade to Windows 11 Pro and Microsoft Office Pro for just $60 right now