March 2020 Monthly Patch Release

Published on 11 Mar 2020

Updated on 13 Mar 2020

UPDATED as of 13 March 2020: Microsoft released the KB4551762 security update to patch the pre-auth Remote Code Execution (RCE) Windows 10 vulnerability (CVE-2020-0796) found in Microsoft Server Message Block 3.1.1 (SMBv3). Users and system administrators of affected products are advised to apply the security updates immediately.

 

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

Vulnerabilities that have been classified as Critical in severity are listed in the table below.

For the full list of security patches released by Microsoft, please visit https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar

 

CRITICAL VULNERABILITIES

CVE Number

Description

Base Score

Reference

CVE-2020-0796 This vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. Successful exploitation of this vulnerability could allow an attacker to gain the ability to execute code on the target server or client.
To be confirmed
(TBC)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

CVE-2020-0684

This vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0684

CVE-2020-0768

This vulnerability exists in the way that Microsoft browsers access objects in memory. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0768

CVE-2020-0801

This vulnerability exists when Windows Media Foundation improperly handles objects in memory. Successful exploitation of this vulnerability could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0801

CVE-2020-0807

This vulnerability exists when Windows Media Foundation improperly handles objects in memory. Successful exploitation of this vulnerability could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0807

CVE-2020-0809

This vulnerability exists when Windows Media Foundation improperly handles objects in memory. Successful exploitation of this vulnerability could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0809

CVE-2020-0811

This vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L. Successful exploitation of this vulnerabilitiy could allow an attacker to gain the same user rights as the current user and take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0811

CVE-2020-0812

This vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L. Successful exploitation of this vulnerabilitiy could allow an attacker to gain the same user rights as the current user and take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0812

CVE-2020-0816

This vulnerability exists when Microsoft Edge improperly accesses objects in memory. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0816

CVE-2020-0823

This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0823

CVE-2020-0824

This vulnerability exists in the way that the VBScript engine handles objects in memory. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0824

CVE-2020-0825

This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0825

CVE-2020-0826

This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0826

CVE-2020-0827

This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0827

CVE-2020-0828

This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0828

CVE-2020-0829

This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0829

CVE-2020-0830

This vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of these vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0890

CVE-2020-0831

This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0831

CVE-2020-0833

This vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0833

CVE-2020-0848

This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0848

CVE-2020-0852

This vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Successful exploitation of this vulnerability could allow an attacker use a specially crafted file to perform actions in the security context of the current user.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0852

CVE-2020-0869

This vulnerability exists when Windows Media Foundation improperly handles objects in memory. Successful exploitation of this vulnerability could allow an attacker to install programmes; view, change, or delete data; or create new accounts with full user rights.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0869

CVE-2020-0881

Thisvulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. Successful exploitation of the vulnerability could allow an attacker to take control of the affected system.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0881

CVE-2020-0883

This vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0883

CVE-2020-0905

This vulnerability exists in Microsoft Dynamics Business Central. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands on victim's server.

TBC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905