Microsoft Released a Security Update With The Fixes for 115 Vulnerabilities that Affects Billions of Windows Users

Microsoft released a security update for billion of Windows Users under Patch Tuesday and fixed 115 vulnerabilities that affected various Microsoft products.

The update has issued fixes including several critical vulnerabilities, and the following Microsoft products are getting a patch from this security update.

Microsoft Windows
Microsoft Edge (EdgeHTML-based)
Microsoft Edge (Chromium-based)
ChakraCore
Internet Explorer
Microsoft Exchange Server
Microsoft Office and Microsoft Office Services and Web Apps
Azure DevOps
Windows Defender
Visual Studio
Open Source Software
Azure
Microsoft Dynamics

Out of 115 vulnerabilities, 24 of them marked as “Critical” and 88 bugs are marked as “Important” and the rest of the 3 vulnerabilities are fixed under the “Moderate” severity category.

In the “Critical” severity category, several remote code execution vulnerabilities are fixed including Microsoft Word RCE Vulnerability(CVE-2020-0852) allows attackers to execute a crafted file and gain the current user access.

Another RCE vulnerability (CVE-2020-0824) that affected the Internet Explorer lets a remote attacker gain the admin level access and install malware; view, change, or delete data; or create new accounts with full user rights.

Microsoft also fixed a Microsoft Exchange Server cross-site-scripting (XSS) Vulnerability(CVE-2020-0903 ) let attacker could exploit the vulnerability by sending a specially crafted request to an affected server and allowed them to read content that the attacker is not authorized.

Another LNK Remote Code Execution Vulnerability fixed that allow attackers to trigger it if a .LNK file is processed by removable drive, or remote share, that contains a malicious.LNK file and an associated malicious binary. Successful exploit this bug let attackers gain the same user rights as the local user.

“Critical” Severity Vulnerabilities

Internet Explorer	CVE-2020-0824	Internet Explorer Memory Corruption Vulnerability
Microsoft Browsers	CVE-2020-0768	Scripting Engine Memory Corruption Vulnerability
Microsoft Dynamics	CVE-2020-0905	Dynamics Business Central Remote Code Execution Vulnerability
Microsoft Edge	CVE-2020-0816	Microsoft Edge Memory Corruption Vulnerability
Microsoft Graphics Component	CVE-2020-0883	GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component	CVE-2020-0881	GDI+ Remote Code Execution Vulnerability
Microsoft Office	CVE-2020-0852	Microsoft Word Remote Code Execution Vulnerability
Microsoft Scripting Engine	CVE-2020-0830	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-0829	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-0826	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-0827	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-0825	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-0831	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-0811	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-0828	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-0848	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-0823	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-0812	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2020-0833	Scripting Engine Memory Corruption Vulnerability
Microsoft Windows	CVE-2020-0869	Media Foundation Memory Corruption Vulnerability
Microsoft Windows	CVE-2020-0809	Media Foundation Memory Corruption Vulnerability
Microsoft Windows	CVE-2020-0807	Media Foundation Memory Corruption Vulnerability
Microsoft Windows	CVE-2020-0684	LNK Remote Code Execution Vulnerability
Microsoft Windows	CVE-2020-0801	Media Foundation Memory Corruption Vulnerability

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the March 2020 Patch here.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.