Microsoft released a security update for billion of Windows Users under Patch Tuesday and fixed 115 vulnerabilities that affected various Microsoft products.
The update has issued fixes including several critical vulnerabilities, and the following Microsoft products are getting a patch from this security update.
Out of 115 vulnerabilities, 24 of them marked as “Critical” and 88 bugs are marked as “Important” and the rest of the 3 vulnerabilities are fixed under the “Moderate” severity category.
In the “Critical” severity category, several remote code execution vulnerabilities are fixed including Microsoft Word RCE Vulnerability(CVE-2020-0852) allows attackers to execute a crafted file and gain the current user access.
Another RCE vulnerability (CVE-2020-0824) that affected the Internet Explorer lets a remote attacker gain the admin level access and install malware; view, change, or delete data; or create new accounts with full user rights.
Microsoft also fixed a Microsoft Exchange Server cross-site-scripting (XSS) Vulnerability(CVE-2020-0903 ) let attacker could exploit the vulnerability by sending a specially crafted request to an affected server and allowed them to read content that the attacker is not authorized.
Another LNK Remote Code Execution Vulnerability fixed that allow attackers to trigger it if a .LNK file is processed by removable drive, or remote share, that contains a malicious.LNK file and an associated malicious binary. Successful exploit this bug let attackers gain the same user rights as the local user.
| Internet Explorer | CVE-2020-0824 | Internet Explorer Memory Corruption Vulnerability |
| Microsoft Browsers | CVE-2020-0768 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Dynamics | CVE-2020-0905 | Dynamics Business Central Remote Code Execution Vulnerability |
| Microsoft Edge | CVE-2020-0816 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Graphics Component | CVE-2020-0883 | GDI+ Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2020-0881 | GDI+ Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2020-0852 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0830 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0829 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0826 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0827 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0825 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0831 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0811 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0828 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0848 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0823 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0812 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2020-0833 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-0869 | Media Foundation Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-0809 | Media Foundation Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-0807 | Media Foundation Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2020-0684 | LNK Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2020-0801 | Media Foundation Memory Corruption Vulnerability |
Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.
You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the March 2020 Patch here.
The Lotus Blossom hacker group, also known as Spring Dragon, Billbug, or Thrip, has been…
A newly identified malware, dubbed "Squidoor," has emerged as a sophisticated threat targeting government, defense,…
Cyber adversaries have evolved into highly organized and professional entities, mirroring the operational efficiency of…
In Q3 2024, Cofense Intelligence uncovered a targeted spear-phishing campaign aimed at employees working in…
The DragonForce ransomware group has launched a significant cyberattack on critical infrastructure in Saudi Arabia,…
In a concerning development, cybersecurity researchers at Trellix have uncovered a sophisticated malware campaign that…