Microsoft Released a Security Update With The Fixes for 115 Vulnerabilities that Affects Billions of Windows Users

Microsoft released a security update for billion of Windows Users under Patch Tuesday and fixed 115 vulnerabilities that affected various Microsoft products.

The update has issued fixes including several critical vulnerabilities, and the following Microsoft products are getting a patch from this security update.

  • Microsoft Windows
  • Microsoft Edge (EdgeHTML-based)
  • Microsoft Edge (Chromium-based)
  • ChakraCore
  • Internet Explorer
  • Microsoft Exchange Server
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Azure DevOps
  • Windows Defender
  • Visual Studio
  • Open Source Software
  • Azure
  • Microsoft Dynamics

Out of 115 vulnerabilities, 24 of them marked as “Critical” and 88 bugs are marked as “Important” and the rest of the 3 vulnerabilities are fixed under the “Moderate” severity category.

In the “Critical” severity category, several remote code execution vulnerabilities are fixed including Microsoft Word RCE Vulnerability(CVE-2020-0852) allows attackers to execute a crafted file and gain the current user access.

Another RCE vulnerability (CVE-2020-0824) that affected the Internet Explorer lets a remote attacker gain the admin level access and install malware; view, change, or delete data; or create new accounts with full user rights.

Microsoft also fixed a Microsoft Exchange Server cross-site-scripting (XSS)  Vulnerability(CVE-2020-0903 ) let attacker could exploit the vulnerability by sending a specially crafted request to an affected server and allowed them to read content that the attacker is not authorized.

Another LNK Remote Code Execution Vulnerability fixed that allow attackers to trigger it if a .LNK file is processed by removable drive, or remote share, that contains a malicious.LNK file and an associated malicious binary. Successful exploit this bug let attackers gain the same user rights as the local user.

“Critical” Severity Vulnerabilities

Internet ExplorerCVE-2020-0824Internet Explorer Memory Corruption Vulnerability
Microsoft BrowsersCVE-2020-0768Scripting Engine Memory Corruption Vulnerability
Microsoft DynamicsCVE-2020-0905Dynamics Business Central Remote Code Execution Vulnerability
Microsoft EdgeCVE-2020-0816Microsoft Edge Memory Corruption Vulnerability
Microsoft Graphics ComponentCVE-2020-0883GDI+ Remote Code Execution Vulnerability
Microsoft Graphics ComponentCVE-2020-0881GDI+ Remote Code Execution Vulnerability
Microsoft OfficeCVE-2020-0852Microsoft Word Remote Code Execution Vulnerability
Microsoft Scripting EngineCVE-2020-0830Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0829Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0826Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0827Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0825Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0831Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0811Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0828Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0848Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0823Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0812Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2020-0833Scripting Engine Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-0869Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-0809Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-0807Media Foundation Memory Corruption Vulnerability
Microsoft WindowsCVE-2020-0684LNK Remote Code Execution Vulnerability
Microsoft WindowsCVE-2020-0801Media Foundation Memory Corruption Vulnerability

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the March 2020 Patch here.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

U.S. Secures Extradition of Rydox Cybercrime Marketplace Admins from Kosovo in Major International Operation

The United States has successfully extradited two Kosovo nationals, Ardit Kutleshi, 26, and Jetmir Kutleshi,…

3 hours ago

Ivanti Fully Patched Connect Secure RCE Vulnerability That Actively Exploited in the Wild

Ivanti has issued an urgent security advisory for CVE-2025-22457, a critical vulnerability impacting Ivanti Connect…

2 days ago

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how…

2 days ago

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational…

2 days ago

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

A sophisticated phishing campaign, dubbed "PoisonSeed," has been identified targeting customer relationship management (CRM) and…

2 days ago

Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials

A surge in phishing text messages claiming unpaid tolls has been linked to a massive…

2 days ago