⚡ TL;DR | Go Straight to the March 2020 Patch Tuesday Audit Report.
The March 2020 Patch Tuesday updates from Microsoft have arrived. Microsoft released fixes for 115 CVE-numbered security vulnerabilities, 26 of which are classified as critical vulnerabilities. The good news is that none of them under active attack.
The Patch Tuesday of March 2020 is one of the biggest in Microsoft’s history, as the tech giant released fixes for 115 security flaws. Unlike the February 2020 Patch Tuesday madness which included Internet Explorer (IE) zero-day patches, none of the vulnerabilities are listed as being under active attack at the time of release.
One particular RCE hole worth mentioning lies within SMBv3. „An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client,“ says Microsoft. There is no fix available in the Patch Tuesday March 2020 update other than to disable SMBv3 compression for servers.
Among the other critical alerts is CVE-2020-0852, a remote code execution flaw in Word. This Microsoft Word Remote Code Execution vulnerability could be exploited through the preview pane in Outlook, making it a more interesting target for threat actors.
Run the February 2020 Patch Tuesday Audit Report
Similar to previous months, we’ve created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It’s color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible to protect Windows from security risks.
If you haven’t already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday March 2020 Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.
Overview: March 2020 Security Updates
Below is the full list of all vulnerabilities and released advisories in the March 2020 Patch Tuesday updates.
Affected Product | CVE Code | CVE Title | Severity |
---|---|---|---|
Azure | CVE-2020-0902 | Service Fabric Elevation of Privilege | Important |
Azure DevOps | CVE-2020-0758 | Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability | Important |
Azure DevOps | CVE-2020-0815 | Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability | Important |
Azure DevOps | CVE-2020-0700 | Azure DevOps Server Cross-site Scripting Vulnerability | Important |
Internet Explorer | CVE-2020-0824 | Internet Explorer Memory Corruption Vulnerability | Critical |
Microsoft Browsers | CVE-2020-0768 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Dynamics | CVE-2020-0905 | Dynamics Business Central Remote Code Execution Vulnerability | Critical |
Microsoft Edge | CVE-2020-0816 | Microsoft Edge Memory Corruption Vulnerability | Critical |
Microsoft Exchange Server | CVE-2020-0903 | Microsoft Exchange Server Spoofing Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0774 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0788 | Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0791 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0690 | DirectX Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0853 | Windows Imaging Component Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0877 | Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0882 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0883 | GDI+ Remote Code Execution Vulnerability | Critical |
Microsoft Graphics Component | CVE-2020-0881 | GDI+ Remote Code Execution Vulnerability | Critical |
Microsoft Graphics Component | CVE-2020-0880 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0887 | Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0898 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2020-0885 | Windows Graphics Component Information Disclosure Vulnerability | Important |
Microsoft Office | CVE-2020-0850 | Microsoft Word Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2020-0852 | Microsoft Word Remote Code Execution Vulnerability | Critical |
Microsoft Office | CVE-2020-0892 | Microsoft Word Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2020-0851 | Microsoft Word Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2020-0855 | Microsoft Word Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-0795 | Microsoft SharePoint Reflective XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-0891 | Microsoft SharePoint Reflective XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-0893 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2020-0894 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Scripting Engine | CVE-2020-0830 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0829 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0813 | Scripting Engine Information Disclosure Vulnerability | Important |
Microsoft Scripting Engine | CVE-2020-0826 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0827 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0825 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0831 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0847 | VBScript Remote Code Execution Vulnerability | Moderate |
Microsoft Scripting Engine | CVE-2020-0811 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0828 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0848 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0823 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0832 | Scripting Engine Memory Corruption Vulnerability | Moderate |
Microsoft Scripting Engine | CVE-2020-0812 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2020-0833 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Windows | CVE-2020-0897 | Windows Work Folder Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0896 | Windows Hard Link Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0871 | Windows Network Connections Service Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0874 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0876 | Win32k Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0775 | Windows Error Reporting Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0879 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0793 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0776 | Windows Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0869 | Media Foundation Memory Corruption Vulnerability | Critical |
Microsoft Windows | CVE-2020-0861 | Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0863 | Connected User Experiences and Telemetry Service Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0860 | Windows ActiveX Installer Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0857 | Windows Search Indexer Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0858 | Windows Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0865 | Windows Work Folder Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0866 | Windows Work Folder Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0864 | Windows Work Folder Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0820 | Media Foundation Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2020-0819 | Windows Device Setup Manager Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0804 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0779 | Windows Installer Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0802 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0803 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0778 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0809 | Media Foundation Memory Corruption Vulnerability | Critical |
Microsoft Windows | CVE-2020-0810 | Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0807 | Media Foundation Memory Corruption Vulnerability | Critical |
Microsoft Windows | CVE-2020-0808 | Provisioning Runtime Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0797 | Windows Work Folder Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0785 | Windows User Profile Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0786 | Windows Tile Object Service Denial of Service Vulnerability | Important |
Microsoft Windows | CVE-2020-0787 | Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0783 | Windows UPnP Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0800 | Windows Work Folder Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0801 | Media Foundation Memory Corruption Vulnerability | Critical |
Microsoft Windows | CVE-2020-0781 | Windows UPnP Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0780 | Windows Network List Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0777 | Windows Work Folder Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0772 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0849 | Windows Hard Link Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0845 | Windows Network Connections Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0684 | LNK Remote Code Execution Vulnerability | Critical |
Microsoft Windows | CVE-2020-0769 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0771 | Windows CSC Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0841 | Windows Hard Link Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0840 | Windows Hard Link Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0806 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0843 | Windows Installer Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0844 | Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2020-0842 | Windows Installer Elevation of Privilege Vulnerability | Important |
Open Source Software | CVE-2020-0872 | Remote Code Execution Vulnerability in Application Inspector | Important |
Other | CVE-2020-0765 | Remote Desktop Connection Manager Information Disclosure Vulnerability | Moderate |
Visual Studio | CVE-2020-0789 | Visual Studio Extension Installer Service Denial of Service Vulnerability | Important |
Visual Studio | CVE-2020-0884 | Microsoft Visual Studio Spoofing Vulnerability | Important |
Windows Defender | CVE-2020-0763 | Windows Defender Security Center Elevation of Privilege Vulnerability | Important |
Windows Defender | CVE-2020-0762 | Windows Defender Security Center Elevation of Privilege Vulnerability | Important |
Windows Diagnostic Hub | CVE-2020-0854 | Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | Important |
Windows IIS | CVE-2020-0645 | Microsoft IIS Server Tampering Vulnerability | Important |
Windows Installer | CVE-2020-0814 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2020-0773 | Windows ActiveX Installer Service Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2020-0770 | Windows ActiveX Installer Service Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2020-0822 | Windows Language Pack Installer Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2020-0859 | Windows Modules Installer Service Information Disclosure Vulnerability | Important |
Windows Installer | CVE-2020-0868 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2020-0798 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Installer | CVE-2020-0867 | Windows Update Orchestrator Service Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-0834 | Windows ALPC Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2020-0799 | Windows Kernel Elevation of Privilege Vulnerability | Important |