• Abstract and Figures
• Public Full-text

Advisory Microsoft Patch Tuesday – March 2020 aeCERT One of Telecommunications Regulatory Authority (TRA) Initiatives P O Box 116688, Dubai, United Arab Emirates (UAE) www.aecert.ae | www.tra.gov.ae Version: 1.0 Ref: ADV-19-019 Document Date: 11/03/2020 Document Details Disclaimer Whilst every effort has been made to ensure the accuracy of the information contained within this report, aeCERT and the TRA bear no liability or responsibility for any recommendations issued or inadvertent damages that could be caused by the recipient of this information. Accessing third-party links in this advisory will direct you to an external website. Please note that aeCERT bears no responsibility for third-party website traffic. aeCERT will have no liability to the entities for the content or use of the content available through the hyperlinks that are referenced. Contents Contents 1 Summary 2 Details 2 Recommendations 11 References 11 1 | P a g e Summary aeCERT has received the latest Microsoft security updates that aim to patch recent vulnerabilities discovered in their system. The release has impact on some Microsoft products. In order to protect windows from security risks, users should install latest update as soon as possible. Details Microsoft has released the monthly security update for the month of march. This update discloses many different vulnerabilities from many of Microsoft’s products. This patch is related to 117 vulnerabilities: • 25 of these are considered critical • 91 are also considered important As such, due to the large number of critical and important vulnerabilities, this patch is very critical. These are the vulnerabilities, as well as their severities. Tag CVE ID CVE Title Severity Service Fabric Elevation Azure CVE-2020-0902 Important of Privilege Azure DevOps Server and Team Foundation Azure DevOps CVE-2020-0758 Important Services Elevation of Privilege Vulnerability Azure DevOps Server and Team Foundation Azure DevOps CVE-2020-0815 Important Services Elevation of Privilege Vulnerability Azure DevOps Server Azure DevOps CVE-2020-0700 Cross-site Scripting Important Vulnerability Internet Explorer Internet Explorer CVE-2020-0824 Memory Corruption Critical Vulnerability Scripting Engine Microsoft Browsers CVE-2020-0768 Memory Corruption Critical Vulnerability 2 | P a g e Dynamics Business Microsoft Dynamics CVE-2020-0905 Central Remote Code Critical Execution Vulnerability Microsoft Edge Memory Microsoft Edge CVE-2020-0816 Corruption Vulnerability Critical Microsoft Exchange Microsoft Exchange CVE-2020-0903 Server Spoofing Important Server Vulnerability Windows GDI Microsoft Graphics CVE-2020-0774 Information Disclosure Important Component Vulnerability Microsoft Graphics Win32k Elevation of CVE-2020-0788 Important Component Privilege Vulnerability Windows Graphics Microsoft Graphics CVE-2020-0791 Component Elevation of Important Component Privilege Vulnerability Microsoft Graphics DirectX Elevation of CVE-2020-0690 Important Component Privilege Vulnerability Windows Imaging Microsoft Graphics CVE-2020-0853 Component Information Important Component Disclosure Vulnerability Microsoft Graphics Win32k Elevation of CVE-2020-0877 Important Component Privilege Vulnerability Windows GDI Microsoft Graphics CVE-2020-0882 Information Disclosure Important Component Vulnerability Microsoft Graphics GDI+ Remote Code CVE-2020-0883 Critical Component Execution Vulnerability Microsoft Graphics GDI+ Remote Code CVE-2020-0881 Critical Component Execution Vulnerability Windows GDI Microsoft Graphics CVE-2020-0880 Information Disclosure Important Component Vulnerability Microsoft Graphics Win32k Elevation of CVE-2020-0887 Important Component Privilege Vulnerability 3 | P a g e Windows Graphics Microsoft Graphics CVE-2020-0898 Component Elevation of Important Component Privilege Vulnerability Windows Graphics Microsoft Graphics CVE-2020-0885 Component Information Important Component Disclosure Vulnerability Microsoft Word Remote Microsoft Office CVE-2020-0850 Code Execution Important Vulnerability Microsoft Word Remote Microsoft Office CVE-2020-0852 Code Execution Critical Vulnerability Microsoft Word Remote Microsoft Office CVE-2020-0892 Code Execution Important Vulnerability Microsoft Word Remote Microsoft Office CVE-2020-0851 Code Execution Important Vulnerability Microsoft Word Remote Microsoft Office CVE-2020-0855 Code Execution Important Vulnerability Microsoft SharePoint Microsoft Office CVE-2020-0795 Reflective XSS Important SharePoint Vulnerability Microsoft SharePoint Microsoft Office CVE-2020-0891 Reflective XSS Important SharePoint Vulnerability Microsoft Office Microsoft Office CVE-2020-0893 SharePoint XSS Important SharePoint Vulnerability Microsoft Office Microsoft Office CVE-2020-0894 SharePoint XSS Important SharePoint Vulnerability Scripting Engine Microsoft Scripting CVE-2020-0830 Memory Corruption Critical Engine Vulnerability Scripting Engine Microsoft Scripting CVE-2020-0829 Memory Corruption Engine Critical Vulnerability Scripting Engine Microsoft Scripting CVE-2020-0813 Information Disclosure Important Engine Vulnerability 4 | P a g e Scripting Engine Microsoft Scripting CVE-2020-0826 Memory Corruption Engine Critical Vulnerability Scripting Engine Microsoft Scripting CVE-2020-0827 Memory Corruption Engine Critical Vulnerability Scripting Engine Microsoft Scripting CVE-2020-0825 Memory Corruption Engine Critical Vulnerability Scripting Engine Microsoft Scripting CVE-2020-0831 Memory Corruption Engine Critical Vulnerability Microsoft Scripting VBScript Remote Code CVE-2020-0847 Moderate Engine Execution Vulnerability Chakra Scripting Engine Microsoft Scripting CVE-2020-0811 Memory Corruption Critical Engine Vulnerability Scripting Engine Microsoft Scripting CVE-2020-0828 Memory Corruption Engine Critical Vulnerability Scripting Engine Microsoft Scripting CVE-2020-0848 Memory Corruption Engine Critical Vulnerability Scripting Engine Microsoft Scripting CVE-2020-0823 Memory Corruption Engine Critical Vulnerability Scripting Engine Microsoft Scripting CVE-2020-0832 Memory Corruption Moderate Engine Vulnerability Chakra Scripting Engine Microsoft Scripting CVE-2020-0812 Memory Corruption Critical Engine Vulnerability Scripting Engine Microsoft Scripting CVE-2020-0833 Memory Corruption Critical Engine Vulnerability Windows Work Folder Microsoft Windows CVE-2020-0897 Service Elevation of Important Privilege Vulnerability Windows Hard Link Microsoft Windows CVE-2020-0896 Elevation of Privilege Important Vulnerability 5 | P a g e Windows Network Connections Service Microsoft Windows CVE-2020-0871 Important Information Disclosure Vulnerability Windows GDI Microsoft Windows CVE-2020-0874 Information Disclosure Important Vulnerability Win32k Information Microsoft Windows CVE-2020-0876 Important Disclosure Vulnerability Windows Error Microsoft Windows CVE-2020-0775 Reporting Information Important Disclosure Vulnerability Windows GDI Microsoft Windows CVE-2020-0879 Information Disclosure Important Vulnerability Diagnostics Hub Standard Collector Microsoft Windows CVE-2020-0793 Important Elevation of Privilege Vulnerability Windows Elevation of Microsoft Windows CVE-2020-0776 Important Privilege Vulnerability Media Foundation Microsoft Windows CVE-2020-0869 Memory Corruption Critical Vulnerability Windows Network Driver Interface Microsoft Windows CVE-2020-0861 Specification (NDIS) Important Information Disclosure Vulnerability Connected User Experiences and Microsoft Windows CVE-2020-0863 Telemetry Service Important Information Disclosure Vulnerability Windows ActiveX Installer Service Microsoft Windows CVE-2020-0860 Important Elevation of Privilege Vulnerability Windows Search Microsoft Windows CVE-2020-0857 Indexer Elevation of Important Privilege Vulnerability Windows Elevation of Microsoft Windows CVE-2020-0858 Important Privilege Vulnerability 6 | P a g e Windows Work Folder Microsoft Windows CVE-2020-0865 Service Elevation of Important Privilege Vulnerability Windows Work Folder Microsoft Windows CVE-2020-0866 Service Elevation of Important Privilege Vulnerability Windows Work Folder Microsoft Windows CVE-2020-0864 Service Elevation of Important Privilege Vulnerability Media Foundation Microsoft Windows CVE-2020-0820 Information Disclosure Important Vulnerability Windows Device Setup Microsoft Windows CVE-2020-0819 Manager Elevation of Important Privilege Vulnerability Windows Network Connections Service Microsoft Windows CVE-2020-0804 Important Elevation of Privilege Vulnerability Windows Installer Microsoft Windows CVE-2020-0779 Elevation of Privilege Important Vulnerability Windows Network Connections Service Microsoft Windows CVE-2020-0802 Important Elevation of Privilege Vulnerability Windows Network Connections Service Microsoft Windows CVE-2020-0803 Important Elevation of Privilege Vulnerability Windows Network Connections Service Microsoft Windows CVE-2020-0778 Important Elevation of Privilege Vulnerability Media Foundation Microsoft Windows CVE-2020-0809 Memory Corruption Critical Vulnerability Diagnostic Hub Standard Collector Microsoft Windows CVE-2020-0810 Important Elevation of Privilege Vulnerability Media Foundation Microsoft Windows CVE-2020-0807 Memory Corruption Critical Vulnerability Provisioning Runtime Microsoft Windows CVE-2020-0808 Elevation of Privilege Important Vulnerability 7 | P a g e Windows Work Folder Microsoft Windows CVE-2020-0797 Service Elevation of Important Privilege Vulnerability Windows User Profile Microsoft Windows CVE-2020-0785 Service Elevation of Important Privilege Vulnerability

Load more

  12

Copy Link