Microsoft Releases Windows Updates to Resolve 115 Vulnerabilities

Antus67

Level 9
Thread author
Verified
Well-known
Nov 3, 2019
413
Microsoft’s March 2020 Patch Tuesday cycle is a heavy one, as it includes updates for a total of 115 vulnerabilities. A total of 26 security flaws are flagged with a critical severity ratings.

Out of the 26 critical vulnerabilities, no less than 17 affect browser and scripting engines, so if you’re using Microsoft’s browsers, the best advice is to patch as soon as possible.

There are three Remote Code Execution, or RCE, flaws that are resolved this month.

First and foremost, it’s CVE-2020-0852, a vulnerability in Microsoft Word that would allow an attacker to execute malicious code on behalf of the user. To exploit this flaw, a malicious actor needs to convince the user to open a crafted file using an unpatched version of Microsoft Word. The vulnerable versions are Microsoft Office 2016 for Mac, Microsoft Office 2019, Microsoft Office Online Server, and Microsoft SharePoint Server 2019.

No failed installs
Then, it’s an RCE flaw in Application Inspector tracked as CVE-2020-0872.

“A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output. An attacker who exploited it could send sections of the report containing code snippets to an external server,” Microsoft explains.

The third RCE affects Dynamics Business Central and is detailed in CVE-2020-0905. Microsoft says an attacker that manages to compromise an unpatched host could then execute arbitrary shell commands on victim’s server.

On Windows 10 devices, all these patches are bundled with the latest cumulative updates, available both on Windows Update and on Microsoft’s Update Catalog. Given the big number of patched vulnerabilities, users are recommended to install the new updates as soon as possible.

There are no reports of failed installs or botched updates so far.

Source: Microsoft Releases Windows Updates to Resolve 115 Vulnerabilities
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top