Multiple Vulnerabilities in Microsoft Products fix in Patch Tuesday March
On March 10, 2020, Microsoft released the Patch Tuesday, March. Microsoft released as many as 115 bug fixes, mainly covering the Windows operating system, IE/Edge browser, ChakraCore, Exchange Server, Office, and Office services and network applications, Azure DevOps Server and Microsoft malware protection engine. There are 26 serious vulnerabilities and 88 high-risk vulnerabilities.
Microsoft reports that no vulnerabilities have been publicly disclosed at this time, and there are no wild exploits.
CVE-2020-0852: Word remote code execution vulnerability
It is a vulnerability in the Microsoft Office suite. Unlike traditional Office vulnerabilities, this vulnerability does not require opening a specially crafted file. It can be triggered when the user informs Microsoft Outlook to preview the special file. The attack succeeded in obtaining full user control.
CVE-2020-0684: LNK Remote Code Execution Vulnerability
It is still a vulnerability caused by (.LNK) files. An attacker can use specially crafted .LNK file to execute arbitrary code. Successful attackers can obtain complete user control.
ADV200005 | SMBv3 Compression Function Vulnerability
The vulnerability is a remote code execution vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol and affects the SMB server/client.
We recommend Windows users to update your Microsoft Windows version in a timely manner and keep Windows automatic updates turned on.