On March 10, 2020, Microsoft released the Patch Tuesday, March. Microsoft released as many as 115 bug fixes, mainly covering the Windows operating system, IE/Edge browser, ChakraCore, Exchange Server, Office, and Office services and network applications, Azure DevOps Server and Microsoft malware protection engine. There are 26 serious vulnerabilities and 88 high-risk vulnerabilities.
Microsoft reports that no vulnerabilities have been publicly disclosed at this time, and there are no wild exploits.
CVE-2020-0852: Word remote code execution vulnerability
It is a vulnerability in the Microsoft Office suite. Unlike traditional Office vulnerabilities, this vulnerability does not require opening a specially crafted file. It can be triggered when the user informs Microsoft Outlook to preview the special file. The attack succeeded in obtaining full user control.
CVE-2020-0684: LNK Remote Code Execution Vulnerability
It is still a vulnerability caused by (.LNK) files. An attacker can use specially crafted .LNK file to execute arbitrary code. Successful attackers can obtain complete user control.
ADV200005 | SMBv3 Compression Function Vulnerability
The vulnerability is a remote code execution vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol and affects the SMB server/client.
We recommend Windows users to update your Microsoft Windows version in a timely manner and keep Windows automatic updates turned on.