September 23, 2020

Multiple Vulnerabilities in Microsoft Products fix in Patch Tuesday March

1 min read

On March 10, 2020, Microsoft released the Patch Tuesday, March. Microsoft released as many as 115 bug fixes, mainly covering the Windows operating system, IE/Edge browser, ChakraCore, Exchange Server, Office, and Office services and network applications, Azure DevOps Server and Microsoft malware protection engine. There are 26 serious vulnerabilities and 88 high-risk vulnerabilities.

Microsoft reports that no vulnerabilities have been publicly disclosed at this time, and there are no wild exploits.

satellites systems

CVE-2020-0852: Word remote code execution vulnerability

It is a vulnerability in the Microsoft Office suite. Unlike traditional Office vulnerabilities, this vulnerability does not require opening a specially crafted file. It can be triggered when the user informs Microsoft Outlook to preview the special file. The attack succeeded in obtaining full user control.

CVE-2020-0684: LNK Remote Code Execution Vulnerability

It is still a vulnerability caused by (.LNK) files. An attacker can use specially crafted .LNK file to execute arbitrary code. Successful attackers can obtain complete user control.

ADV200005 | SMBv3 Compression Function Vulnerability

The vulnerability is a remote code execution vulnerability in the Microsoft Server Message Block 3.1.1 (SMBv3) protocol and affects the SMB server/client.

We recommend Windows users to update your Microsoft Windows version in a timely manner and keep Windows automatic updates turned on.