Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, including 26 critical issues affecting Windows, Word, Dynamics Business Central, and the company’s web browsers.
Vulnerabilities have been patched in Windows, Edge, Internet Explorer, Exchange Server, Office, Azure DevOps, Windows Defender, Visual Studio, and Dynamics. The majority of the security holes resolved this month affect Windows (79 CVEs) and browsers (18 CVEs).
None of the vulnerabilities patched this month has been exploited in attacks or disclosed publicly before fixes were made available.
Experts from several cybersecurity companies have commented on this month’s patches:
Todd Schell, senior product manager, security, Ivanti:
“Microsoft has released Servicing Stack Updates for most of the Windows OS versions. The only exceptions this month are Windows 10 version 1703, Server 2008, and Windows 72008 R2.
Microsoft has announced a vulnerability for Remote Desktop Connection Manager (CVE-2020-0765), but states they do not plan to release an update to fix the issue. The product has been deprecated. Their guidance is to use caution if you continue to use RDCMan, but recommends moving to supported Remote Desktop clients.
Microsoft has resolved several Information Disclosure vulnerabilities in the Windows OS this month in components such as GDI, Windows Graphics Component, Win32k, Windows Modules Installer Service, Windows Network Driver Interface Specification, and Connected User Experiences and Telemetry Service. These vulnerabilities could allow attackers to read from the file system, uninitialized memory, or even memory contents in kernel space from a user mode process. A couple of them could also allow an attacker to collect information that could allow them to predict addressing of memory.
Microsoft Word Remote Code Execution vulnerability (CVE-2020-08 ..
Support the originator by clicking the read the rest link below.
