Posted: 28 Min ReadThreat Intelligence

Microsoft Patch Tuesday – March 2020

This month the vendor has patched 115 vulnerabilities, 25 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the March 2020 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

  •   Internet Explorer
  •   Edge
  •   ChakraCore
  •   Microsoft Office
  •   Microsoft Windows
  •   Microsoft Windows Kernel
  •   Microsoft Graphics Component
  •   Microsoft Exchange Server
  •   Visual Studio
  •   Azure DevOps
  •   Microsoft Defender
  •   Application Inspector
  •   Remote Desktop Connection Manager
  •   Microsoft Dynamics
  •   Microsoft Azure Service Fabric

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Updates for Microsoft Browsers

Microsoft Browser Memory Corruption Vulnerability (CVE-2020-0768) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2020-0811) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2020-0812) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Edge Memory Corruption Vulnerability (CVE-2020-0816) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2020-0823) MS Rating: Critical

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Internet Explorer Memory Corruption Vulnerability (CVE-2020-0824) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2020-0825) MS Rating: Critical

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2020-0826) MS Rating: Critical

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2020-0827) MS Rating: Critical

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2020-0828) MS Rating: Critical

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2020-0829) MS Rating: Critical

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Browser Memory Corruption Vulnerability (CVE-2020-0830) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2020-0831) MS Rating: Critical

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2020-0832) MS Rating: Critical

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2020-0833) MS Rating: Critical

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

VBScript Remote Code Execution Vulnerability (CVE-2020-0847) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2020-0848) MS Rating: Critical

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Scripting Engine Information Disclosure Vulnerability (CVE-2020-0813) MS Rating: Important

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object was created.

  1. Cumulative Security Updates for Microsoft Office

Microsoft SharePoint Reflective XSS Vulnerability (CVE-2020-0795) MS Rating: Important

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0850) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0851) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0852) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0855) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

Microsoft SharePoint Reflective XSS Vulnerability (CVE-2020-0891) MS Rating: Important

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server. An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0892) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

Microsoft Office SharePoint XSS Vulnerability (CVE-2020-0893) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Office SharePoint XSS Vulnerability (CVE-2020-0894) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

  1. Cumulative Security Updates for Microsoft Windows

Media Foundation Memory Corruption Vulnerability (CVE-2020-0801) MS Rating: Critical

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

Media Foundation Memory Corruption Vulnerability (CVE-2020-0807) MS Rating: Critical

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

Media Foundation Memory Corruption Vulnerability (CVE-2020-0809) MS Rating: Critical

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

Media Foundation Memory Corruption Vulnerability (CVE-2020-0869) MS Rating: Critical

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights.

LNK Remote Code Execution Vulnerability (CVE-2020-0684) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a . LNK file is processed.

Windows Installer Privilege Escalation Vulnerability (CVE-2020-0779) MS Rating: Important

A privilege escalation vulnerability exists in the Windows Installer when MSI packages process symbolic links. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.

Windows UPnP Service Privilege Escalation Vulnerability (CVE-2020-0781) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.

Windows UPnP Service Privilege Escalation Vulnerability (CVE-2020-0783) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.

Windows User Profile Service Privilege Escalation Vulnerability (CVE-2020-0785) MS Rating: Important

A privilege escalation vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.

Windows Tile Object Service Denial of Service Vulnerability (CVE-2020-0786) MS Rating: Important

A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

Windows Background Intelligent Transfer Service Privilege Escalation Vulnerability (CVE-2020-0787) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

Diagnostics Hub Standard Collector Privilege Escalation Vulnerability (CVE-2020-0793) MS Rating: Important

A privilege escalation vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Installer Privilege Escalation Vulnerability (CVE-2020-0798) MS Rating: Important

A privilege escalation vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges.

Windows Error Reporting Privilege Escalation Vulnerability (CVE-2020-0806) MS Rating: Important

A privilege escalation vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow Privilege Escalation if an attacker can successfully exploit it.

Provisioning Runtime Privilege Escalation Vulnerability (CVE-2020-0808) MS Rating: Important

A privilege escalation vulnerability exists in the way the Provisioning Runtime validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system.

Windows Diagnostics Hub Privilege Escalation Vulnerability (CVE-2020-0810) MS Rating: Important

A privilege escalation svulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.

Windows Hard Link Privilege Escalation Vulnerability (CVE-2020-0840) MS Rating: Important

A privilege escalation vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

Windows Hard Link Privilege Escalation Vulnerability (CVE-2020-0841) MS Rating: Important

A privilege escalation vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

Windows Installer Privilege Escalation Vulnerability (CVE-2020-0842) MS Rating: Important

A privilege escalation vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. To exploit the vulnerability, an attacker would require unprivileged execution on the victim system.

Windows Installer Privilege Escalation Vulnerability (CVE-2020-0843) MS Rating: Important

A privilege escalation vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. To exploit the vulnerability, an attacker would require unprivileged execution on the victim system.

Connected User Experiences and Telemetry Service Privilege Escalation Vulnerability (CVE-2020-0844) MS Rating: Important

A privilege escalation vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Hard Link Privilege Escalation Vulnerability (CVE-2020-0849) MS Rating: Important

A privilege escalation vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

Windows Mobile Device Management Diagnostics Privilege Escalation Vulnerability (CVE-2020-0854) MS Rating: Important

A privilege escalation vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files.

Windows Search Indexer Privilege Escalation Vulnerability (CVE-2020-0857) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Privilege Escalation Vulnerability (CVE-2020-0858) MS Rating: Important

A privilege escalation vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows Modules Installer Service Information Disclosure Vulnerability (CVE-2020-0859) MS Rating: Important

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.

Windows ActiveX Installer Service Privilege Escalation Vulnerability (CVE-2020-0860) MS Rating: Important

A privilege escalation vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability (CVE-2020-0861) MS Rating: Important

An information disclosure vulnerability exists when the Windows Network Driver Interface Specification (NDIS) improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Connected User Experiences and Telemetry Service Information Disclosure Vulnerability (CVE-2020-0863) MS Rating: Important

An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read any file on the file system.

Windows Update Orchestrator Service Privilege Escalation Vulnerability (CVE-2020-0867) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Update Orchestrator Service Privilege Escalation Vulnerability (CVE-2020-0868) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Update Orchestrator Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Network Connections Service Information Disclosure Vulnerability (CVE-2020-0871) MS Rating: Important

An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process.

Windows Hard Link Privilege Escalation Vulnerability (CVE-2020-0896) MS Rating: Important

A privilege escalation vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

Microsoft IIS Server Tampering Vulnerability (CVE-2020-0645) MS Rating: Important

A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers. An attacker who successfully exploited the vulnerability could cause a vulnerable server to improperly process HTTP headers and tamper with the responses returned to clients.

DirectX Privilege Escalation Vulnerability (CVE-2020-0690) MS Rating: Important

A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Windows CSC Service Privilege Escalation Vulnerability (CVE-2020-0769) MS Rating: Important

A privilege escalation vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows ActiveX Installer Service Privilege Escalation Vulnerability (CVE-2020-0770) MS Rating: Important

A privilege escalation vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows CSC Service Privilege Escalation Vulnerability (CVE-2020-0771) MS Rating: Important

A privilege escalation vulnerability exists when the Windows CSC Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows Error Reporting Privilege Escalation Vulnerability (CVE-2020-0772) MS Rating: Important

A privilege escalation vulnerability exists when Windows Error Reporting improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows ActiveX Installer Service Privilege Escalation Vulnerability (CVE-2020-0773) MS Rating: Important

A privilege escalation vulnerability exists when the Windows ActiveX Installer Service improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows Work Folder Service Privilege Escalation Vulnerability (CVE-2020-0777) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Network Connections Service Privilege Escalation Vulnerability (CVE-2020-0778) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Work Folder Service Privilege Escalation Vulnerability (CVE-2020-0797) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Work Folder Service Privilege Escalation Vulnerability (CVE-2020-0800) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Network Connections Service Privilege Escalation Vulnerability (CVE-2020-0802) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Network Connections Service Privilege Escalation Vulnerability (CVE-2020-0803) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Network Connections Service Privilege Escalation Vulnerability (CVE-2020-0804) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Network Connections Service Privilege Escalation Vulnerability (CVE-2020-0845) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Windows Network Connections Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Work Folder Service Privilege Escalation Vulnerability (CVE-2020-0864) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Work Folder Service Privilege Escalation Vulnerability (CVE-2020-0865) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Work Folder Service Privilege Escalation Vulnerability (CVE-2020-0866) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Work Folder Service Privilege Escalation Vulnerability (CVE-2020-0897) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Work Folder Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Error Reporting Information Disclosure Vulnerability (CVE-2020-0775) MS Rating: Important

A privilege escalation vulnerability exists when Windows Error Reporting improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows Privilege Escalation Vulnerability (CVE-2020-0776) MS Rating: Important

A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows Network List Service Privilege Escalation Vulnerability (CVE-2020-0780) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Windows Network List Service handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Installer Privilege Escalation Vulnerability (CVE-2020-0814) MS Rating: Important

A privilege escalation vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. To exploit the vulnerability, an attacker would require unprivileged execution on the victim system.

Windows Device Setup Manager Privilege Escalation Vulnerability (CVE-2020-0819) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Device Setup Manager improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Media Foundation Information Disclosure Vulnerability (CVE-2020-0820) MS Rating: Important

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Windows Language Pack Installer Privilege Escalation Vulnerability (CVE-2020-0822) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows ALPC Privilege Escalation Vulnerability (CVE-2020-0834) MS Rating: Important

A privilege escalation vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system.

  1. Cumulative Security Updates for Microsoft Windows Kernel

Win32k Privilege Escalation Vulnerability (CVE-2020-0788) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Windows Kernel Privilege Escalation Vulnerability (CVE-2020-0799) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links. An attacker who successfully exploited this vulnerability could potentially access privileged registry keys and thereby elevate permissions.

Win32k Information Disclosure Vulnerability (CVE-2020-0876) MS Rating: Important

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Win32k Privilege Escalation Vulnerability (CVE-2020-0877) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Win32k Privilege Escalation Vulnerability (CVE-2020-0887) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

  1. Cumulative Security Updates for Microsoft Graphics Component

GDI+ Remote Code Execution Vulnerability (CVE-2020-0881) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

GDI+ Remote Code Execution Vulnerability (CVE-2020-0883) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

Windows GDI Information Disclosure Vulnerability (CVE-2020-0774) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Windows Graphics Component Privilege Escalation Vulnerability (CVE-2020-0791) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Imaging Component Information Disclosure Vulnerability (CVE-2020-0853) MS Rating: Important

An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who succesfully exploited this vulnerability could obtain information to further compromise the user's system.

Windows GDI Information Disclosure Vulnerability (CVE-2020-0874) MS Rating: Important

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attack

Windows GDI Information Disclosure Vulnerability (CVE-2020-0879) MS Rating: Important

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attack

Windows GDI Information Disclosure Vulnerability (CVE-2020-0880) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Windows GDI Information Disclosure Vulnerability (CVE-2020-0882) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Windows Graphics Component Privilege Escalation Vulnerability (CVE-2020-0898) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Graphics Component Information Disclosure Vulnerability (CVE-2020-0885) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user's system.

  1. Security Update for Microsoft Exchange Server

Microsoft Exchange Server Spoofing Vulnerability (CVE-2020-0903) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected server.

  1. Cumulative Security Updates for Microsoft Visual Studio

Microsoft Visual Studio Spoofing Vulnerability (CVE-2020-0884) MS Rating: Important

A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL . An attacker who successfully exploited this vulnerability could compromise the access tokens, exposing security and privacy risks.

Visual Studio Extension Installer Service Denial of Service Vulnerability (CVE-2020-0789) MS Rating: Important

A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

  1. Security Update for Microsoft Application Inspector

Remote Code Execution Vulnerability in Application Inspector (CVE-2020-0872) MS Rating: Important

A remote code execution vulnerability exists in Application Inspector version v1. 0.

  1. Cumulative Security Updates for Microsoft Defender

Microsoft Defender Privilege Escalation Vulnerability (CVE-2020-0762) MS Rating: Important

A privilege escalation vulnerability exists when Defender handles certain objects in memory. To exploit the vulnerability, an attacker would first have to log on to the system.

Microsoft Defender Privilege Escalation Vulnerability (CVE-2020-0763) MS Rating: Important

A privilege escalation vulnerability exists when Defender handles certain objects in memory. To exploit the vulnerability, an attacker would first have to log on to the system.

  1. Cumulative Security Updates for Azure DevOps

Azure DevOps Server Cross-site Scripting Vulnerability (CVE-2020-0700) MS Rating: Important

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised pa

Azure DevOps Privilege Escalation Vulnerability (CVE-2020-0758) MS Rating: Important

A privilege escalation vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.

Azure DevOps Privilege Escalation Vulnerability (CVE-2020-0815) MS Rating: Important

A privilege escalation vulnerability exists when Visual Studio improperly handles pipeline job tokens. An attacker who successfully exploited this vulnerability could extend their access to a project.

  1. Security Update for Microsoft Remote Desktop Connection Manager

Remote Desktop Connection Manager Information Disclosure Vulnerability (CVE-2020-0765) MS Rating: Moderate

An information disclosure vulnerability exists in the Remote Desktop Connection Manager (RDCMan) application when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.

  1. Security Update for Microsoft Dynamics

Dynamics Business Central Remote Code Execution Vulnerability (CVE-2020-0905) MS Rating: Critical

An remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who succesfully exploited this vulnerability could execute arbitrary shell commands on victim's server.

  1. Security Update for Microsoft Azure Service Fabric

Service Fabric Elevation of Privilege (CVE-2020-0902) MS Rating: Important

An elevation of privilege vulnerability exists in Service Fabric File Store Service under certain conditions. An unauthenticated remote user could gain rights to the Service Fabric File Store Service if the node is exposed externally via SMB or SCP standard ports and they are using the impacted configuration.

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

 

About the Author

Preethi Koroth

Threat Analysis Engineer

Preethi Koroth is a member of Symantec's Cyber Security Services organization which provides round-the-clock monitoring and protection services against cyber attacks.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.