- Home
- Alerts & Advisories
- Alerts
- March 2020 Monthly Patch Release
Monthly Patch
March 2020 Monthly Patch Release
11 March 2020
UPDATED as of 13 March 2020: Microsoft released the KB4551762 security update to patch the pre-auth Remote Code Execution (RCE) Windows 10 vulnerability (CVE-2020-0796) found in Microsoft Server Message Block 3.1.1 (SMBv3). Users and system administrators of affected products are advised to apply the security updates immediately.
Microsoft has released security patches to address multiple vulnerabilities in their software and products.
Vulnerabilities that have been classified as Critical in severity are listed in the table below.
For the full list of security patches released by Microsoft, please visit https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar
Critical vulnerabilities
CVE Number | Description | Base Score | Reference |
|---|---|---|---|
CVE-2020-0796 | This vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. Successful exploitation of this vulnerability could allow an attacker to gain the ability to execute code on the target server or client. | To be confirmed | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796 |
CVE-2020-0684 | This vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0684 |
CVE-2020-0768 | This vulnerability exists in the way that Microsoft browsers access objects in memory. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0768 |
CVE-2020-0801 | This vulnerability exists when Windows Media Foundation improperly handles objects in memory. Successful exploitation of this vulnerability could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0801 |
CVE-2020-0807 | This vulnerability exists when Windows Media Foundation improperly handles objects in memory. Successful exploitation of this vulnerability could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0807 |
CVE-2020-0809 | This vulnerability exists when Windows Media Foundation improperly handles objects in memory. Successful exploitation of this vulnerability could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0809 |
CVE-2020-0811 | This vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L. Successful exploitation of this vulnerabilitiy could allow an attacker to gain the same user rights as the current user and take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0811 |
CVE-2020-0812 | This vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based)L. Successful exploitation of this vulnerabilitiy could allow an attacker to gain the same user rights as the current user and take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0812 |
CVE-2020-0816 | This vulnerability exists when Microsoft Edge improperly accesses objects in memory. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0816 |
CVE-2020-0823 | This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0823 |
CVE-2020-0824 | This vulnerability exists in the way that the VBScript engine handles objects in memory. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0824 |
CVE-2020-0825 | This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0825 |
CVE-2020-0826 | This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0826 |
CVE-2020-0827 | This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0827 |
CVE-2020-0828 | This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0828 |
CVE-2020-0829 | This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0829 |
CVE-2020-0830 | This vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of these vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0890 |
CVE-2020-0831 | This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0831 |
CVE-2020-0833 | This vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0833 |
CVE-2020-0848 | This vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability could allow an attacker to gain the same user rights as the current user and take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0848 |
CVE-2020-0852 | This vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Successful exploitation of this vulnerability could allow an attacker use a specially crafted file to perform actions in the security context of the current user. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0852 |
CVE-2020-0869 | This vulnerability exists when Windows Media Foundation improperly handles objects in memory. Successful exploitation of this vulnerability could allow an attacker to install programmes; view, change, or delete data; or create new accounts with full user rights. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0869 |
CVE-2020-0881 | Thisvulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. Successful exploitation of the vulnerability could allow an attacker to take control of the affected system. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0881 |
CVE-2020-0883 | This vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0883 |
CVE-2020-0905 | This vulnerability exists in Microsoft Dynamics Business Central. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands on victim's server. | TBC | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0905 |