Skip to main content
Patch ManagementPatch Tuesday

Microsoft’s March Patch Tuesday is Absolutely Massive

By March 10, 2020November 9th, 2022No Comments
|Patch Tuesday: March Updates|

Microsoft’s March 2020 Patch Tuesday is Absolutely Massive

Right on schedule, the official Patch Tuesday updates have arrived for March, including 115 vulnerability fixes. Catch up on the latest news from Microsoft and start patching.

March Patch Tuesday Updates are Now Available

Microsoft Patch Tuesday has officially arrived with 115 new patches. There are 26 Critical patches with the remaining marked Important and Moderate.

Support for Windows 7 and Windows Server 2008 (including R2) was officially ended in January, but there are plenty of updates released this month for customers who have purchased an extension agreement.

Robert Brown, Director of Services for Syxsense said, “A large portion of the Critical updates released today are for the Internet Explorer browser, including four of these CVEs for Windows 7. Even if your corporate policy is to use an alternative browser, if your devices have the IE binaries on the system drive, then you must patch.”

New Windows 7 Vulnerabilities

For those still using this legacy operating system, we have listed the updates you need to prioritize in this Patch Tuesday:

  1. CVE-2020-0832, CVE-2020-0833, CVE-2020-0824, CVE-2020-0847 – Internet Explorer 11 – In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.
  2. CVE-2020-0844 – Connected User Experiences and Telemetry Service – The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service handles file operations.
  3. CVE-2020-0645 – Microsoft IIS Server Tampering – The update addresses the vulnerability by modifying how IIS Server handles malformed request headers.
  4. CVE-2020-0788, CVE-2020-0877, CVE-2020-0887 – Win32k Elevation – The update addresses this vulnerability by correcting how Win32k handles objects in memory.
  5. CVE-2020-0787 – Windows Background Intelligent Transfer Service – The security update addresses the vulnerability by correcting how Windows BITS handles symbolic links.
  6. CVE-2020-0769 – Windows CSC – The security update addresses the vulnerability by correcting how the Windows CSC Service handles memory.
  7. CVE-2020-0849 – Windows Hard Link – The security update addresses the vulnerability by correcting how Windows handles hard links.
  8. CVE-2020-0779 – Windows Installer – The security update addresses the vulnerability by modifying how reparse points are handled by the Windows Installer.
  9. CVE-2020-0778 – Windows Network Connections Service – The security update addresses the vulnerability by ensuring the Windows Network Connections Service properly handles objects in memory.

Syxsense Recommendations

Based on the vendor severity and CVSS score, we have made a few recommendations below which you should prioritize this month. Please pay close attention to any of these which are Publicly Aware and / or Weaponized.

 

<

CVE Ref. Description Vendor Severity CVSS Base Score Counter-measure Publicly Aware Weaponized Syxsense Recommended
CVE-2020-0852 Microsoft Word Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0905 Dynamics Business Central Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0684 LNK Remote Code Execution Vulnerability Critical TBC No No No Yes
CVE-2020-0801 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0807 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0809 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0869 Media Foundation Memory Corruption Vulnerability Critical 7.8 No No No Yes
CVE-2020-0768 Microsoft Browser Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0830 Microsoft Browser Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0832 Scripting Engine Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0833 Scripting Engine Memory Corruption Vulnerability Critical 7.5 No No No Yes
CVE-2020-0824 VBScript Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-0847 VBScript Remote Code Execution Vulnerability Critical 7.5 No No No Yes
CVE-2020-0881 GDI+ Remote Code Execution Vulnerability Critical 6.7 No No No Yes
CVE-2020-0883 GDI+ Remote Code Execution Vulnerability Critical 6.7 No No No Yes
CVE-2020-0811 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0812 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0816 Microsoft Edge Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0823 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0825 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0826 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0827 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0828 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0829 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0831 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0848 Scripting Engine Memory Corruption Vulnerability Critical 4.2 No No No Yes
CVE-2020-0844 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0793 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0762 Microsoft Defender Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0763 Microsoft Defender Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0808 Provisioning Runtime Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0788 Win32k Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0834 Windows ALPC Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0787 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0769 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0771 Windows CSC Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0819 Windows Device Setup Manager Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0810 Windows Diagnostics Hub Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0776 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0858 Windows Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0772 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0806 Windows Error Reporting Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0791 Windows Graphics Component Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0840 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0841 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0849 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0896 Windows Hard Link Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0798 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0814 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0842 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0843 Windows Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0799 Windows Kernel Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0822 Windows Language Pack Installer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0802 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0803 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0804 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0845 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0857 Windows Search Indexer Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0867 Windows Update Orchestrator Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0868 Windows Update Orchestrator Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0797 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0800 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0864 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0865 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0866 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0897 Windows Work Folder Service Elevation of Privilege Vulnerability Important 7.8 No No No Yes
CVE-2020-0758 Azure DevOps Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0815 Azure DevOps Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0700 Azure DevOps Server Cross-site Scripting Vulnerability Important TBC No No No
CVE-2020-0903 Microsoft Exchange Server Spoofing Vulnerability Important TBC No No No
CVE-2020-0893 Microsoft Office SharePoint XSS Vulnerability Important TBC No No No
CVE-2020-0894 Microsoft Office SharePoint XSS Vulnerability Important TBC No No No
CVE-2020-0795 Microsoft SharePoint Reflective XSS Vulnerability Important TBC No No No
CVE-2020-0891 Microsoft SharePoint Reflective XSS Vulnerability Important TBC No No No
CVE-2020-0884 Microsoft Visual Studio Spoofing Vulnerability Important TBC No No No
CVE-2020-0850 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0851 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0855 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0892 Microsoft Word Remote Code Execution Vulnerability Important TBC No No No
CVE-2020-0872 Remote Code Execution Vulnerability in Application Inspector Important TBC No No No
CVE-2020-0902 Service Fabric Elevation of Privilege Important TBC No No No
CVE-2020-0789 Visual Studio Extension Installer Service Denial of Service Vulnerability Important TBC No No No
CVE-2020-0770 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0773 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0860 Windows ActiveX Installer Service Elevation of Privilege Vulnerability Important TBC No No No
CVE-2020-0645 Microsoft IIS Server Tampering Vulnerability Important 7.5 No No No
CVE-2020-0854 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2020-0786 Windows Tile Object Service Denial of Service Vulnerability Important 7.1 No No No
CVE-2020-0690 DirectX Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0877 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0887 Win32k Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0876 Win32k Information Disclosure Vulnerability Important 7 No No No
CVE-2020-0898 Windows Graphics Component Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0779 Windows Installer Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0778 Windows Network Connections Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0780 Windows Network List Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0781 Windows UPnP Service Elevation of Privilege Vulnerability Important 7 No No No
CVE-2020-0783 Windows UPnP Service Elevation of Privilege Vulnerability Important 7 No No No

Experience the Power of Syxsense

Syxsense has created innovative and intuitive technology that sees and knows everything. Manage and secure your environment with a simple and powerful solution.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Leave a Reply