Blog

Archive for March 10th, 2020

Microsoft Patch Tuesday March 2020, (Tue, Mar 10th)

[I am still waiting for Microsoft’s complete details to be released. The usual summary table will be inserted once I got the complete details].

Microsoft today released patches for a total of 117 vulnerabilities. 25 of these vulnerabilities are rated critical.

CVE-2020-0684: LNK files are back! Yet again, opening a .lnk file can lead to arbitrary code execution. Similar vulnerabilities have been exploited heavily in the past and this should be a “must patch”.

As in most recent patch Tuesdays, a number of different critical remote code execution issues are exploitable via the scripting engine. These are exposed via the web browser.

For important vulnerabilities, we have a number of issues in Office (Word/Excel). These typically require some user interaction beyond just opening the document, and are only rated as “important” as a result.

So in general, there is nothing out of the ordinary in this set of patches. Adobe has so far not released a flash update for today. This update is usually rolled into the Microsoft patch Tuesday.

 


Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.

Posted in: SANS

Leave a Comment (0) →