TechGenix Patch Central: Microsoft March Patch Tuesday

By /

The past month has been a tough one for many business sectors. Cybersecurity may have taken a back seat in the mainstream news to the global virus epidemic and human health issues, and many companies — including tech giants — are canceling conferences, suspending nonessential travel, and directing employees to work from home — but attackers aren’t taking a hiatus. As with past crises, attackers are exploiting the situation to play on fears about the biological virus by distributing malware through documents pretending to be coronavirus safety guidelines or information from government health authorities. Another attack uses Microsoft OneNote to distribute a keylogger, which is delivered an encrypted binary that is then decrypted and runs in memory to collect keystrokes from the victim’s system. Microsoft also issued a warning that ransomware is becoming more sophisticated, with a “human-operated” variety focusing on compromising accounts with high privileges, such as administrative accounts. This, of course, allows them to do more damage, and this type of malware can adapt after it’s infected a system. In more Microsoft-related security news, it was reported in early March that a vulnerability in Exchange Server has been actively exploited in the wild by Advanced Persistent Threat (APT) groups, even though the vulnerability was patched in February’s Patch Tuesday updates. This is another example of just how important it is to apply security updates as quickly as possible. With all that’s going on in the world and many IT departments working short-handed, it may be tempting to put off installing those patches, but now more than ever, organizations don’t need the problems that a malware attack can cause. Let’s look at what Microsoft’s March Patch Tuesday brings us.

Microsoft March Patch Tuesday: Update summary

march patch tuesday

Microsoft released 113 total patches this month, with updates for all the currently supported operating systems, including 39 fixes for Windows 7 (only for organizations that pay for ESU, or Extended Security Updates).

Windows 10 follows the usual pattern, with the largest number of fixes being for the newest versions — 75 vulnerability patches for versions 1903 and 1909. Versions 1809 and 1803 get 73 and 71 vulnerabilities patched, respectively. For each version, seven of the vulnerabilities are rated critical.

Those who are still running Windows 8.1 will get fixes for 55 vulnerabilities, three of them critical.

Windows Server 2019 has 72 vulnerabilities, seven rated critical. Windows Server 2016 has 71 vulnerabilities, six of them critical, Server 2012 R2 has 55 vulnerabilities, three that are critical, and Server 2008 (also through ESU only) has 47 vulnerabilities and five of them are critical.

On the web browser front, Internet Explorer 11 has six vulnerabilities patched and all of them are critical. Edge (not the new Chromium-based version) get patches for 14 vulnerabilities and 13 of those are critical.

Windows client and server critical vulnerabilities

Let’s take a look now at some of the critical issues:

patching

Windows web browser vulnerabilities

The following critical vulnerabilities were patched this month in IE 11:

  • CVE-2020-0824 – Internet Explorer Memory Corruption Vulnerability. This is a remote code execution vulnerability that exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • CVE-2020-0768, 0830, 0832, and 0833. Scripting Engine Memory Corruption Vulnerabilities. These are all remote code execution vulnerabilities that exist in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • CVE-2020-0847 – VBScript Remote Code Execution Vulnerability. This is a remote code execution vulnerability that is because of the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The following are the critical vulnerabilities patched in the non-Chromium version of Edge:

  • 10 Scripting Engine Memory Corruption vulnerabilities and two Chakra Scripting Engine Memory Corruption vulnerabilities: CVE-2020-0768, CVE-2020-0811, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0848, and CVE-2020-0812.
  • CVE-2020-0816 – Microsoft Edge Memory Corruption Vulnerability. This is a remote code execution vulnerability that exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that it enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Other products

In addition to the updates for Windows and the web browsers, Microsoft released March Patch Tuesday updates for the following products:

  • Microsoft Exchange Server
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Azure DevOps
  • Windows Defender
  • Visual Studio
  • Open Source Software
  • Azure
  • Microsoft Dynamics

More information about these updates can be found through the links or the Security Update Guide in the MSRC portal.

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top