Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Microsoft Patch Tuesday March 2020 SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Patch Tuesday March 2020

Microsoft today released patches for a total of 117 vulnerabilities. 25 of these vulnerabilities are rated critical. None of the vulnerabilities had been disclosed before today. Microsoft also has not seen any of them exploited in the wild.

CVE-2020-0684: LNK files are back! Yet again, opening a .lnk file can lead to arbitrary code execution. Similar vulnerabilities have been exploited heavily in the past and this should be a "must patch".

As in most recent patch Tuesdays, a number of different critical remote code execution issues are exploitable via the scripting engine. These are exposed via the web browser.

For important vulnerabilities, we have a number of issues in Office (Word/Excel). These typically require some user interaction beyond just opening the document, and are only rated as "important" as a result.

So in general, there is nothing out of the ordinary in this set of patches. Adobe has so far not released a flash update for today. This update is usually rolled into the Microsoft patch Tuesday.

But wait. what about CVE-2020-0796? Some people noted that Cisco's Talos research lab summary of today's patch Tuesday included a different, CVE-2020-0796, rather serious description: ">CVE-2020-0796 is a remote code execution vulnerability in Microsoft Server Message Block 3.0 (SMBv3). An attacker could exploit this bug by sending a specially crafted packet to the target SMBv3 server, which the victim needs to be connected to. Users are encouraged to disable SMBv3 compression and block TCP port 445 on firewalls and client computers. The exploitation of this vulnerability opens systems up to a “wormable” attack, which means it would be easy to move from victim to victim.". This CVE, however, is assigned to the LNK vulnerability. It may be an early draft that had a preliminary description of the vulnerability. Blocking port 445 on the firewall is probably a good idea either way. 

Update: There is now a Microsoft security advisory (ADV200005) about this flaw. It states, that clients, as well as servers, are vulnerable. To exploit the vulnerability, an attacker would send a crafted SMB3 packet to the server or trick the client to connect to a malicious server. At this point, Microsoft recommends to turn off compression on servers. There is no workaround for clients. This vulnerability has no CVE number assigned to it yet. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005

 

March 2020 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Azure DevOps Server Cross-site Scripting Vulnerability
CVE-2020-0700 No No Less Likely Less Likely Important    
Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability
CVE-2020-0758 No No Less Likely Less Likely Important    
CVE-2020-0815 No No - - Important    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2020-0811 No No - - Critical 4.2 3.8
CVE-2020-0812 No No - - Critical 4.2 3.8
Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
CVE-2020-0844 No No Less Likely Less Likely Important 7.8 7.0
Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
CVE-2020-0863 No No Less Likely Less Likely Important 5.5 5.0
Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2020-0810 No No Less Likely Less Likely Important 7.8 7.0
Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
CVE-2020-0793 No No Less Likely Less Likely Important 7.8 7.0
DirectX Elevation of Privilege Vulnerability
CVE-2020-0690 No No More Likely More Likely Important 7.0 6.3
Dynamics Business Central Remote Code Execution Vulnerability
CVE-2020-0905 No No Less Likely Less Likely Critical    
GDI+ Remote Code Execution Vulnerability
CVE-2020-0881 No No Less Likely Less Likely Critical 6.7 6.0
CVE-2020-0883 No No Less Likely Less Likely Critical 6.7 6.0
Internet Explorer Memory Corruption Vulnerability
CVE-2020-0824 No No - - Critical 6.4 5.8
LNK Remote Code Execution Vulnerability
CVE-2020-0684 No No Less Likely Less Likely Critical 8.8 7.9
Media Foundation Information Disclosure Vulnerability
CVE-2020-0820 No No Less Likely Less Likely Important 5.5 5.0
Media Foundation Memory Corruption Vulnerability
CVE-2020-0801 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-0807 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-0809 No No Less Likely Less Likely Critical 7.8 7.0
CVE-2020-0869 No No Less Likely Less Likely Critical 7.8 7.0
Microsoft Edge Memory Corruption Vulnerability
CVE-2020-0816 No No - - Critical 4.2 3.8
Microsoft Exchange Server Spoofing Vulnerability
CVE-2020-0903 No No Less Likely Less Likely Important    
Microsoft IIS Server Tampering Vulnerability
CVE-2020-0645 No No - - Important 7.5 6.7
Microsoft Office SharePoint XSS Vulnerability
CVE-2020-0893 No No Less Likely Less Likely Important    
CVE-2020-0894 No No Less Likely Less Likely Important    
Microsoft SharePoint Reflective XSS Vulnerability
CVE-2020-0795 No No - - Important    
CVE-2020-0891 No No Less Likely Less Likely Important    
Microsoft Visual Studio Spoofing Vulnerability
CVE-2020-0884 No No Less Likely Less Likely Important    
Microsoft Word Remote Code Execution Vulnerability
CVE-2020-0850 No No Less Likely Less Likely Important    
CVE-2020-0851 No No Less Likely Less Likely Important    
CVE-2020-0852 No No Less Likely Less Likely Critical    
CVE-2020-0855 No No Less Likely Less Likely Important    
CVE-2020-0892 No No Less Likely Less Likely Important    
Provisioning Runtime Elevation of Privilege Vulnerability
CVE-2020-0808 No No Less Likely Less Likely Important 7.8 7.0
Remote Code Execution Vulnerability in Application Inspector
CVE-2020-0872 No No Less Likely Less Likely Important    
Remote Desktop Connection Manager Information Disclosure Vulnerability
CVE-2020-0765 No No Less Likely Less Likely Moderate    
Scripting Engine Information Disclosure Vulnerability
CVE-2020-0813 No No - - Important 4.3 3.9
Scripting Engine Memory Corruption Vulnerability
CVE-2020-0768 No No - - Critical 6.4 5.8
CVE-2020-0823 No No - - Critical 4.2 3.8
CVE-2020-0825 No No - - Critical 4.2 3.8
CVE-2020-0826 No No - - Critical 4.2 3.8
CVE-2020-0827 No No - - Critical 4.2 3.8
CVE-2020-0828 No No - - Critical 4.2 3.8
CVE-2020-0829 No No - - Critical 4.2 3.8
CVE-2020-0830 No No - - Critical 7.5 6.7
CVE-2020-0831 No No - - Critical 4.2 3.8
CVE-2020-0832 No No More Likely More Likely Critical 7.5 6.7
CVE-2020-0833 No No - - Critical 6.4 5.8
CVE-2020-0848 No No - - Critical 4.2 3.8
Service Fabric Elevation of Privilege
CVE-2020-0902 No No Less Likely Less Likely Important    
VBScript Remote Code Execution Vulnerability
CVE-2020-0847 No No More Likely More Likely Critical 6.4 5.8
Visual Studio Extension Installer Service Denial of Service Vulnerability
CVE-2020-0789 No No Less Likely Less Likely Important    
Win32k Elevation of Privilege Vulnerability
CVE-2020-0788 No No More Likely More Likely Important 7.8 7.0
CVE-2020-0877 No No More Likely More Likely Important 7.0 6.3
CVE-2020-0887 No No More Likely More Likely Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2020-0876 No No Less Likely Less Likely Important 7.0 6.3
Windows ALPC Elevation of Privilege Vulnerability
CVE-2020-0834 No No Less Likely Less Likely Important 7.8 7.0
Windows ActiveX Installer Service Elevation of Privilege Vulnerability
CVE-2020-0770 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0773 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0860 No No Less Likely Less Likely Important 7.8 7.0
Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
CVE-2020-0787 No No Less Likely Less Likely Important 7.8 7.0
Windows CSC Service Elevation of Privilege Vulnerability
CVE-2020-0769 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0771 No No Less Likely Less Likely Important 7.8 7.0
Windows Defender Security Center Elevation of Privilege Vulnerability
CVE-2020-0762 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0763 No No Less Likely Less Likely Important 7.8 7.0
Windows Device Setup Manager Elevation of Privilege Vulnerability
CVE-2020-0819 No No Less Likely Less Likely Important 7.8 7.0
Windows Elevation of Privilege Vulnerability
CVE-2020-0776 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0858 No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2020-0772 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0806 No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Information Disclosure Vulnerability
CVE-2020-0775 No No Less Likely Less Likely Important 5.5 5.0
Windows GDI Information Disclosure Vulnerability
CVE-2020-0774 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0874 No No Less Likely Less Likely Important 4.7 4.2
CVE-2020-0879 No No Less Likely Less Likely Important 4.7 4.2
CVE-2020-0880 No No Less Likely Less Likely Important 5.5 5.0
CVE-2020-0882 No No Less Likely Less Likely Important 5.5 5.0
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2020-0791 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0898 No No - - Important 7.0 6.3
Windows Graphics Component Information Disclosure Vulnerability
CVE-2020-0885 No No Less Likely Less Likely Important 4.3 3.9
Windows Hard Link Elevation of Privilege Vulnerability
CVE-2020-0840 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0841 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0849 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0896 No No Less Likely Less Likely Important 7.8 7.0
Windows Imaging Component Information Disclosure Vulnerability
CVE-2020-0853 No No Less Likely Less Likely Important 4.3 3.9
Windows Installer Elevation of Privilege Vulnerability
CVE-2020-0779 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0798 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0814 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0842 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0843 No No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Elevation of Privilege Vulnerability
CVE-2020-0799 No No Less Likely Less Likely Important 7.8 7.0
Windows Language Pack Installer Elevation of Privilege Vulnerability
CVE-2020-0822 No No Less Likely Less Likely Important 7.8 7.0
Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
CVE-2020-0854 No No Less Likely Less Likely Important 7.1 6.4
Windows Modules Installer Service Information Disclosure Vulnerability
CVE-2020-0859 No No Less Likely Less Likely Important 5.5 5.0
Windows Network Connections Service Elevation of Privilege Vulnerability
CVE-2020-0778 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0802 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0803 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0804 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0845 No No Less Likely Less Likely Important 7.8 7.0
Windows Network Connections Service Information Disclosure Vulnerability
CVE-2020-0871 No No Less Likely Less Likely Important 5.5 5.0
Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
CVE-2020-0861 No No Less Likely Less Likely Important 5.5 5.0
Windows Network List Service Elevation of Privilege Vulnerability
CVE-2020-0780 No No Less Likely Less Likely Important 7.0 6.3
Windows Search Indexer Elevation of Privilege Vulnerability
CVE-2020-0857 No No Less Likely Less Likely Important 7.8 7.0
Windows Tile Object Service Denial of Service Vulnerability
CVE-2020-0786 No No Less Likely Less Likely Important 7.1 6.4
Windows UPnP Service Elevation of Privilege Vulnerability
CVE-2020-0781 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0783 No No Less Likely Less Likely Important 7.0 6.3
Windows Update Orchestrator Service Elevation of Privilege Vulnerability
CVE-2020-0867 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0868 No No Less Likely Less Likely Important 7.8 7.0
Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2020-0785 No No Less Likely Less Likely Important 7.0 6.3
Windows Work Folder Service Elevation of Privilege Vulnerability
CVE-2020-0777 No No Less Likely Less Likely Important 7.0 6.3
CVE-2020-0797 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0800 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0864 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0865 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0866 No No Less Likely Less Likely Important 7.8 7.0
CVE-2020-0897 No No Less Likely Less Likely Important 7.8 7.0

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

I will be teaching next: Intrusion Detection In-Depth - SANS Las Vegas Spring 2020

Johannes

3836 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!