Micosoft’s March 2020 Patch Tuesday released saw the company rollout patches for 115 vulnerabilities with 26 rated critical, however, in a rare event Adobe is taking this month off publicizing no updates.
This is the second month in a row that Microsoft has busy Patch Tuesday. In February the company patched 99 vulnerabilities, including one zero day. One analyst piggy-backed on to today’s roll out to note that a vulnerability included in February’s release, CVE-2020-0688, is being actively exploited in the wild and even though a large number of new updates have been issued, admins should prioritize taking care of his older CVE if they have not done so already.
The critical issues fixed by Microsoft this month include 58 elevation of privilege flaws with Satnam Narang, principal research engineer at Tenable listing CVE-2020-0788, CVE-2020-0877 and CVE-2020-0887 as the most severe. Microsoft agrees listing them as most likely to be exploited.
“These are elevation of privilege flaws in Win32k due to improper handling of objects in memory. Elevation of Privilege vulnerabilities are leveraged by attackers post-compromise, once they’ve managed to gain access to a system in order to execute code on their target systems with elevated privileges,” he said.
Jay Goodman, Automox’s strategic product marketing manager, cherry picked CVE-2020-0833, CVE-2020-0824 and CVE-2020-0847 for added attention. The first two are remote code execution vulnerabilities that could corrupt system memory giving an attacker access in the role of the user.
“CVE-2020-0847 is also a remote code execution vulnerability, this time in VBScript. VBscript is a scripting language used by Microsoft. It allows system admins to run powerful scripts and tools for managing endpoints and will give the user complete control over many aspects of the device,” he said.
CVE-2020-0847 is also a corrupt memory system issue with threat actors generally using phishing or browser attacks to first gain entry.
In addition to last month’s issue, Recorded Future’s Liska highlighted CVE-2020-8050, CVE-2020-8051, CVE-2020-8052 and CVE-2020-8055. All are remote code execution vulnerabilities in Microsoft Word that take advantage of how the software handles objects in memory. A malicious actor would have to send and then convince a victim to click on a malicious document to initiate an attack. However, CVE-2020-8052 is even more dangerous and can be launched through an Outlook preview page without the need to click on the document.
“As Recorded Future has previously noted, Microsoft Office is among the most popular attack vectors for cybercriminals. We expect one or more of these vulnerabilities will be weaponized sooner rather than later,” he said.
Animesh Jain, from Qualys’ expert vulnerability management research team, pointed out that even some issues that Microsoft considers less likely to be exploited should still garner admin attention and concern. CVE-2020-0905 is a remote code execution vulnerability effecting effects the Dynamics Business Central client that falls into this category, but Jain said the fact that this is likely to reside on a critical server makes it important to patch.