Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft’s Patch Tuesday updates for March 2020 fix 115 issues

Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues have been rated as critical severity. Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues affecting Windows, Word, Dynamics Business Central, Edge, and Internet Explorer have been rated as critical severity. Microsoft’s Patch Tuesday updates for March 2020 also address […]

Microsoft Patch Tuesday

Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues have been rated as critical severity.

Microsoft’s Patch Tuesday updates for March 2020 address 115 vulnerabilities, 26 issues affecting Windows, Word, Dynamics Business Central, Edge, and Internet Explorer have been rated as critical severity.

Microsoft’s Patch Tuesday updates for March 2020 also address vulnerability Exchange Server, Office, Azure DevOps, Windows Defender, Visual Studio, and Dynamics.

88 vulnerabilities have been rated as important in severity, and only one as moderate in severity, most of the overall issues fixed by Microsoft (79) affect Windows OS,

The good news is that Microsoft is not aware of attacks in the wild that exploited one of the vulnerabilities patched this month and no one of the issues is listed as being publicly known. Seven of these flaws were reported through the ZDI program.

Patch Tuesday

Let’s give a look at some of the more interesting issues addressed by Microsoft for this month that could be abused by vxers.

CVE-2020-0852The flaw is Remote Code Execution Vulnerability that affects Word. The vulnerability could be exploited by attackers by simply tricking victims into viewing a specially crafted file in the Preview Pane. The flaw could allow code execution at the level of the logged-on user.

CVE-2020-0684The flaw is a LNK Remote Code Execution Vulnerability that could allow an attacker to create malicious LNK shortcut files that can perform code execution.

“The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary,” reads the advisory published by Microsoft. “When the user opens this drive(or remote share) in Windows Explorer or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice on the target system.”

Other critical remote code execution vulnerabilities fixed by Microsoft impact Internet Explorer (CVE-2020-0833CVE-2020-0824), the Edge browser (CVE-2020-0816), and the Chakra scripting engine (CVE-2020-0811).

Additional technical details on the Microsoft’s Patch Tuesday updates for March 2020 are available in the analysis published by Zero Day Initiative.

Users and system administrators are recommended to apply the latest security patches as soon as possible to prevent attackers exploiting them.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – malware, Patch Tuesday)

[adrotate banner=”5″]

[adrotate banner=”13″]