Microsoft Patch Tuesday Audit – March 2020

Microsoft-Patch-Tuesday

TL;DR | Go Straight to the March 2020 Patch Tuesday Audit Report.

The March 2020 Patch Tuesday updates from Microsoft have arrived. Microsoft released fixes for 115 CVE-numbered security vulnerabilities, 26 of which are classified as critical vulnerabilities. The good news is that none of them under active attack.

The Patch Tuesday of March 2020 is one of the biggest in Microsoft's history, as the tech giant released fixes for 115 security flaws. Unlike the February 2020 Patch Tuesday madness which included Internet Explorer (IE) zero-day patches, none of the vulnerabilities are listed as being under active attack at the time of release.

One particular RCE hole worth mentioning lies within SMBv3. "An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client," says Microsoft. There is no fix available in the Patch Tuesday March 2020 update other than to disable SMBv3 compression for servers.

Among the other critical alerts is CVE-2020-0852, a remote code execution flaw in Word. This Microsoft Word Remote Code Execution vulnerability could be exploited through the preview pane in Outlook, making it a more interesting target for threat actors.

Run the February 2020 Patch Tuesday Audit Report

Similar to previous months, we've created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible to protect Windows from security risks.

If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday March 2020 Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.

Overview: March 2020 Security Updates

Below is the full list of all vulnerabilities and released advisories in the March 2020 Patch Tuesday updates.

Affected ProductCVE CodeCVE TitleSeverity
AzureCVE-2020-0902Service Fabric Elevation of PrivilegeImportant
Azure DevOpsCVE-2020-0758Azure DevOps Server and Team Foundation Services Elevation of Privilege VulnerabilityImportant
Azure DevOpsCVE-2020-0815Azure DevOps Server and Team Foundation Services Elevation of Privilege VulnerabilityImportant
Azure DevOpsCVE-2020-0700Azure DevOps Server Cross-site Scripting VulnerabilityImportant
Internet ExplorerCVE-2020-0824Internet Explorer Memory Corruption VulnerabilityCritical
Microsoft BrowsersCVE-2020-0768Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft DynamicsCVE-2020-0905Dynamics Business Central Remote Code Execution VulnerabilityCritical
Microsoft EdgeCVE-2020-0816Microsoft Edge Memory Corruption VulnerabilityCritical
Microsoft Exchange ServerCVE-2020-0903Microsoft Exchange Server Spoofing VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0774Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0788Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0791Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0690DirectX Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0853Windows Imaging Component Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0877Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0882Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0883GDI+ Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-0881GDI+ Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2020-0880Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0887Win32k Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0898Windows Graphics Component Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2020-0885Windows Graphics Component Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2020-0850Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-0852Microsoft Word Remote Code Execution VulnerabilityCritical
Microsoft OfficeCVE-2020-0892Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-0851Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2020-0855Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0795Microsoft SharePoint Reflective XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0891Microsoft SharePoint Reflective XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0893Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Office SharePointCVE-2020-0894Microsoft Office SharePoint XSS VulnerabilityImportant
Microsoft Scripting EngineCVE-2020-0830Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0829Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0813Scripting Engine Information Disclosure VulnerabilityImportant
Microsoft Scripting EngineCVE-2020-0826Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0827Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0825Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0831Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0847VBScript Remote Code Execution VulnerabilityModerate
Microsoft Scripting EngineCVE-2020-0811Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0828Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0848Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0823Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0832Scripting Engine Memory Corruption VulnerabilityModerate
Microsoft Scripting EngineCVE-2020-0812Chakra Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2020-0833Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2020-0897Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0896Windows Hard Link Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0871Windows Network Connections Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0874Windows GDI Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0876Win32k Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0775Windows Error Reporting Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0879Windows GDI Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0793Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0776Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0869Media Foundation Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2020-0861Windows Network Driver Interface Specification (NDIS) Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0863Connected User Experiences and Telemetry Service Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0860Windows ActiveX Installer Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0857Windows Search Indexer Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0858Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0865Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0866Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0864Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0820Media Foundation Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2020-0819Windows Device Setup Manager Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0804Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0779Windows Installer Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0802Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0803Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0778Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0809Media Foundation Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2020-0810Diagnostic Hub Standard Collector Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0807Media Foundation Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2020-0808Provisioning Runtime Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0797Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0785Windows User Profile Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0786Windows Tile Object Service Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2020-0787Windows Background Intelligent Transfer Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0783Windows UPnP Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0800Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0801Media Foundation Memory Corruption VulnerabilityCritical
Microsoft WindowsCVE-2020-0781Windows UPnP Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0780Windows Network List Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0777Windows Work Folder Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0772Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0849Windows Hard Link Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0845Windows Network Connections Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0684LNK Remote Code Execution VulnerabilityCritical
Microsoft WindowsCVE-2020-0769Windows CSC Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0771Windows CSC Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0841Windows Hard Link Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0840Windows Hard Link Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0806Windows Error Reporting Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0843Windows Installer Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0844Connected User Experiences and Telemetry Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2020-0842Windows Installer Elevation of Privilege VulnerabilityImportant
Open Source SoftwareCVE-2020-0872Remote Code Execution Vulnerability in Application InspectorImportant
OtherCVE-2020-0765Remote Desktop Connection Manager Information Disclosure VulnerabilityModerate
Visual StudioCVE-2020-0789Visual Studio Extension Installer Service Denial of Service VulnerabilityImportant
Visual StudioCVE-2020-0884Microsoft Visual Studio Spoofing VulnerabilityImportant
Windows DefenderCVE-2020-0763Windows Defender Security Center Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2020-0762Windows Defender Security Center Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2020-0854Windows Mobile Device Management Diagnostics Elevation of Privilege VulnerabilityImportant
Windows IISCVE-2020-0645Microsoft IIS Server Tampering VulnerabilityImportant
Windows InstallerCVE-2020-0814Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0773Windows ActiveX Installer Service Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0770Windows ActiveX Installer Service Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0822Windows Language Pack Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0859Windows Modules Installer Service Information Disclosure VulnerabilityImportant
Windows InstallerCVE-2020-0868Windows Update Orchestrator Service Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0798Windows Installer Elevation of Privilege VulnerabilityImportant
Windows InstallerCVE-2020-0867Windows Update Orchestrator Service Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0834Windows ALPC Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2020-0799Windows Kernel Elevation of Privilege VulnerabilityImportant

Receive the Latest Patch Tuesday Report for FREE Every Month

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​
FREE WHITE PAPER
Why centralized IT Asset Discovery is more crucial than ever.