Match 2020 Patch Tuesday ! Hefty Month
Microsoft disclosed 25 critical vulnerabilities this month, 20 of which we will highlight below.
CVE-2020-0684 is a remote code execution vulnerability in Microsoft Windows that arises if the user opens a specially crafted, malicious .LNK file. This file could be presented to the victim on a removable drive or remote share, and then when opened, would execute a malicious binary embedded in the file.
CVE-2020-0801, CVE-2020-0807, CVE-2020-0809 and CVE-2020-0869 are memory corruption vulnerabilities in Microsoft Media Foundation. All of these could allow an attacker to gain the ability to install programs, view, change or delete data or create new user accounts on the victim machine. A user could trigger this vulnerability by opening a specially crafted, malicious file or web page. Attackers are most likely to try and exploit this vulnerability via spam emails with malicious links and attachments.
CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833 and CVE-2020-0848 are all memory corruption vulnerabilities in the way the ChakraCore scripting engine handles objects in memory. If successful, an attacker could corrupt the victim machine’s memory in a way that would allow them to execute arbitrary code in the context of the current user.
CVE-2020-0824 and CVE-2020-0847 are remote code execution vulnerabilities in the VBScript engine. An attacker could exploit these bugs by tricking the user into visiting a specially crafted website in the Internet Explorer web browser or by marking an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the Internet Explorer rendering engine. These bugs specifically require user interaction and would rely on some form of social engineering on the attacker’s part.
CVE-2020-0881 and CVE-2020-0883 are remote code execution vulnerabilities in GDI+, an API for C and C++ programmers. An attacker could exploit these bugs by hosting a specially crafted website and then convincing the user to open it. Additionally, a victim could open a malicious document designed to exploit this vulnerability that’s provided to them via email or any other file-sharing method.
These are the other critical vulnerabilities:
This release also contains 91 important vulnerabilities, five of which we will highlight.
CVE-2020-0850, CVE-2020-0851, CVE-2020-0852 and CVE-2020-0855 are all remote code execution vulnerabilities that exist in the way Microsoft Word handles objects in memory. If successful, the attacker could use these bugs to carry out malicious actions in the context of the current user via the Word document. Attackers are likely to use spam emails to try and distribute these malicious documents.
CVE-2020-0761 is an elevation of privilege vulnerability in Microsoft Office. An attacker could exploit this bug to execute the OLicenseHeartbeat task at the SYSTEM level after replacing a normally legitimate file with a specially crafted one, corrupting memory. This vulnerability could be used with other remote code execution vulnerabilities disclosed this month to carry out a more serious attack with higher than usual privileges.
The other important vulnerabilities are:
There is also one moderate vulnerability, CVE-2020-0765.