As part of Microsoft's March Patch Tuesday for 2020, which will unveil security updates, Microsoft released patches for 115 vulnerabilities identified in its products. Of these vulnerabilities, 24 are rated as critical, 88 as significant and 3 as moderate. Users should install the security updates recommended by Microsoft March 2020 Patch Tuesday as soon as possible to protect them. Windows from security risks.
Those interested in further information on non-security Windows updates can read the Windows 10 KB4540673 and KB4538461 updates.
There is, however, a strange case involving an error identified as CVE-2020-0796. Specifically, BleepingComputer reported that Microsoft was planning to release fixes for a "wormable" SMBv3 RCE vulnerability identified as CVE-2020-0796, but Microsoft never did so.
There is not much information on this case, but the only sure thing was that it was a very serious vulnerability that looked like another kind of vulnerability, EternalBlue. While Microsoft never published any information about it, sites insurance companies such as Fortinet and Cisco Talos, published information about this vulnerability. Since then, Cisco Talos has removed it. According to Cisco Talos, this vulnerability leaves the systems exposed to a potential type attack worm. In addition, if hackers exploit this vulnerability, they will be able to target their victims very easily.
The BleepingComputer has sent many messages e-mail to Microsoft for this case, but has not received any response.
Among the vulnerabilities that occurred this month and are of particular interest is a vulnerability identified as CVE-2020-0872, entitled "Running remote code in Application Inspector ”, which can be used by a hacker to steal the source code of files opened in Application Inspector.
Finally, two new vulnerabilities were fixed that could allow hackers to create custom edited .LNK files or documents Word that can execute code when opened. The first vulnerability is identified as CVE-2020-0684 and is called "Remote Code Execution Vulnerability in LNK". This vulnerability allows one hacker to create malicious files LNK that can execute code. The second vulnerability is identified as CVE-2020-0852 and is called "Microsoft Word Remote Code Execution Vulnerability". This vulnerability allows a hacker to create malicious Word documents that can execute code simply by opening them. But the worst part is that this vulnerability works in its preview window Outlook.