Micosoft’s
March 2020 Patch Tuesday released saw the company rollout patches for 115
vulnerabilities with 26 rated critical, however, in a rare event Adobe is
taking this month off publicizing no updates.

This is the second
month in a row that Microsoft has busy Patch
Tuesday. In February the company patched 99 vulnerabilities, including one
zero day. One analyst piggy-backed on to today’s roll out to note that a
vulnerability included in February’s release, CVE-2020-0688, is being actively
exploited in the wild and even though a large number of new updates have been
issued, admins should prioritize taking care of his older CVE if they have not
done so already.

The critical
issues fixed by Microsoft this month include 58 elevation of privilege flaws
with Satnam Narang, principal research engineer at Tenable listing CVE-2020-0788,
CVE-2020-0877 and CVE-2020-0887 as the most severe. Microsoft agrees listing
them as most likely to be exploited.

“These are
elevation of privilege flaws in Win32k due to improper handling of objects in
memory. Elevation of Privilege vulnerabilities are leveraged by attackers
post-compromise, once they’ve managed to gain access to a system in order to
execute code on their target systems with elevated privileges,” he said.

Jay Goodman,
Automox’s strategic product marketing manager, cherry picked CVE-2020-0833,
CVE-2020-0824 and CVE-2020-0847 for added attention. The first two are remote
code execution vulnerabilities that could corrupt system memory giving an
attacker access in the role of the user.

“CVE-2020-0847
is also a remote code execution vulnerability, this time in VBScript. VBscript
is a scripting language used by Microsoft. It allows system admins to run
powerful scripts and tools for managing endpoints and will give the user
complete control over many aspects of the device,” he said.

CVE-2020-0847
is also a corrupt memory system issue with threat actors generally using
phishing or browser attacks to first gain entry.

In addition
to last month’s issue, Recorded Future’s Liska highlighted CVE-2020-8050,
CVE-2020-8051, CVE-2020-8052 and CVE-2020-8055. All are remote code execution
vulnerabilities in Microsoft Word that take advantage of how the software
handles objects in memory. A malicious actor would have to send and then
convince a victim to click on a malicious document to initiate an attack. However,
CVE-2020-8052 is even more dangerous and can be launched through an Outlook preview
page without the need to click on the document.

“As Recorded
Future has previously noted, Microsoft Office is among the most popular attack
vectors for cybercriminals. We expect one or more of these vulnerabilities will
be weaponized sooner rather than later,” he said.

Animesh Jain, from Qualys’ expert vulnerability management research team, pointed out that even some issues that Microsoft considers less likely to be exploited should still garner admin attention and concern. CVE-2020-0905 is a remote code execution vulnerability effecting effects the Dynamics Business Central client that falls into this category, but Jain said the fact that this is likely to reside on a critical server makes it important to patch.