Service Notices
Microsoft Releases March 2020 Security Updates
Mar 13, 2020 GMT+08:00
I. Overview
Microsoft recently released its monthly set of security updates. 115 vulnerabilities are disclosed, among which 26 are rated critical. Attackers can exploit these vulnerabilities to perform remote code execution, escalate privileges, and obtain sensitive information. The following software is affected: Microsoft Windows, Microsoft Edge, ChakraCore, and Internet Explorer.
Microsoft release notes:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar
In these updates, there is a security advisory on disabling SMBv3 compression, disclosing a remote code execution vulnerability (CVE-2020-0796). Microsoft is aware of the vulnerability in the way that SMBv3 protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client. This vulnerability affects Windows 10, Windows Server (versions 1903 and 1909).
Microsoft has released update about CVE-2020-0796 and provided patch to fix it. However, this vulnerability can possibly lead to risks of worms. Therefore, we kindly remind you to perform inspection and install the patch as soon as possible. Note: Public images provided by HUAWEI CLOUD are not affected.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Edge, ChakraCore, and Internet Explorer
IV. Vulnerability Details
CVE ID | Vulnerability Name | Severity | Vulnerability Description |
CVE-2020-0684 | LNK Remote Code Execution Vulnerability | Important | A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if an LNK file is processed. |
CVE-2020-0768 CVE-2020-0830 CVE-2020-0832 CVE-2020-0833 | Scripting Engine Memory Corruption Vulnerability | Important | A remote code execution vulnerability exists in the way that the script engine of Internet Explorer handles objects in memory. This vulnerability can corrupt the memory and allow attackers to execute arbitrary code in the user's context. |
CVE-2020-0801 CVE-2020-0807 CVE-2020-0809 CVE-2020-0869 | Media Foundation Memory Corruption Vulnerability | Important | A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory. An attacker who successfully exploited the vulnerability could install programs; view, change, or delete data; or create new accounts with full user rights. |
CVE-2020-0811 CVE-2020-0812 | Chakra Scripting Engine Memory Corruption Vulnerability | Important | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (based on HTML). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the user's context. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
CVE-2020-0816 | Microsoft Edge Memory Corruption Vulnerability | Important | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
CVE-2020-0823 CVE-2020-0825 CVE-2020-0826 CVE-2020-0827 CVE-2020-0828 CVE-2020-0829 CVE-2020-0831 CVE-2020-0848 | Scripting Engine Memory Corruption Vulnerability | Important | A remote code execution vulnerability exists in the way that the ChakraCore script engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
CVE-2020-0824 | Internet Explorer Memory Corruption Vulnerability | Important | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
CVE-2020-0847 | VBScript Remote Code Execution Vulnerability | Important | A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
CVE-2020-0852 | Microsoft Word Remote Code Execution Vulnerability | Important | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. |
CVE-2020-0881 CVE-2020-0883 | GDI+ Remote Code Execution Vulnerability | Important | A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. |
CVE-2020-0905 | Dynamics Business Central Remote Code Execution Vulnerability | Important | A remote code execution vulnerability exists in Microsoft Dynamics Business Central. An attacker who successfully exploited this vulnerability could execute arbitrary shell commands on victim's server. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://portal.msrc.microsoft.com/en-us/security-guidance
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.