Microsoft recently released a patch update for its software that is meant to solve the 115 security vulnerabilities that were found in the different versions of the Windows OS and software associated with it. So far, the latest version to fix vulnerabilities released on 10th March 2020. And this is the patch in the history of Microsoft.
The severity of the vulnerabilities
A total of 115 security vulnerabilities were identified and of these 26 patches were very critical. And 88 of them were severe and needed immediate attention and the last one was of moderate severity. Regarding the 26 critical and 88 medium severity, 17 out of these vulnerability are directly linked to the scripting engine and browser of Microsoft, four are linked to the Media Foundation, two are associated with GD+ and the remaining three are associated with LNK files and MS Word.
The vulnerabilities affected different products such as Microsoft Windows, Edge browser (CVE-2020-0816), Internet Explorer, Exchange Server, Office, Azure, Windows Defender, Dynamics, and Visual Studio.
Along with these security vulnerabilities, Microsoft also tried to get rid of the system code execution vulnerabilities. Two of these most critical patched severity vulnerabilities affected the remote code execution vulnerabilities tied to Internet Explorer (CVE-2020-0833, CVE-2020-0824) and the remaining one affected the VBscript language that is used by Microsoft (CVE-2020-0847).
The vulnerabilities found in the Internet Explorer and the VBscript is capable of corrupting the memory. Also, it allows the attacker to carry out LNK Remote Code Execution Vulnerability (CVE-2020-0684) in the pretext of an administrative user. Thus, the attacker can easily execute malicious code directly on the current system. If user is logged in and having the rights of an administration, rights would apply to the code as well.
Most Critical Vulnerabilities
The vulnerability is associated with the scripting engine and the way it utilizes the objects stored in the memory in the Internet Explorer. This vulnerability has the power to corrupt the memory and thus gives the attacker the power to carry out the execution of remote code pretending to the logged-in user. If the user enjoys administrative rights, things could go worse as the attacker can take complete control over the system affected by the bug.
With the successful utilization of the vulnerability, the attacker would be able to host a website specially crafted through Internet Explorer and prompt the user to view the website. But the attacker would not be having the capability to force the user to open the website, instead, he can prompt the user by sending it as an attachment in the mail.
The vulnerability would help an attacker execute malicious code on the system. It was caused by the VBScript engine’s mishandling of the objects in the memory.
The vulnerability in the VBScript language, if the attacker succeeds in acquiring the command over the tool via executing a remote code, then it would lead to the adversary to have powers similar to a sysadmin. Thus, the attacker would be able to run scripts and make use of the software tools to take control of the connected endpoints.
Another Microsoft Word Remote Code Execution Vulnerability (CVE-2020-0852) was also pointed out to be critical along with the above-mentioned vulnerabilities. Exploiting this vulnerability would give the attacker the power to perform specific operations in the pretext of the logged-in user using a file crafted for this purpose alone. Microsoft also announced that it would not be fixing the vulnerability that is associated with the RDCMan (Remote Desktop Connection Manager) CVE-2020-0765. Instead, the company urges the user to use the Remote Desktop clients and to be cautious when the user is planning to open configuration files related to RDCMan (.rdg).
This vulnerability is caused by the improper handling of objects by the MS Word software. An attacker could easily utilize the vulnerability and successfully run a file specially crafted by him. The file can then take actions and have rights the same as that of the logged-in user. The attacker can convince the user to open the file by sending it via email as an attachment.
For the All Security vulnerabilities patch update list, You can check out Microsoft’s official Security Update Guide portal.
Microsoft also released a patch for emergency fix SMBv3 wormable bug ( CVE-2020-0796). Microsoft has provided information on mitigation advice in a separate security advisory. This advisory is for users who can not install this Windows SMBv3 Client/Server Remote Code Execution Vulnerability patch.
How to update latest patch to fix vulnerabilities?
you can update latest march 2020 patch to fix vulnerabilities using the following steps :
- Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.
After appropriate testing, the patches provided by Microsoft have to be immediately applied. While running the software make sure you log in as a non-administrative user. This can reduce the risk of an attack by the malicious hacker or attacker.