Critical Microsoft Vulnerability – March 2020

Critical Microsoft Vulnerability – March 2020

With the release of March 2020 security updates, Microsoft has released updates for 115 vulnerabilities.

With the release of March 2020 security updates, Microsoft has released updates for 115 vulnerabilities. 26 of these vulnerabilities are classified as Critical.

These updates also contain a vulnerability that affects all versions of Windows and can be used to remotely download and install malware on vulnerable computers (CVE-2020-0684).

It is recommended that the released patches within the scope of Microsoft March Security Updates should be applied as soon as possible after they have been tested on test systems and there is no problem.

Among these vulnerabilities, a vulnerability that may affect the institutional systems more than other weaknesses are explained in the following.

CVE-2020-0684 | LNK Remote Code Execution Vulnerability

There is a Remote Code Execution vulnerability in Microsoft Windows that could allow remote code execution when a .LNK file is processed.

An attacker who successfully exploited this vulnerability could gain the same rights as "local user".

Users whose accounts are configured to have fewer user rights in the system may be less affected by users working with "administrator" user rights.

An attacker could present the user with a removable drive or remote share containing a malicious .LNK file and an associated malicious binary file. When the user opens this driver (or remote share) in Windows Explorer or another application that parses the .LNK file, the malicious "binary" can run the attacker's preferred code on the target system.

The security update has been reported to address this vulnerability by repairing the process of shortcut LNK references.

SOLUTION/RECOMMENDATION

Security updates published by Microsoft; It must be implemented urgently on all relevant servers before any security incident occurs. Using vulnerability detection systems, all systems should be scanned for this vulnerability and the detected servers should be improved as soon as possible. In addition, if possible, it will be useful to activate signatures related to this vulnerability in security devices.

Before moving on to all systems, it is recommended that the update must be tested to skip any interruptions over the service.

Operating Systems

• Microsoft Client and Microsoft Server systems

Versions

• Microsoft Windows 7, Microsoft Windows 8.1, Microsoft Windows 10, Microsoft Exchange Server, Microsoft Server 2008, Microsoft Server 2012, Microsoft Server 2016, Microsoft Server 2019

CVE / CWE

CVE-2020-0684, CVE-2020-0765, CVE-2020-0774, CVE-2020-0775, CVE-2020-0795, CVE-2020-0813, CVE-2020-0820, CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0853, CVE-2020-0855, CVE-2020-0859, CVE-2020-0861, CVE-2020-0863, CVE-2020-0871, CVE-2020-0874, CVE-2020-0876, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882, CVE-2020-0885, CVE-2020-0891, CVE-2020-0892, CVE-2020-0893, CVE-2020-0894, CVE-2020-0902

Additional Information

1. https://www.bleepingcomputer.com/news/security/microsoft-march-2020-patch-tuesday-fixes-115-vulnerabilities/
2. https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar
3. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0684
4. https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar
5. https://www.zdnet.com/article/microsoft-march-2020-patch-tuesday-fixes-115-vulnerabilities/