March 2020 Patch Bulletin
This month we have 100 unique CVE’s listed, 11 technologies with updates, and 6 technologies with critical updates.
The great news this month is that there were 0 publicly disclosed or attacked vulnerabilities!
Windows has 63 unique CVE’s with some of those being critical.
For additional details, please find the information from Microsoft below:
| Technology | Products Affected | Severity | Reference | Workaround/Exploited/ Publicly Disclosed Vulnerability Info | |
|---|---|---|---|---|---|
| Windows | Windows 8.1, 8.1 RT, 10, Server 2012, 2016, 2019 | Critical | CVE-2020-0645 CVE-2020-0762 CVE-2020-0763 CVE-2020-0769 CVE-2020-0770 CVE-2020-0771 CVE-2020-0662 CVE-2020-0773 CVE-2020-0776 CVE-2020-0777 CVE-2020-0778 CVE-2020-0779 CVE-2020-0780 CVE-2020-0781 CVE-2020-0783 CVE-2020-0785 CVE-2020-0786 CVE-2020-0787 CVE-2020-0788 CVE-2020-0797 CVE-2020-0798 CVE-2020-0799 CVE-2020-0800 CVE-2020-0801 CVE-2020-0802 CVE-2020-0803 CVE-2020-0806 CVE-2020-0807 CVE-2020-0808 CVE-2020-0810 CVE-2020-0814 CVE-2020-0819 CVE-2020-0820 CVE-2020-0822 CVE-2020-0845 CVE-2020-0849 CVE-2020-0853 CVE-2020-0854 CVE-2020-0857 CVE-2020-0858 CVE-2020-0859 CVE-2020-0860 CVE-2020-0861 CVE-2020-0863 CVE-2020-0864 CVE-2020-0865 CVE-2020-0866 CVE-2020-0867 CVE-2020-0868 CVE-2020-0869 CVE-2020-0871 CVE-2020-0874 CVE-2020-0876 CVE-2020-0877 CVE-2020-0879 CVE-2020-0880 CVE-2020-0881 CVE-2020-0882 CVE-2020-0883 CVE-2020-0885 CVE-2020-0887 CVE-2020-0896 CVE-2020-0897 CVE-2020-0898 | Workaround: No Public: No Exploited: No | Denial of Service Elevation of Privilege Information Disclosure Tampering Remote Code Execution |
| Edge | Microsoft Edge (EdgeHTML-based) | Critical | CVE-2020-0768 CVE-2020-0816 CVE-2020-0823 CVE-2020-0848 CVE-2020-0811 CVE-2020-0812 CVE-2020-0813 CVE-2020-0825 CVE-2020-0826 CVE-2020-0827 CVE-2020-0828 CVE-2020-0829 CVE-2020-0830 CVE-2020-0831 | Workaround: No Exploited: No Public: No | Remote Code Execution Information Disclosure |
| ChakraCore | All | Critical | CVE-2020-0768 CVE-2020-0811 CVE-2020-0812 CVE-2020-0813 CVE-2020-0823 CVE-2020-0825 CVE-2020-0826 CVE-2020-0827 CVE-2020-0828 CVE-2020-0829 CVE-2020-0830 CVE-2020-0831 CVE-2020-0848 | Workaround: No Exploited: No Public: No | Remote Code Execution Information Disclosure |
| IE | 9, 10, 11 | Critical | CVE-2020-0768 CVE-2020-0824 guidance/advisory/CVE-2020-0830">CVE-2020-0830 CVE-2020-0832 CVE-2020-0833 CVE-2020-0847 | Workaround: No Exploited: No Public: No | Remote Code Execution |
| Exchange Server | Exchange Server 2016, 2019 | Important | CVE-2020-0903 | Workaround: No Exploited: No Public: No | Spoofing |
| Office, Office Services, Office Web Apps | Office 2010, 2016 for Mac, 2019, 2019 for Mac Office Online Server SharePoint Enterprise Server 2013, 2016 Foundation 2010, 2013 Server 2020, 2019 Word 2010, 2013, 2016 Office 365 ProPlus | Critical | CVE-2020-0795 CVE-2020-0850 CVE-2020-0851 CVE-2020-0855 CVE-2020-0891 CVE-2020-0892 CVE-2020-0893 CVE-2020-0894 | Workaround: No Exploited: No Public: No | Information Disclosure Remote Code Execution Spoofing |
| Azure DevOps | 2019 | Important | CVE-2020-0700 CVE-2020-0758 CVE-2020-0815 | Workaround: No Exploited: No Public: No | Elevation of Privilege Spoofing |
| Visual Studio | 2015, 2017, 2019 | Important | CVE-2020-0789 CVE-2020-0793 CVE-2020-0810 CVE-2020-0884 | Workaround: No Exploited: No Public: No | Denial of Service Elevation of Privilege Spoofing |
| Open Source | Application Inspector | Important | CVE-2020-0872 | Workaround: No Exploited: No Public: No | Remote Code Execution |
| Azure | Service Fabric | Important | CVE-2020-0902 | Workaround: No Exploited: No Public: No | Elevation of Privilege |
| Dynamics | Dynamics 365 Business Central 2019 Dynamics 365 BC On Premise Dynamics NAV 2013, 2015, 2016, 2017, 2018 | Critical | CVE-2020-0905 | Workaround: No Exploited: No Public: No | Remote Code Execution |
In case of any questions or clarifications please feel free to reach out to ECHO’s Service Desk.