Microsoft’s scheduled updates for March are out this week. With Patch Tuesday March, Microsoft has rolled-out an even bigger update with 115 fixes. Also, they erroneously disclosed an unpatched bug too! Here’s a quick overview of the updates.
Microsoft Patch Tuesday March Overview
With March Path Tuesday, Microsoft has addressed 115 different security flaws in various software.
One of these includes a critical remote code execution vulnerability in Microsoft Word. This vulnerability, CVE-2020-0852 existed due to Word’s failure to handle objects in memory. Thus, via a specially crafted file, an attacker could easily exploit the flaw in the context of the current user.
Describing the vulnerability in the advisory, Microsoft explained that an attacker could send the malicious file via phishing attacks, such as email phishing, or by hosting the file on a malicious website. The vendor also marked Microsoft Outlook Preview Pane as an attack vector.
Apart from this bug, Microsoft also fixed 25 other critical vulnerabilities in Windows Media Foundation, Graphics Device Interface (GDI), and browsers. All of these could lead to remote code execution upon an exploit. This also includes a flaw affecting the processing of .LNK files (CVE-2020-0684).
Besides, Microsoft released fixes for 88 important severity vulnerabilities across multiple products exhibiting different consequences.
Also, they addressed a moderate severity information disclosure vulnerability, CVE-2020-0765, in Remote Desktop Connection Manager by discontinuing the app in its entirety. Instead, they recommend an alternative.
Microsoft is not planning on fixing this vulnerability in RDCMan and has deprecated the application. Microsoft recommends using supported Remote Desktop clients and exercising caution when opening RDCMan configuration files (.rdg).
One Bug Still Remains Unpatched Despite Disclosure
While Microsoft addressed numerous bugs in March, they inadvertently disclosed one more vulnerability that they missed fixing. Tracked as CVE-2020-0796, the vulnerability affected the Microsoft Server Message Block (SMB) protocol. Microsoft deemed it a ‘wormable’ vulnerability, though, they didn’t reveal many technical details about it.
However, Fortinet has shared insights as they identify it as a remote code execution bug. As described in their advisory,
This indicates an attack attempt to exploit a Buffer Overflow Vulnerability in Microsoft SMB Servers.
The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet. A remote, unauthenticated attacker can exploit this to execute arbitrary code within the context of the application.
While it is unclear how the vulnerability surfaced online, the cybersecurity community was quick to find out this disclosure.
Eventually, as the news of the unpatched bug became public, Microsoft issued an advisory suggesting ways to disable SMBv3 compression.
Whereas, they lately have released a patch as well (KB4551762), which users may begin receiving shortly. Until then, users can implement the workaround to mitigate this vulnerability.