You may forget about a Tuesday chore, but Microsoft never forgets to release an update on Tuesday. It’s a new month, so another Patch Tuesday update has arrived for Windows 10 and other products.
This time, Redmond has managed to fix 115 security loopholes that might have affected users otherwise.
Out of these, Microsoft has flagged 26 vulnerabilities as critical that could have allowed attackers to leverage remote code executions. Hence, it is important to install the new Microsoft update. March 2020 Patch Tuesday is possibly the biggest Patch Tuesday the company has ever released.
The update fixes a flaw (CVE-2020-0852) in Microsoft Word, where the software fails to handle objects in the memory. This allows the attacker to run arbitrary code without needing the user to open a malicious file. That’s because the MS Outlook preview pane (that loads documents automatically) can be used as an attack vector.
Application Inspector is a relatively new Windows component that got affected by an RCE vulnerability (CVE-2020-0872). Although exploitation is less likely, the vulnerability exists in the way “the tool reflects example code snippets from third-party source files into its HTML output.”
An attacker can convince the user to run the Application Inspector on a source code that includes a malicious third-party component. Apparently, the Application Inspector is a source code analyzer tool that, among other jobs, can help in the detection of malicious backdoors and increased attack surface in a given code.
Now, as always, you don’t need to do anything as Windows Update will automatically install the update on your machine, provided you haven’t paused it.
Microsoft SMBv3 wormable bug (unpatched)
A big highlight of March Patch Tuesday is a remote code execution vulnerability in Microsoft Server Message Block 3.1.1 (SMBv3) that kicks in when it handles certain requests.
Upon successful exploitation, it can be used to target an SMB Client or Server. According to ZDNet, it’s being warned that the vulnerability could bring about another havoc to the likes of EternalBlue.
Microsoft released a separate advisory detailing how an attacker will have to configure a malicious SMBv3 Server and convince the target client to connect to it. On the other hand, an SMB Server can be compromised by sending a specially crafted packet based on the exploit.
As of writing this, Microsoft hasn’t issued a patch for the critical SMBv3 RCE vulnerability. However, it confirmed that the vulnerability isn’t publicly disclosed or exploited yet.