Today’s VERT Alert addresses Microsoft’s March 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-874 on Wednesday, March 11th.
In-The-Wild & Disclosed CVEs
Microsoft has not identified any of the vulnerabilities released this month as having been identified in-the-wild or publicly disclosed.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag |
CVE Count |
CVEs |
Windows Defender |
2 |
CVE-2020-0762, CVE-2020-0763 |
Microsoft Dynamics |
1 |
CVE-2020-0905 |
Open Source Software |
1 |
CVE-2020-0872 |
Windows Diagnostic Hub |
1 |
CVE-2020-0854 |
Visual Studio |
2 |
CVE-2020-0789, CVE-2020-0884 |
Microsoft Windows |
51 |
CVE-2020-0684, CVE-2020-0777, CVE-2020-0778, CVE-2020-0779, CVE-2020-0780, CVE-2020-0781, CVE-2020-0783, CVE-2020-0785, CVE-2020-0786, CVE-2020-0787, CVE-2020-0797, CVE-2020-0800, CVE-2020-0801, CVE-2020-0802, CVE-2020-0803, CVE-2020-0804, CVE-2020-0806, CVE-2020-0807, CVE-2020-0808, CVE-2020-0809, CVE-2020-0810, CVE-2020-0840, CVE-2020-0841, CVE-2020-0842, CVE-2020-0843, CVE-2020-0844, CVE-2020-0845, CVE-2020-0849, CVE-2020-0769, CVE-2020-0771, CVE-2020-0772, CVE-2020-0775, CVE-2020-0776, CVE-2020-0793, CVE-2020-0819, CVE-2020-0820, CVE-2020-0857, CVE-2020-0858, CVE-2020-0860, CVE-2020-0861, CVE-2020-0863, CVE-2020-0864, CVE-2020-0865, CVE-2020-0866, CVE-2020-0869, CVE-2020-0871, CVE-2020-0874, CVE-2020-0876, CVE-2020-0879, CVE-2020-0896, CVE-2020-0897 |
Microsoft Edge |
1 |
CVE-2020-0816 |
Microsoft Graphics Component |
13 |
CVE-2020-0788, CVE-2020-0853, CVE-2020-0690, CVE-2020-0774, CVE-2020-0791, CVE-2020-0877, CVE-2020-0880, CVE-2020-0881, CVE-2020-0882, CVE-2020-0883, CVE-2020-0885, CVE-2020-0887, CVE-2020-0898 |
Microsoft Browsers |
1 |
CVE-2020-0768 |
Windows IIS |
1 |
CVE-2020-0645 |
Windows Installer |
8 |
CVE-2020-0798, CVE-2020-0814, CVE-2020-0770, CVE-2020-0773, CVE-2020-0822, CVE-2020-0859, CVE-2020-0867, CVE-2020-0868 |
Other |
1 |
CVE-2020-0765 |
Azure DevOps |
3 |
CVE-2020-0700, CVE-2020-0758, CVE-2020-0815 |
Microsoft Exchange Server |
1 |
CVE-2020-0903 |
Azure |
1 |
CVE-2020-0902 |
Windows Kernel |
2 |
CVE-2020-0799, CVE-2020-0834 |
Internet Explorer |
1 |
CVE-2020-0824 |
Microsoft Office |
5 |
CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892 |
Microsoft Scripting Engine |
15 |
CVE-2020-0811, CVE-2020-0812, CVE-2020-0813, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0847, CVE-2020-0848 |
Microsoft Office SharePoint |
4 |
CVE-2020-0891, CVE-2020-0893, CVE-2020-0894, CVE-2020-0795 |
Other Information
In addition to the Microsoft vulnerabilities included in the March Security Guidance, an advisory was released today.
Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing [ADV190023]
Microsoft has updated ADV190023 today to indicate the release of new hardening options related to LDAP Channel Binding. As indicated in the advisory, the following options are now available:
- Group Policy Entry: Domain controller: LDAP server channel binding token requirements
- Three New Directory Service event log events: CBT signing events 3039, 3040, and 3041 with event source Microsoft-Windows-ActiveDirectory_DomainService
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
