JPCERT-AT-2020-0010
JPCERT/CC
2020-03-11
Details on the vulnerabilities can be found at the following URL:
March 2020 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar
[Vulnerabilities addressed (Including Security Update Programs rated as "critical")]
* Listing up Microsoft Knowledge Base (KB) that are rated as "critical"
CVE-2020-0684
LNK Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0684
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540688, KB4540689
KB4540693, KB4540694, KB4541500, KB4541504, KB4541505, KB4541506
KB4541509, KB4541510
CVE-2020-0768
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0768
- KB4538461, KB4540670, KB4540671, KB4540673, KB4540681, KB4540688
KB4540689, KB4540693, KB4541509
CVE-2020-0801
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0801
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0807
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0807
- KB4538461, KB4540673, KB4540689
CVE-2020-0809
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0809
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0811
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0811
- KB4538461, KB4540673, KB4540681, KB4540689
CVE-2020-0812
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0812
- KB4538461, KB4540673
CVE-2020-0816
Microsoft Edge Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0816
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689
CVE-2020-0823
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0823
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0824
Internet Explorer Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0824
- KB4538461, KB4540670, KB4540671, KB4540673, KB4540681, KB4540688
KB4540689, KB4540693, KB4541509
CVE-2020-0825
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0825
- KB4538461, KB4540673
CVE-2020-0826
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0826
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0827
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0827
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0828
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0828
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0829
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0829
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0830
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0830
- KB4538461, KB4540670, KB4540671, KB4540673, KB4540681, KB4540688
KB4540689, KB4540693, KB4541509
CVE-2020-0831
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0831
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0832
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0832
- KB4538461, KB4540670, KB4540671, KB4540673, KB4540681, KB4540688
KB4540689, KB4540693, KB4541509
CVE-2020-0833
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0833
- KB4538461, KB4540670, KB4540671, KB4540673, KB4540681, KB4540688,
KB4540689, KB4540693, KB4541509
CVE-2020-0847
VBScript Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0847
- KB4538461, KB4540670, KB4540671, KB4540673, KB4540681, KB4540688
KB4540689, KB4540693, KB4541509
CVE-2020-0848
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0848
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689
CVE-2020-0852
Microsoft Word Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0852
- KB4484270, KB4484271, KB4484277
CVE-2020-0869
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0869
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0881
GDI+ Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0881
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540688, KB4540689
KB4540693, KB4540694, KB4541500, KB4541504, KB4541505, KB4541506
KB4541509, KB4541510
CVE-2020-0883
GDI+ Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0883
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540688, KB4540689
KB4540693, KB4540694, KB4541500, KB4541504, KB4541505, KB4541506
KB4541509, KB4541510
CVE-2020-0905
Dynamics Business Central Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0905
- KB4538708, KB4538884, KB4538885, KB4538886, KB4538887, KB4538888
KB4551258, KB4551259
Microsoft Update Catalog
https://www.catalog.update.microsoft.com/
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
Microsoft Corporation
March 2020 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar
Microsoft Corporation
Microsoft Security Updates for March 2020 (Monthly) (Japanese)
https://msrc-blog.microsoft.com/2020/03/10/202003-security-updates/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
TEL: +81-3-6811-0610 MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
JPCERT/CC
2020-03-11
I. Overview
Microsoft has released March 2020 Security Updates. This contains updates that are rated as "Critical". Remote attackers leveraging these vulnerabilities may be able to execute arbitrary code.Details on the vulnerabilities can be found at the following URL:
March 2020 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar
[Vulnerabilities addressed (Including Security Update Programs rated as "critical")]
* Listing up Microsoft Knowledge Base (KB) that are rated as "critical"
CVE-2020-0684
LNK Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0684
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540688, KB4540689
KB4540693, KB4540694, KB4541500, KB4541504, KB4541505, KB4541506
KB4541509, KB4541510
CVE-2020-0768
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0768
- KB4538461, KB4540670, KB4540671, KB4540673, KB4540681, KB4540688
KB4540689, KB4540693, KB4541509
CVE-2020-0801
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0801
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0807
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0807
- KB4538461, KB4540673, KB4540689
CVE-2020-0809
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0809
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0811
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0811
- KB4538461, KB4540673, KB4540681, KB4540689
CVE-2020-0812
Chakra Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0812
- KB4538461, KB4540673
CVE-2020-0816
Microsoft Edge Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0816
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689
CVE-2020-0823
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0823
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0824
Internet Explorer Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0824
- KB4538461, KB4540670, KB4540671, KB4540673, KB4540681, KB4540688
KB4540689, KB4540693, KB4541509
CVE-2020-0825
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0825
- KB4538461, KB4540673
CVE-2020-0826
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0826
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0827
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0827
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0828
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0828
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0829
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0829
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0830
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0830
- KB4538461, KB4540670, KB4540671, KB4540673, KB4540681, KB4540688
KB4540689, KB4540693, KB4541509
CVE-2020-0831
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0831
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0832
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0832
- KB4538461, KB4540670, KB4540671, KB4540673, KB4540681, KB4540688
KB4540689, KB4540693, KB4541509
CVE-2020-0833
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0833
- KB4538461, KB4540670, KB4540671, KB4540673, KB4540681, KB4540688,
KB4540689, KB4540693, KB4541509
CVE-2020-0847
VBScript Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0847
- KB4538461, KB4540670, KB4540671, KB4540673, KB4540681, KB4540688
KB4540689, KB4540693, KB4541509
CVE-2020-0848
Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0848
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689
CVE-2020-0852
Microsoft Word Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0852
- KB4484270, KB4484271, KB4484277
CVE-2020-0869
Media Foundation Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0869
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540689, KB4540693
CVE-2020-0881
GDI+ Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0881
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540688, KB4540689
KB4540693, KB4540694, KB4541500, KB4541504, KB4541505, KB4541506
KB4541509, KB4541510
CVE-2020-0883
GDI+ Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0883
- KB4538461, KB4540670, KB4540673, KB4540681, KB4540688, KB4540689
KB4540693, KB4540694, KB4541500, KB4541504, KB4541505, KB4541506
KB4541509, KB4541510
CVE-2020-0905
Dynamics Business Central Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0905
- KB4538708, KB4538884, KB4538885, KB4538886, KB4538887, KB4538888
KB4551258, KB4551259
II. Solution
Please apply the security update programs through Microsoft Update,Windows Update, etc. as soon as possible.Microsoft Update Catalog
https://www.catalog.update.microsoft.com/
Windows Update: FAQ
https://support.microsoft.com/en-us/help/12373/windows-update-faq
III. References
Microsoft Corporation
March 2020 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar
Microsoft Corporation
Microsoft Security Updates for March 2020 (Monthly) (Japanese)
https://msrc-blog.microsoft.com/2020/03/10/202003-security-updates/
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
TEL: +81-3-6811-0610 MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/