March Patch Tuesday: LNK, Microsoft Word Vulnerabilities Get Fixes

Following the unexpectedly long list of fixes included in last month’s Patch Tuesday, March brings an even longer one, albeit less eventful. A total of 115 vulnerabilities were fixed, 26 of which were identified as Critical as they could lead to remote code execution (RCE). 88 were classified as Important and included patches for various Windows components such as Microsoft Office, Work Folders, and Network Connections Service. One final vulnerability was classified as Moderate. None of this month’s listed vulnerabilities were exploited in the wild before they were patched this month; seven of the vulnerabilities were disclosed via the Zero Day Initiative.

The most notable vulnerabilities patched this month include an RCE flaw in how .LNK files are handled, as well as a vulnerability in Microsoft Word that can be triggered via the Preview Pane. Here’s a closer look at the major vulnerabilities addressed this month:

LNK Vulnerability

CVE-2020-0684 is an RCE vulnerability that could allow remote code execution via specially crafted .LNK files when they are processed. LNK bugs have gotten a lot of press in the past, and deservedly so. Successfully exploiting this vulnerability could give attackers the same user rights as the local user. This type of attack could lead to victims losing control over a system or its individual components and having their sensitive data stolen. It is worth noting that last month’s patches also included a fix for another LNK handling vulnerability.

Microsoft Word Vulnerability

Vulnerabilities in various Microsoft Office products feature in every Patch Tuesday. However, CVE-2020-0852 stands out because this Microsoft Word vulnerability can be triggered simply by viewing a specially crafted file in the Preview Pane. This lowers the boundary to successful exploitation of this vulnerability, which would give the attacker the same level of access as the logged-in user.

Trend Micro Solutions

Installing Trend Micro™ Deep Security™ and Vulnerability Protection or similar solutions can protect users from threats that target the vulnerabilities in this month’s patch list. Affected installations will be updated to minimize disruptions and ensure that critical applications and sensitive enterprise data stay protected. The following rules have been released to cover the appropriate vulnerabilities:

  • 1010186 – Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-0824)
  • 1010187 – Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-0832)
  • 1010188 – Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2020-0833)
  • 1010189 – Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2020-0847)

Trend Micro™ TippingPoint® customers are protected from threats and attacks that may exploit some of the vulnerabilities fixed this month via the following MainlineDV filters:

  • 37268: HTTP: Microsoft Internet Explorer Remote Code Execution Vulnerability
  • 37269: HTTP: Microsoft Scripting Engine Memory Corruption Vulnerability
  • 37270: HTTP: Microsoft Windows Script Engine Memory Corruption Vulnerability
  • 37271: HTTP: Microsoft Windows ADO Memory Corruption Vulnerability

The post March Patch Tuesday: LNK, Microsoft Word Vulnerabilities Get Fixes appeared first on .

Original Source