Threat Intelligence March 2020: The Largest Patch Tuesday Release Seen in Microsoft’s History

March 2020 Threat Intelligence (CRITICAL ALERT)

This month’s updates include 115 vulnerabilities, making this Microsoft’s largest Patch Tuesday to date! 26 of the bugs this month have been ranked critical, making them easier to exploit and, if they are, could result in a full device compromise. All users are advised to install these security updates as soon as possible to protect themselves from these security risks. Full information on this month’s patches can be found here: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar.

The Highlight of This Month’s Release

If there is one vulnerability to take note of this month, it’s CVE-2020-0684 - this is most likely to come under attack by malware developers. This bug in Windows LNK shortcut files allows malware to execute code on a system when the Windows OS processes a malicious LNK file. Microsoft described this bug as a ‘boon for criminal activity’, allowing an easy way of planting malware on user devices. That vulnerability, assigned as CVE-2020-0674, has been patched with this month’s release. It could be used to install malware by getting a user to browse a malicious or hacked Website.

The Missing CVE-2020-0796 Vulnerability

Microsoft was releasing a fix for a wormable SMBv3 RCE vulnerability (CVE-2020-0796), but it was never released. Not much information was available, but the vulnerability was severe and felt like another ‘EternalBlue’ type. It was stated that “Exploiting this vulnerability opens systems up to a ‘wormable' attack, which means it would be easy to move from victim to victim.” There is no further information on this yet.

That’s a Wrap!

Other than that, nothing is out of the ordinary to highlight. Microsoft’s patches are just bulkier this month than ever, but no earth-shattering bug needs to be addressed with haste, like in previous months. Patch Tuesday updates are delivered in bulk, so accepting this month’s fixes will automatically install patches for all 115 security flaws simultaneously.

Patching is Important...

Security vulnerabilities are hackers’ low-hanging fruit. Patching is essential to keeping your information safe. It is also good practice to back up your system or data before applying any updates.

Customers Are Advised to Follow These Security Tips:

• Install vendor patches immediately when available.
• Run all software with the least privileges while still maintaining functionality.
• Do not handle files from questionable sources.
• Avoid visiting sites with unknown integrity.
• Block external access at the network perimeter to all key systems unless access is necessary.

Related Articles:

• Coronavirus: Are your employees ready for remote working?
• [THREAT INTEL] NSA issues rare warning to patch against BlueKeep vulnerability
• Know your enemy: What motivates a cyber criminal?
• A buyer’s guide to patch management software
• What are the types of Penetration Tests? What’s the difference?
• Pros and cons of outsourcing your cyber security: In-house or Managed SOC?

About CyberOne

CyberOne is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24x7 from our ISO27001-accredited UK Security Operations Centre (SOC). Located at the heart of a high-security, controlled-access Tier 3 data centre, CyberOne's state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts, and disrupts hacker behaviour as part of a multi-layered security defence to help secure some of the UK's leading organisations.