March 11, 2020
March 2020 Threat Intelligence (CRITICAL ALERT)
This month’s updates include a vast 115 vulnerabilities, making this Microsoft’s largest Patch Tuesday known to date! 26 of the bugs this month have been ranked critical, making them easier to exploit and could result in a full device compromise if they are. All users are advised to install these security updates as soon as possible to ensure you’re protected from these security risks. Full information on this months patches can be found here: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Mar
The highlight of this month’s release
If there is one vulnerability to take note of this month, it’s CVE-2020-0684 – this is most likely to come under attack by malware developers. This is a bug in Windows LNK shortcut files that allows malware to execute code on a system when a malicious LNK file is processed by the Windows OS. Microsoft described this bug as a ‘boon for criminal activity’, allowing an easy way of planting malware on user devices. That vulnerability, assigned as CVE-2020-0674, has been patched with this month’s release. It could be used to install malware just by getting a user to browse to a malicious or hacked Web site.
The missing CVE-2020-0796 vulnerability
Microsoft was releasing a fix for a wormable SMBv3 RCE vulnerability (CVE-2020-0796), but it was never actually released. Not much information was available, but the vulnerability was very severe and felt like another ‘EternalBlue’ type of vulnerability. It was stated that “The exploitation of this vulnerability opens systems up to a “wormable” attack, which means it would be easy to move from victim to victim.” There is no further information on this yet.
That’s a wrap!
Other than that, there’s nothing really out of the ordinary to highlight. This month, Microsoft’s patches are just bulkier than ever, but there’s no earth-shattering bug that needs to be addressed with haste, like in previous months. Patch Tuesday updates are delivered in bulk, so accepting this month’s fixes will automatically install patches for all the 115 security flaws at once.
Patching is important…
Security vulnerabilities are the ‘low hanging fruit’ for hackers. Patching is essential to keep your information safe. It is also good practice to back up your system or at least your data before you apply any updates.
Customers are advised to follow these security tips:
- Install vendor patches immediately when available.
- Run all software with least privileges while still maintaining functionality.
- Do not handle files from questionable sources.
- Avoid visiting sites with unknown integrity.
- Block external access at the network perimeter to all key systems unless access is necessary.
Related articles:
- Coronavirus: Are your employees ready for remote working?
- [THREAT INTEL] NSA issues rare warning to patch against BlueKeep vulnerability
- Know your enemy: What motivates a cyber criminal?
- A buyers guide to patch management software
- Types of penetration test – what’s the difference?
- Pros and cons of outsourcing your cyber security: In-house or Managed SOC?
About CyberOne
CyberOne is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC). Located at the heart of a high security, controlled-access Tier 3 data centre, CyberOne’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.