Patch Tuesday March 2020: Update Highlights and Known Issues
Patch Tuesday March 2020 Edition
Microsoft rolled out the March 2020 Patch Tuesday updates on March 10, 2020. As always, with this batch of updates, the Redmond giant focuses on improving the overall functionality of the OS and fixing existing bugs.
This month’s updates are all about improving the security of most Windows components and apps. If you want to install the latest updates, you can check out this guide where you’ll also find the direct download links.
We already covered the key changes in these posts. Do check them out to learn what’s new:
- Download the Windows 10 March Patch Tuesday updates today
- The latest Patch Tuesday updates bring fixes to 115 CVEs
- KB4540705 fixes Credential Guard domain errors
- KB4540673 in Windows 10 v1909 and 1903 fixes OS update issues
What are the main updates?
- Microsoft Windows
Microsoft rolls out different Patch Tuesday updates for all the Windows 10 versions currently supported. For more information on the latest updates, check out our Windows 10 Patch Tuesday update history page.
- Microsoft Word
Microsoft uncovered an extremely dangerous vulnerability with Microsoft Word called CVE-2020-0852. Now that the March Patch Tuesday Updates have arrived, they have addressed a Microsoft Word Remote Code Execution Vulnerability.
Left unfixed, this vulnerability can cause you to expose yourself from simply viewing a specially crafted file in the Preview Pane. This allows code execution at the level of the logged-on user.
- Business Management Solution
This bug in the business management solution could allow attackers to execute arbitrary shell commands on a target system. While it is true that the exploitation of this Critical-rated bug won’t be straightforward, an authenticated attacker could still convince the target into connecting to a malicious Dynamics Business Central client or elevate permission to System to perform the code execution.
- LNK
This particular CVE is very similar to another similar CVE identified last month (called CVE-2020-0729). The fact that there is a need for a back-to-back patch to address the same issue simply indicates a failure to properly address the matter on the first try.
- Application Inspector
Microsoft managed to take care of a vulnerability that could allow an attacker to execute their code on a target system if they can convince a user to run Application Inspector on code that includes a specially crafted third-party component.
However, it is indicated that this CVE was treated back in January, but for some reason, it was included in the March patch Tuesday patch notes.
- Adobe
Strangely enough, the March Patch Tuesday updates bring no new features to any of the Adobe products. In February, Adobe had multiple releases, so it’s very likely security patches will be released at some point in March. We will update this blog with information should this happen.
Patch Tuesday list of CVEs
If you want to learn more about this month’s list of common vulnerabilities and exposures, you can check out the table below:
| Title | CVE | Severity |
| Microsoft Word Remote Code Execution Vulnerability | CVE-2020-0852 | Critical |
| Dynamics Business Central Remote Code Execution Vulnerability | CVE-2020-0905 | Critical |
| LNK Remote Code Execution Vulnerability | CVE-2020-0684 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2020-0811 | Critical |
| Chakra Scripting Engine Memory Corruption Vulnerability | CVE-2020-0812 | Critical |
| GDI+ Remote Code Execution Vulnerability | CVE-2020-0881 | Critical |
| GDI+ Remote Code Execution Vulnerability | CVE-2020-0883 | Critical |
| Media Foundation Memory Corruption Vulnerability | CVE-2020-0801 | Critical |
| Media Foundation Memory Corruption Vulnerability | CVE-2020-0807 | Critical |
| Media Foundation Memory Corruption Vulnerability | CVE-2020-0809 | Critical |
| Media Foundation Memory Corruption Vulnerability | CVE-2020-0869 | Critical |
| Microsoft Browser Memory Corruption Vulnerability | CVE-2020-0768 | Critical |
| Microsoft Browser Memory Corruption Vulnerability | CVE-2020-0830 | Critical |
| Microsoft Edge Memory Corruption Vulnerability | CVE-2020-0816 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2020-0823 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2020-0825 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2020-0826 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2020-0827 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2020-0828 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2020-0829 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2020-0831 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2020-0832 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2020-0833 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2020-0848 | Critical |
| VBScript Remote Code Execution Vulnerability | CVE-2020-0824 | Critical |
| VBScript Remote Code Execution Vulnerability | CVE-2020-0847 | Critical |
| Azure DevOps Elevation of Privilege Vulnerability | CVE-2020-0758 | Important |
| Azure DevOps Elevation of Privilege Vulnerability | CVE-2020-0815 | Important |
| Azure DevOps Server Cross-site Scripting Vulnerability | CVE-2020-0700 | Important |
| Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability | CVE-2020-0844 | Important |
| Connected User Experiences and Telemetry Service Information Disclosure Vulnerability | CVE-2020-0863 | Important |
| Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability | CVE-2020-0793 | Important |
| DirectX Elevation of Privilege Vulnerability | CVE-2020-0690 | Important |
| Media Foundation Information Disclosure Vulnerability | CVE-2020-0820 | Important |
| Microsoft Defender Elevation of Privilege Vulnerability | CVE-2020-0762 | Important |
| Microsoft Defender Elevation of Privilege Vulnerability | CVE-2020-0763 | Important |
| Microsoft Exchange Server Spoofing Vulnerability | CVE-2020-0903 | Important |
| Microsoft IIS Server Tampering Vulnerability | CVE-2020-0645 | Important |
| Microsoft Office SharePoint XSS Vulnerability | CVE-2020-0893 | Important |
| Microsoft Office SharePoint XSS Vulnerability | CVE-2020-0894 | Important |
| Microsoft SharePoint Reflective XSS Vulnerability | CVE-2020-0795 | Important |
| Microsoft SharePoint Reflective XSS Vulnerability | CVE-2020-0891 | Important |
| Microsoft Visual Studio Spoofing Vulnerability | CVE-2020-0884 | Important |
| Microsoft Word Remote Code Execution Vulnerability | CVE-2020-0850 | Important |
| Microsoft Word Remote Code Execution Vulnerability | CVE-2020-0851 | Important |
| Microsoft Word Remote Code Execution Vulnerability | CVE-2020-0855 | Important |
| Microsoft Word Remote Code Execution Vulnerability | CVE-2020-0892 | Important |
| Provisioning Runtime Elevation of Privilege Vulnerability | CVE-2020-0808 | Important |
| Remote Code Execution Vulnerability in Application Inspector | CVE-2020-0872 | Important |
| Scripting Engine Information Disclosure Vulnerability | CVE-2020-0813 | Important |
| Service Fabric Elevation of Privilege | CVE-2020-0902 | Important |
| Visual Studio Extension Installer Service Denial of Service Vulnerability | CVE-2020-0789 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2020-0788 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2020-0877 | Important |
| Win32k Elevation of Privilege Vulnerability | CVE-2020-0887 | Important |
| Win32k Information Disclosure Vulnerability | CVE-2020-0876 | Important |
| Windows ActiveX Installer Service Elevation of Privilege Vulnerability | CVE-2020-0770 | Important |
| Windows ActiveX Installer Service Elevation of Privilege Vulnerability | CVE-2020-0773 | Important |
| Windows ActiveX Installer Service Elevation of Privilege Vulnerability | CVE-2020-0860 | Important |
| Windows ALPC Elevation of Privilege Vulnerability | CVE-2020-0834 | Important |
| Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability | CVE-2020-0787 | Important |
| Windows CSC Service Elevation of Privilege Vulnerability | CVE-2020-0769 | Important |
| Windows CSC Service Elevation of Privilege Vulnerability | CVE-2020-0771 | Important |
| Windows Device Setup Manager Elevation of Privilege Vulnerability | CVE-2020-0819 | Important |
| Windows Diagnostics Hub Elevation of Privilege Vulnerability | CVE-2020-0810 | Important |
| Windows Elevation of Privilege Vulnerability | CVE-2020-0776 | Important |
| Windows Elevation of Privilege Vulnerability | CVE-2020-0858 | Important |
| Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-0772 | Important |
| Windows Error Reporting Elevation of Privilege Vulnerability | CVE-2020-0806 | Important |
| Windows Error Reporting Information Disclosure Vulnerability | CVE-2020-0775 | Important |
| Windows GDI Information Disclosure Vulnerability | CVE-2020-0774 | Important |
| Windows GDI Information Disclosure Vulnerability | CVE-2020-0874 | Important |
| Windows GDI Information Disclosure Vulnerability | CVE-2020-0879 | Important |
| Windows GDI Information Disclosure Vulnerability | CVE-2020-0880 | Important |
| Windows GDI Information Disclosure Vulnerability | CVE-2020-0882 | Important |
| Windows Graphics Component Elevation of Privilege Vulnerability | CVE-2020-0791 | Important |
| Windows Graphics Component Elevation of Privilege Vulnerability | CVE-2020-0898 | Important |
| Windows Graphics Component Information Disclosure Vulnerability | CVE-2020-0885 | Important |
| Windows Hard Link Elevation of Privilege Vulnerability | CVE-2020-0840 | Important |
| Windows Hard Link Elevation of Privilege Vulnerability | CVE-2020-0841 | Important |
| Windows Hard Link Elevation of Privilege Vulnerability | CVE-2020-0849 | Important |
| Windows Hard Link Elevation of Privilege Vulnerability | CVE-2020-0896 | Important |
| Windows Imaging Component Information Disclosure Vulnerability | CVE-2020-0853 | Important |
| Windows Installer Elevation of Privilege Vulnerability | CVE-2020-0779 | Important |
| Windows Installer Elevation of Privilege Vulnerability | CVE-2020-0798 | Important |
| Windows Installer Elevation of Privilege Vulnerability | CVE-2020-0814 | Important |
| Windows Installer Elevation of Privilege Vulnerability | CVE-2020-0842 | Important |
| Windows Installer Elevation of Privilege Vulnerability | CVE-2020-0843 | Important |
| Windows Kernel Elevation of Privilege Vulnerability | CVE-2020-0799 | Important |
| Windows Language Pack Installer Elevation of Privilege Vulnerability | CVE-2020-0822 | Important |
| Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability | CVE-2020-0854 | Important |
| Windows Modules Installer Service Information Disclosure Vulnerability | CVE-2020-0859 | Important |
| Windows Network Connections Service Elevation of Privilege Vulnerability | CVE-2020-0778 | Important |
| Windows Network Connections Service Elevation of Privilege Vulnerability | CVE-2020-0802 | Important |
| Windows Network Connections Service Elevation of Privilege Vulnerability | CVE-2020-0803 | Important |
| Windows Network Connections Service Elevation of Privilege Vulnerability | CVE-2020-0804 | Important |
| Windows Network Connections Service Elevation of Privilege Vulnerability | CVE-2020-0845 | Important |
| Windows Network Connections Service Information Disclosure Vulnerability | CVE-2020-0871 | Important |
| Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability | CVE-2020-0861 | Important |
| Windows Network List Service Elevation of Privilege Vulnerability | CVE-2020-0780 | Important |
| Windows Search Indexer Elevation of Privilege Vulnerability | CVE-2020-0857 | Important |
| Windows Tile Object Service Denial of Service Vulnerability | CVE-2020-0786 | Important |
| Windows Update Orchestrator Service Elevation of Privilege Vulnerability | CVE-2020-0867 | Important |
| Windows Update Orchestrator Service Elevation of Privilege Vulnerability | CVE-2020-0868 | Important |
| Windows UPnP Service Elevation of Privilege Vulnerability | CVE-2020-0781 | Important |
| Windows UPnP Service Elevation of Privilege Vulnerability | CVE-2020-0783 | Important |
| Windows User Profile Service Elevation of Privilege Vulnerability | CVE-2020-0785 | Important |
| Windows Work Folder Service Elevation of Privilege Vulnerability | CVE-2020-0777 | Important |
| Windows Work Folder Service Elevation of Privilege Vulnerability | CVE-2020-0797 | Important |
| Windows Work Folder Service Elevation of Privilege Vulnerability | CVE-2020-0800 | Important |
| Windows Work Folder Service Elevation of Privilege Vulnerability | CVE-2020-0864 | Important |
| Windows Work Folder Service Elevation of Privilege Vulnerability | CVE-2020-0865 | Important |
| Windows Work Folder Service Elevation of Privilege Vulnerability | CVE-2020-0866 | Important |
| Windows Work Folder Service Elevation of Privilege Vulnerability | CVE-2020-0897 | Important |
| Remote Desktop Connection Manager Information Disclosure Vulnerability | CVE-2020-0765 | Moderate |
What are the best practices for Patch Tuesday
There are a few things that you can do in order to make sure that your computer installs the latest Patch Tuesday updates without any issues. We all know that Windows updates often trigger errors. In extreme cases, they may even render your PC completely unusable. Follow these tips to make sure the update install process goes as smoothly as possible.
How to download the latest PT updates
We have a special category where we keep track of all the monthly releases for the products that you are interested in.
Exploit Wednesday & Uninstall Thursday
Right after Patch Tuesday, hackers try to exploit the vulnerabilities left unpatched by Microsoft. This leads to an increase in the number of cyber attacks. On the other hand, many users often decide to uninstall the Patch Tuesday updates a few hours after install due to the large number of issues they triggered — hence the name Uninstall Thursday. Check out this guide to learn more on how to stay safe after Patch Tuesday and make sure the updates don’t brick your computer.
Patch Tuesday: All your Questions Answered
- When is Patch Tuesday released? Microsoft rolls out new Patch Tuesday updates on the second Tuesday of each month. The next Patch Tuesday Update is expected to arrive on April 14, 2020.
- How does Patch Tuesday work? We already answered this question in this quick guide. Do check it out to learn more on the mechanisms behind Patch Tuesday.
- What is the bandwidth impact of Patch Tuesday? When actively downloading updates, you may experience slow connection issues on your Windows 10 computer. This happens especially when updating multiple PCs at the same time. The solution is to distribute the updates locally via WSUS. This means downloading the updates from Microsoft Servers. Then, your Windows 10 computers can share the updates in a peer-to-peer manner over the local network resulting in a faster update process.
Patch Tuesday Troubleshooting
Oftentimes, Patch Tuesday updates trigger various errors on Windows computers. These may range from minor glitches to technical issues that may render your computer unusable. We covered extensively Patch Tuesday issues we compiled hundreds of troubleshooting guides to help you solve these problems quickly.
