Affiliate Disclosure

Patch Tuesday March 2020: Update Highlights and Known Issues

windows 10 patch tuesday

Patch Tuesday March 2020 Edition

Microsoft rolled out the March 2020 Patch Tuesday updates on March 10, 2020. As always, with this batch of updates, the Redmond giant focuses on improving the overall functionality of the OS and fixing existing bugs.

This month’s updates are all about improving the security of most Windows components and apps. If you want to install the latest updates, you can check out this guide where you’ll also find the direct download links.

We already covered the key changes in these posts. Do check them out to learn what’s new:

What are the main updates?

  • Microsoft Windows

Microsoft rolls out different Patch Tuesday updates for all the Windows 10 versions currently supported. For more information on the latest updates, check out our Windows 10 Patch Tuesday update history page.

  • Microsoft Word

Microsoft uncovered an extremely dangerous vulnerability with Microsoft Word called CVE-2020-0852. Now that the March Patch Tuesday Updates have arrived, they have addressed a Microsoft Word Remote Code Execution Vulnerability.

Left unfixed, this vulnerability can cause you to expose yourself from simply viewing a specially crafted file in the Preview Pane. This allows code execution at the level of the logged-on user.

  • Business Management Solution

This bug in the business management solution could allow attackers to execute arbitrary shell commands on a target system. While it is true that the exploitation of this Critical-rated bug won’t be straightforward, an authenticated attacker could still convince the target into connecting to a malicious Dynamics Business Central client or elevate permission to System to perform the code execution.

  • LNK

This particular CVE is very similar to another similar CVE identified last month (called CVE-2020-0729). The fact that there is a need for a back-to-back patch to address the same issue simply indicates a failure to properly address the matter on the first try.

  • Application Inspector

Microsoft managed to take care of a vulnerability that could allow an attacker to execute their code on a target system if they can convince a user to run Application Inspector on code that includes a specially crafted third-party component.

However, it is indicated that this CVE was treated back in January, but for some reason, it was included in the March patch Tuesday patch notes.

  • Adobe

Strangely enough, the March Patch Tuesday updates bring no new features to any of the Adobe products. In February, Adobe had multiple releases, so it’s very likely security patches will be released at some point in March. We will update this blog with information should this happen.

Patch Tuesday list of CVEs

If you want to learn more about this month’s list of common vulnerabilities and exposures, you can check out the table below:

TitleCVESeverity
Microsoft Word Remote Code Execution VulnerabilityCVE-2020-0852Critical
Dynamics Business Central Remote Code Execution VulnerabilityCVE-2020-0905Critical
LNK Remote Code Execution VulnerabilityCVE-2020-0684Critical
Chakra Scripting Engine Memory Corruption VulnerabilityCVE-2020-0811Critical
Chakra Scripting Engine Memory Corruption VulnerabilityCVE-2020-0812Critical
GDI+ Remote Code Execution VulnerabilityCVE-2020-0881Critical
GDI+ Remote Code Execution VulnerabilityCVE-2020-0883Critical
Media Foundation Memory Corruption VulnerabilityCVE-2020-0801Critical
Media Foundation Memory Corruption VulnerabilityCVE-2020-0807Critical
Media Foundation Memory Corruption VulnerabilityCVE-2020-0809Critical
Media Foundation Memory Corruption VulnerabilityCVE-2020-0869Critical
Microsoft Browser Memory Corruption VulnerabilityCVE-2020-0768Critical
Microsoft Browser Memory Corruption VulnerabilityCVE-2020-0830Critical
Microsoft Edge Memory Corruption VulnerabilityCVE-2020-0816Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2020-0823Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2020-0825Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2020-0826Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2020-0827Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2020-0828Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2020-0829Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2020-0831Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2020-0832Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2020-0833Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2020-0848Critical
VBScript Remote Code Execution VulnerabilityCVE-2020-0824Critical
VBScript Remote Code Execution VulnerabilityCVE-2020-0847Critical
Azure DevOps Elevation of Privilege VulnerabilityCVE-2020-0758Important
Azure DevOps Elevation of Privilege VulnerabilityCVE-2020-0815Important
Azure DevOps Server Cross-site Scripting VulnerabilityCVE-2020-0700Important
Connected User Experiences and Telemetry Service Elevation of Privilege VulnerabilityCVE-2020-0844Important
Connected User Experiences and Telemetry Service Information Disclosure VulnerabilityCVE-2020-0863Important
Diagnostics Hub Standard Collector Elevation of Privilege VulnerabilityCVE-2020-0793Important
DirectX Elevation of Privilege VulnerabilityCVE-2020-0690Important
Media Foundation Information Disclosure VulnerabilityCVE-2020-0820Important
Microsoft Defender Elevation of Privilege VulnerabilityCVE-2020-0762Important
Microsoft Defender Elevation of Privilege VulnerabilityCVE-2020-0763Important
Microsoft Exchange Server Spoofing VulnerabilityCVE-2020-0903Important
Microsoft IIS Server Tampering VulnerabilityCVE-2020-0645Important
Microsoft Office SharePoint XSS VulnerabilityCVE-2020-0893Important
Microsoft Office SharePoint XSS VulnerabilityCVE-2020-0894Important
Microsoft SharePoint Reflective XSS VulnerabilityCVE-2020-0795Important
Microsoft SharePoint Reflective XSS VulnerabilityCVE-2020-0891Important
Microsoft Visual Studio Spoofing VulnerabilityCVE-2020-0884Important
Microsoft Word Remote Code Execution VulnerabilityCVE-2020-0850Important
Microsoft Word Remote Code Execution VulnerabilityCVE-2020-0851Important
Microsoft Word Remote Code Execution VulnerabilityCVE-2020-0855Important
Microsoft Word Remote Code Execution VulnerabilityCVE-2020-0892Important
Provisioning Runtime Elevation of Privilege VulnerabilityCVE-2020-0808Important
Remote Code Execution Vulnerability in Application InspectorCVE-2020-0872Important
Scripting Engine Information Disclosure VulnerabilityCVE-2020-0813Important
Service Fabric Elevation of PrivilegeCVE-2020-0902Important
Visual Studio Extension Installer Service Denial of Service VulnerabilityCVE-2020-0789Important
Win32k Elevation of Privilege VulnerabilityCVE-2020-0788Important
Win32k Elevation of Privilege VulnerabilityCVE-2020-0877Important
Win32k Elevation of Privilege VulnerabilityCVE-2020-0887Important
Win32k Information Disclosure VulnerabilityCVE-2020-0876Important
Windows ActiveX Installer Service Elevation of Privilege VulnerabilityCVE-2020-0770Important
Windows ActiveX Installer Service Elevation of Privilege VulnerabilityCVE-2020-0773Important
Windows ActiveX Installer Service Elevation of Privilege VulnerabilityCVE-2020-0860Important
Windows ALPC Elevation of Privilege VulnerabilityCVE-2020-0834Important
Windows Background Intelligent Transfer Service Elevation of Privilege VulnerabilityCVE-2020-0787Important
Windows CSC Service Elevation of Privilege VulnerabilityCVE-2020-0769Important
Windows CSC Service Elevation of Privilege VulnerabilityCVE-2020-0771Important
Windows Device Setup Manager Elevation of Privilege VulnerabilityCVE-2020-0819Important
Windows Diagnostics Hub Elevation of Privilege VulnerabilityCVE-2020-0810Important
Windows Elevation of Privilege VulnerabilityCVE-2020-0776Important
Windows Elevation of Privilege VulnerabilityCVE-2020-0858Important
Windows Error Reporting Elevation of Privilege VulnerabilityCVE-2020-0772Important
Windows Error Reporting Elevation of Privilege VulnerabilityCVE-2020-0806Important
Windows Error Reporting Information Disclosure VulnerabilityCVE-2020-0775Important
Windows GDI Information Disclosure VulnerabilityCVE-2020-0774Important
Windows GDI Information Disclosure VulnerabilityCVE-2020-0874Important
Windows GDI Information Disclosure VulnerabilityCVE-2020-0879Important
Windows GDI Information Disclosure VulnerabilityCVE-2020-0880Important
Windows GDI Information Disclosure VulnerabilityCVE-2020-0882Important
Windows Graphics Component Elevation of Privilege VulnerabilityCVE-2020-0791Important
Windows Graphics Component Elevation of Privilege VulnerabilityCVE-2020-0898Important
Windows Graphics Component Information Disclosure VulnerabilityCVE-2020-0885Important
Windows Hard Link Elevation of Privilege VulnerabilityCVE-2020-0840Important
Windows Hard Link Elevation of Privilege VulnerabilityCVE-2020-0841Important
Windows Hard Link Elevation of Privilege VulnerabilityCVE-2020-0849Important
Windows Hard Link Elevation of Privilege VulnerabilityCVE-2020-0896Important
Windows Imaging Component Information Disclosure VulnerabilityCVE-2020-0853Important
Windows Installer Elevation of Privilege VulnerabilityCVE-2020-0779Important
Windows Installer Elevation of Privilege VulnerabilityCVE-2020-0798Important
Windows Installer Elevation of Privilege VulnerabilityCVE-2020-0814Important
Windows Installer Elevation of Privilege VulnerabilityCVE-2020-0842Important
Windows Installer Elevation of Privilege VulnerabilityCVE-2020-0843Important
Windows Kernel Elevation of Privilege VulnerabilityCVE-2020-0799Important
Windows Language Pack Installer Elevation of Privilege VulnerabilityCVE-2020-0822Important
Windows Mobile Device Management Diagnostics Elevation of Privilege VulnerabilityCVE-2020-0854Important
Windows Modules Installer Service Information Disclosure VulnerabilityCVE-2020-0859Important
Windows Network Connections Service Elevation of Privilege VulnerabilityCVE-2020-0778Important
Windows Network Connections Service Elevation of Privilege VulnerabilityCVE-2020-0802Important
Windows Network Connections Service Elevation of Privilege VulnerabilityCVE-2020-0803Important
Windows Network Connections Service Elevation of Privilege VulnerabilityCVE-2020-0804Important
Windows Network Connections Service Elevation of Privilege VulnerabilityCVE-2020-0845Important
Windows Network Connections Service Information Disclosure VulnerabilityCVE-2020-0871Important
Windows Network Driver Interface Specification (NDIS) Information Disclosure VulnerabilityCVE-2020-0861Important
Windows Network List Service Elevation of Privilege VulnerabilityCVE-2020-0780Important
Windows Search Indexer Elevation of Privilege VulnerabilityCVE-2020-0857Important
Windows Tile Object Service Denial of Service VulnerabilityCVE-2020-0786Important
Windows Update Orchestrator Service Elevation of Privilege VulnerabilityCVE-2020-0867Important
Windows Update Orchestrator Service Elevation of Privilege VulnerabilityCVE-2020-0868Important
Windows UPnP Service Elevation of Privilege VulnerabilityCVE-2020-0781Important
Windows UPnP Service Elevation of Privilege VulnerabilityCVE-2020-0783Important
Windows User Profile Service Elevation of Privilege VulnerabilityCVE-2020-0785Important
Windows Work Folder Service Elevation of Privilege VulnerabilityCVE-2020-0777Important
Windows Work Folder Service Elevation of Privilege VulnerabilityCVE-2020-0797Important
Windows Work Folder Service Elevation of Privilege VulnerabilityCVE-2020-0800Important
Windows Work Folder Service Elevation of Privilege VulnerabilityCVE-2020-0864Important
Windows Work Folder Service Elevation of Privilege VulnerabilityCVE-2020-0865Important
Windows Work Folder Service Elevation of Privilege VulnerabilityCVE-2020-0866Important
Windows Work Folder Service Elevation of Privilege VulnerabilityCVE-2020-0897Important
Remote Desktop Connection Manager Information Disclosure VulnerabilityCVE-2020-0765Moderate

What are the best practices for Patch Tuesday

There are a few things that you can do in order to make sure that your computer installs the latest Patch Tuesday updates without any issues. We all know that Windows updates often trigger errors. In extreme cases, they may even render your PC completely unusable. Follow these tips to make sure the update install process goes as smoothly as possible.

How to download the latest PT updates

We have a special category where we keep track of all the monthly releases for the products that you are interested in.

Exploit Wednesday & Uninstall Thursday

Right after Patch Tuesday, hackers try to exploit the vulnerabilities left unpatched by Microsoft. This leads to an increase in the number of cyber attacks. On the other hand, many users often decide to uninstall the Patch Tuesday updates a few hours after install due to the large number of issues they triggered — hence the name Uninstall Thursday. Check out this guide to learn more on how to stay safe after Patch Tuesday and make sure the updates don’t brick your computer.

Patch Tuesday: All your Questions Answered

  • When is Patch Tuesday released? Microsoft rolls out new Patch Tuesday updates on the second Tuesday of each month. The next Patch Tuesday Update is expected to arrive on April 14, 2020.
  • How does Patch Tuesday work? We already answered this question in this quick guide. Do check it out to learn more on the mechanisms behind Patch Tuesday.
  • What is the bandwidth impact of Patch Tuesday? When actively downloading updates, you may experience slow connection issues on your Windows 10 computer. This happens especially when updating multiple PCs at the same time. The solution is to distribute the updates locally via WSUS. This means downloading the updates from Microsoft Servers. Then, your Windows 10 computers can share the updates in a peer-to-peer manner over the local network resulting in a faster update process.

Patch Tuesday Troubleshooting

Oftentimes, Patch Tuesday updates trigger various errors on Windows computers. These may range from minor glitches to technical issues that may render your computer unusable. We covered extensively Patch Tuesday issues we compiled hundreds of troubleshooting guides to help you solve these problems quickly.