Microsoft Security Bulletin Coverage for March 2020

March 10, 2020

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of March 2020. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2020-0645 Microsoft IIS Server Tampering Vulnerability
There are no known exploits in the wild.
CVE-2020-0684 LNK Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0690 DirectX Elevation of Privilege Vulnerability
ASPY 5907:Malformed-File exe.MP.131
CVE-2020-0700 Azure DevOps Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2020-0758 Azure DevOps Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0762 Windows Defender Security Center Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0763 Windows Defender Security Center Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0765 Remote Desktop Connection Manager Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0768 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0769 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0770 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0771 Windows CSC Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0772 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0773 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0774 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0775 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0776 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0777 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0778 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0779 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0780 Windows Network List Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0781 Windows UPnP Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0783 Windows UPnP Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0785 Windows User Profile Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0786 Windows Tile Object Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0787 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0788 Win32k Elevation of Privilege Vulnerability
ASPY 5844:Malformed-File exe.MP.113
CVE-2020-0789 Visual Studio Extension Installer Service Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0791 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0793 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0795 Microsoft SharePoint Reflective XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0796 Windows SMBv3 Client/Server Remote Code Execution Vulnerability
IPS 14854: Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) 1
IPS 14857: Windows SMBv3 Remote Code Execution (CVE-2020-0796) 2
IPS 14858: Windows SMBv3 Remote Code Execution (CVE-2020-0796) 3
CVE-2020-0797 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0798 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0799 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0800 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0801 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0802 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0803 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0804 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0806 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0807 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0808 Provisioning Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0809 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0810 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0811 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0812 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0813 Scripting Engine Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0814 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0815 Azure DevOps Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0816 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0819 Windows Device Setup Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0820 Media Foundation Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0822 Windows Language Pack Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0823 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0824 Internet Explorer Memory Corruption Vulnerability
IPS 14850:Internet Explorer Memory Corruption Vulnerability (CVE-2020-0824)
CVE-2020-0825 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0826 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0827 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0828 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0829 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0830 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0831 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0832 Scripting Engine Memory Corruption Vulnerability
IPS 14847:Scripting Engine Memory Corruption Vulnerability (CVE-2020-0832)
CVE-2020-0833 Scripting Engine Memory Corruption Vulnerability
IPS 14848:Scripting Engine Memory Corruption Vulnerability (CVE-2020-0833)
CVE-2020-0834 Windows ALPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0840 Windows Hard Link Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0841 Windows Hard Link Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0842 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0843 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0844 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0845 Windows Network Connections Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0847 VBScript Remote Code Execution Vulnerability
IPS 14849:Scripting Engine Memory Corruption Vulnerability (CVE-2020-0847)
CVE-2020-0848 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0849 Windows Hard Link Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0850 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0851 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0852 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0853 Windows Imaging Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0854 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0855 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0857 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0858 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0859 Windows Modules Installer Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0860 Windows ActiveX Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0861 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0863 Connected User Experiences and Telemetry Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0864 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0865 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0866 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0867 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0868 Windows Update Orchestrator Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0869 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0871 Windows Network Connections Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0872 Remote Code Execution Vulnerability in Application Inspector
There are no known exploits in the wild.
CVE-2020-0874 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0876 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0877 Win32k Elevation of Privilege Vulnerability
ASPY 5904:Malformed-File exe.MP.128
CVE-2020-0879 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0880 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0881 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0882 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0883 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0884 Microsoft Visual Studio Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0885 Windows Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0887 Win32k Elevation of Privilege Vulnerability
ASPY 5905:Malformed-File exe.MP.129
CVE-2020-0891 Microsoft SharePoint Reflective XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0892 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0893 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0894 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0896 Windows Hard Link Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0897 Windows Work Folder Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0898 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5906:Malformed-File exe.MP.130
CVE-2020-0902 Service Fabric Elevation of Privilege
There are no known exploits in the wild.
CVE-2020-0903 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0905 Dynamics Business Central Remote Code Execution Vulnerability
There are no known exploits in the wild.