March 2020 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. We're compiling all of March 2020's Patch Tuesday releases in one easy-to-read index. Stay tuned in and ready for the latest patches and updates from Microsoft and multiple third-party applications. We track the patches as they became available to the masses and insert all releases into the index below to help ensure you are minimizing your attack surface. You can also join our Automating Patch Tuesday Webinar this Wednesday.

March updates include two advisories from Mozilla, one for Firefox 74 and one for Firefox ESR 68.6, featuring 6 CVEs rated as high.

Microsoft released 115 total CVEs, with 26 listed as critical. Check the index below for further details and links to the new vulnerabilities.

Updated Live. Last Update 1:46 PM EST Mar. 10 2020.

firefoxMozilla Firefox
Product
Title
Identifier
Severity
Firefox 74 & Firefox ESR 68.6 Use-after-free when removing data about origins CVE-2020-6805 High
Firefox 74 & Firefox ESR 68.6 BodyStream::OnInputStreamReady was missing protections against state confusion CVE-2020-6806 High
Firefox 74 & Firefox ESR 68.6 Use-after-free in cubeb during stream destruction CVE-2020-6807 High
Firefox 74 URL Spoofing via javascript: URL CVE-2020-6808 Medium
Firefox 74 Web Extensions with the all-rls permission could access local files CVE-2020-6809 Medium
Firefox 74 Focusing a popup while in fullscreen could have obscured the fullscreen notification CVE-2020-6810 Medium
Firefox 74 & Firefox ESR 68.6 Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection CVE-2020-6811 Medium
Firefox 74 & Firefox ESR 68.6 Out of bounds reads in sctp_load_addresses_from_init CVE-2020-20503 Medium
Firefox 74 & Firefox ESR 68.6 The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission CVE-2020-6812 Medium
Firefox 74 @import statements in CSS could bypass the Content Security Policy nonce feature CVE-2020-6813 Low
Firefox 74 & Firefox ESR 68.6 Memory safety bugs fixed CVE-2020-6814 High
Firefox 74 Memory and script safety bugs fixed CVE-2020-6815 High
microsoftMicrosoft
Product
Title
Identifier
Severity
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Microsoft IIS Server Tampering Vulnerability CVE-2020-0645 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 LNK Remote Code Execution Vulnerability CVE-2020-0684 Critical
Windows 10 and Server 2016, 2019 DirectX Elevation of Privilege Vulnerability CVE-2020-0690 High
Azure DevOps Server 2017, 2018, 2019 Azure DevOps Server Cross-site Scripting Vulnerability CVE-2020-0700 High
Azure DevOps Server 2017, 2018, 2019 Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability CVE-2020-0758 High
Windows 10 and Windows Server 2019 Windows Defender Security Center Elevation of Privilege Vulnerability CVE-2020-0762 High
Windows 10 and Windows Server 2019 Windows Defender Security Center Elevation of Privilege Vulnerability CVE-2020-0763 High
Remote Desktop Connection Manager Remote Desktop Connection Manager Information Disclosure Vulnerability CVE-2020-0765 Medium
Internet Explorer 11 and Microsoft Edge Scripting Engine Memory Corruption Vulnerability CVE-2020-0768 Critical
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows CSC Service Elevation of Privilege Vulnerability CVE-2020-0769 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows ActiveX Installer Service Elevation of Privilege Vulnerability CVE-2020-0770 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows CSC Service Elevation of Privilege Vulnerability CVE-2020-0771 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Error Reporting Elevation of Privilege Vulnerability CVE-2020-0772 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows ActiveX Installer Service Elevation of Privilege Vulnerability CVE-2020-0773 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows GDI Information Disclosure Vulnerability CVE-2020-0774 High
Windows 10 and Server 2016, 2019 Windows Error Reporting Information Disclosure Vulnerability CVE-2020-0775 High
Windows 10 and Server 2016, 2019 Windows Elevation of Privilege Vulnerability CVE-2020-0776 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Work Folder Service Elevation of Privilege Vulnerability CVE-2020-0777 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-0778 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Installer Elevation of Privilege Vulnerability CVE-2020-0779 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Network List Service Elevation of Privilege Vulnerability CVE-2020-0780 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows UPnP Service Elevation of Privilege Vulnerability CVE-2020-0781 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows UPnP Service Elevation of Privilege Vulnerability CVE-2020-0783 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows User Profile Service Elevation of Privilege Vulnerability CVE-2020-0785 High
Windows 10 and Server 2016 Windows Tile Object Service Denial of Service Vulnerability CVE-2020-0786 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability CVE-2020-0787 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Win32k Elevation of Privilege Vulnerability CVE-2020-0788 High
Microsoft Visual Studio 2019 Visual Studio Extension Installer Service Denial of Service Vulnerability CVE-2020-0789 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2020-0791 High
Microsoft Visual Studio 2015, 2017, 2019 and Windows 10 and Server 2016, 2019 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability CVE-2020-0793 High
Microsoft Sharepoint Microsoft SharePoint Reflective XSS Vulnerability CVE-2020-0795 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Work Folder Service Elevation of Privilege Vulnerability CVE-2020-0797 High
Windows 10 and Server 2016, 2019 Windows Installer Elevation of Privilege Vulnerability CVE-2020-0798 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Kernel Elevation of Privilege Vulnerability CVE-2020-0799 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Work Folder Service Elevation of Privilege Vulnerability CVE-2020-0800 High
Windows 10 and Server 2016, 2019 Media Foundation Memory Corruption Vulnerability CVE-2020-0801 Critical
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-0802 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-0803 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-0804 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Error Reporting Elevation of Privilege Vulnerability CVE-2020-0806 High
Windows 10 and Server 2019 Media Foundation Memory Corruption Vulnerability CVE-2020-0807 Critical
Windows 10 and Server 2019 Provisioning Runtime Elevation of Privilege Vulnerability CVE-2020-0808 High
Windows 10 and Server 2016, 2019 Media Foundation Memory Corruption Vulnerability CVE-2020-0809 Critical
Microsoft Visual Studio and Windows 10 and Server 2016, 2019 Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability CVE-2020-0810 High
Microsoft Edge and ChakraCore Chakra Scripting Engine Memory Corruption Vulnerability CVE-2020-0811 Critical
Microsoft Edge and ChakraCore Chakra Scripting Engine Memory Corruption Vulnerability CVE-2020-0812 Critical
Microsoft Edge and ChakraCore Scripting Engine Information Disclosure Vulnerability CVE-2020-0813 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Installer Elevation of Privilege Vulnerability CVE-2020-0814 High
Azure DevOps Server 2019 Azure DevOps Server and Team Foundation Services Elevation of Privilege Vulnerability CVE-2020-0815 High
Microsoft Edge Microsoft Edge Memory Corruption Vulnerability CVE-2020-0816 Critical
Windows 8, 10 and Server 2012, 2016, 2019 Windows Device Setup Manager Elevation of Privilege Vulnerability CVE-2020-0819 High
Windows 10 and Server 2016, 2019 Media Foundation Information Disclosure Vulnerability CVE-2020-0820 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Language Pack Installer Elevation of Privilege Vulnerability CVE-2020-0822 High
Microsoft Edge Scripting Engine Memory Corruption Vulnerability CVE-2020-0823 Critical
Internet Explorer 11 Internet Explorer Memory Corruption Vulnerability CVE-2020-0824 Critical
Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability CVE-2020-0825 Critical
Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability CVE-2020-0826 Critical
Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability CVE-2020-0827 Critical
Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability CVE-2020-0828 Critical
Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability CVE-2020-0829 Critical
Internet Explorer 11 Scripting Engine Memory Corruption Vulnerability CVE-2020-0830 Critical
Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability CVE-2020-0831 Critical
Internet Explorer 11 Scripting Engine Memory Corruption Vulnerability CVE-2020-0832 Critical
Internet Explorer 11 Scripting Engine Memory Corruption Vulnerability CVE-2020-0833 Critical
Windows 8, 10 and Server 2012, 2016, 2019 Windows ALPC Elevation of Privilege Vulnerability CVE-2020-0834 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Hard Link Elevation of Privilege Vulnerability CVE-2020-0840 High
Windows 10 and Server 2016, 2019 Windows Hard Link Elevation of Privilege Vulnerability CVE-2020-0841 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Installer Elevation of Privilege Vulnerability CVE-2020-0842 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Installer Elevation of Privilege Vulnerability CVE-2020-0843 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability CVE-2020-0844 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Network Connections Service Elevation of Privilege Vulnerability CVE-2020-0845 High
Internet Explorer 11 VBScript Remote Code Execution Vulnerability CVE-2020-0847 Critical
Microsoft Edge and ChakraCore Scripting Engine Memory Corruption Vulnerability CVE-2020-0848 Critical
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Scripting Engine Memory Corruption Vulnerability CVE-2020-0849 High
Microsoft Office 2016, 2019, SharePoint 2013, 2016 and Microsoft Word 2013, 2016 Microsoft Word Remote Code Execution Vulnerability CVE-2020-0850 High
Microsoft Office 2016, 2019 Microsoft Word Remote Code Execution Vulnerability CVE-2020-0851 High
Microsoft Office 2016, 2019 and Microsoft Office Online Server Microsoft Word Remote Code Execution Vulnerability CVE-2020-0852 Critical
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Microsoft Word Remote Code Execution Vulnerability CVE-2020-0853 High
Windows 10 and Server 2019 Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability CVE-2020-0854 High
Windows Office 2019 for Mac Microsoft Word Remote Code Execution Vulnerability CVE-2020-0855 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Search Indexer Elevation of Privilege Vulnerability CVE-2020-0857 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Elevation of Privilege Vulnerability CVE-2020-0858 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Modules Installer Service Information Disclosure Vulnerability CVE-2020-0859 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows ActiveX Installer Service Elevation of Privilege Vulnerability CVE-2020-0860 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability CVE-2020-0861 High
Windows 10 Connected User Experiences and Telemetry Service Information Disclosure Vulnerability CVE-2020-0863 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Work Folder Service Elevation of Privilege Vulnerability CVE-2020-0864 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Work Folder Service Elevation of Privilege Vulnerability CVE-2020-0865 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Work Folder Service Elevation of Privilege Vulnerability CVE-2020-0866 High
Windows 10 and Server 2016, 2019 Windows Update Orchestrator Service Elevation of Privilege Vulnerability CVE-2020-0867 High
Windows 10 and Server 2016, 2019 Windows Update Orchestrator Service Elevation of Privilege Vulnerability CVE-2020-0868 High
Windows 10 and Server 2016, 2019 Media Foundation Memory Corruption Vulnerability CVE-2020-0869 Critical
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Network Connections Service Information Disclosure Vulnerability CVE-2020-0871 High
Application Inspector Remote Code Execution Vulnerability in Application Inspector CVE-2020-0872 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows GDI Information Disclosure Vulnerability CVE-2020-0874 High
Windows 10 Win32k Information Disclosure Vulnerability CVE-2020-0876 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Win32k Elevation of Privilege Vulnerability CVE-2020-0877 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows GDI Information Disclosure Vulnerability CVE-2020-0879 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows GDI Information Disclosure Vulnerability CVE-2020-0880 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 GDI+ Remote Code Execution VulnerabilityCri CVE-2020-0881 Critical
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows GDI Information Disclosure Vulnerability CVE-2020-0882 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 GDI+ Remote Code Execution VulnerabilityCri CVE-2020-0883 Critical
Microsoft Visual Studio 2017 and 2019 Microsoft Visual Studio Spoofing Vulnerability CVE-2020-0884 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Windows Graphics Component Information Disclosure Vulnerability CVE-2020-0885 High
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Win32k Elevation of Privilege Vulnerability CVE-2020-0887 High
Microsoft SharePoint Microsoft SharePoint Reflective XSS Vulnerability CVE-2020-0891 High
Microsoft Office, SharePoint, Word and Office 365 ProPlus Microsoft Word Remote Code Execution Vulnerability CVE-2020-0892 High
Microsoft SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-0893 High
Microsoft SharePoint Microsoft Office SharePoint XSS Vulnerability CVE-2020-0894 High
Windows 10 and Server 2016, 2019 Windows Hard Link Elevation of Privilege Vulnerability CVE-2020-0896 High
Windows 8, 10 and Server 2012, 2016, 2019 Windows Work Folder Service Elevation of Privilege Vulnerability CVE-2020-0897 High
Windows 10 and Server 2016 Windows Graphics Component Elevation of Privilege Vulnerability CVE-2020-0898 High
Service Fabric Service Fabric Elevation of Privilege CVE-2020-0902 High
Microsoft Exchange Server 2016, 2019 Microsoft Exchange Server Spoofing Vulnerability CVE-2020-0903 High
Microsoft Dynamics Dynamics Business Central Remote Code Execution Vulnerability CVE-2020-0905 Critical

 

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure. 

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Get Instant Updates on Vulnerabilities

Subscribe to receive Automox vulnerability alerts

Reduce your threat surface by up to 80%

Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene.

Take 15 days to raise your security confidence!
Start a Free Trial