Skip to content ↓ | Skip to navigation ↓

Tripwire’s March 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe.

Up first on the patch priority list this month are patches for Microsoft Browsers and Scripting Engine. These patches resolve information disclosure, remote code execution, and memory corruption vulnerabilities.

Next on the list are patches for Microsoft Word, which resolve 3 remote code execution vulnerabilities.

Next on the list are patches for Adobe Acrobat and Adobe Reader (APSB20-13). These patches resolve information disclosure, arbitrary code execution, and arbitrary privilege escalation vulnerabilities.

Next this month are patches that affect components of the Windows operating systems. These patches resolve more than 70 vulnerabilities, including denial of service, elevation of privilege, information disclosure, remote code execution, and memory corruption.

These vulnerabilities affect Connected User Experiences and Telemetry Service, Diagnostic Hub, LNK, Media Foundation, Provisioning Runtime, Kernel, CSC Service, ActiveX Error Reporting, GDI, Network Connections Service, Installer, Network Driver Interface Specification (NDIS), Search Indexer, UpNp Service, Work Folder Service, DirectX, ALPC, Defender Security Center, Update Orchestrator, and SMBv3.

Lastly this month, administrators should focus on server-side patches available for Microsoft IIS, Dynamics, Exchange, and SharePoint.

BULLETIN CVE
Microsoft Scripting Engine
CVE-2020-0811, CVE-2020-0812, CVE-2020-0813, CVE-2020-0829, CVE-2020-0828, CVE-2020-0823, CVE-2020-0825, CVE-2020-0830, CVE-2020-0827, CVE-2020-0826, CVE-2020-0832, CVE-2020-0833, CVE-2020-0831, CVE-2020-0848, CVE-2020-0847
Microsoft Browsers
CVE-2020-0824, CVE-2020-0816, CVE-2020-0768
Microsoft Office
CVE-2020-0850, CVE-2020-0852, CVE-2020-0892
APSB20-13: Adobe Reader and Acrobat
CVE-2020-3804, CVE-2020-3806, CVE-2020-3795, CVE-2020-3799, CVE-2020-3792, CVE-2020-3793, CVE-2020-3801, CVE-2020-3802, CVE-2020-3805, CVE-2020-3800, CVE-2020-3807, CVE-2020-3797, CVE-2020-3803
Microsoft Windows I
CVE-2020-0844, CVE-2020-0863, CVE-2020-0810, CVE-2020-0793, CVE-2020-0684, CVE-2020-0820, CVE-2020-0807, CVE-2020-0801, CVE-2020-0809, CVE-2020-0869, CVE-2020-0808, CVE-2020-0876, CVE-2020-0860, CVE-2020-0787, CVE-2020-0771, CVE-2020-0769, CVE-2020-0819, CVE-2020-0858, CVE-2020-0776, CVE-2020-0772, CVE-2020-0806, CVE-2020-0775, CVE-2020-0874, CVE-2020-0879, CVE-2020-0896, CVE-2020-0841, CVE-2020-0840, CVE-2020-0849, CVE-2020-0779, CVE-2020-0843, CVE-2020-0842, CVE-2020-0778, CVE-2020-0804
Microsoft Windows II
CVE-2020-0803, CVE-2020-0802, CVE-2020-0845, CVE-2020-0871, CVE-2020-0861, CVE-2020-0861, CVE-2020-0780, CVE-2020-0857, CVE-2020-0786, CVE-2020-0781, CVE-2020-0783, CVE-2020-0785, CVE-2020-0777, CVE-2020-0800, CVE-2020-0897, CVE-2020-0865, CVE-2020-0864, CVE-2020-0866, CVE-2020-0797, CVE-2020-0854, CVE-2020-0834, CVE-2020-0799, CVE-2020-0690, CVE-2020-0883, CVE-2020-0881, CVE-2020-0788, CVE-2020-0887, CVE-2020-0877, CVE-2020-0774, CVE-2020-0882, CVE-2020-0880, CVE-2020-0898, CVE-2020-0791, CVE-2020-0885, CVE-2020-0853, CVE-2020-0762, CVE-2020-0763, CVE-2020-0770, CVE-2020-0773, CVE-2020-0814, CVE-2020-0798, CVE-2020-0822, CVE-2020-0859, CVE-2020-0867, CVE-2020-0868, CVE-2020-0796
Microsoft IIS
CVE-2020-0645
Microsoft Dynamics
CVE-2020-0905
Microsoft Exchange Server
CVE-2020-0903
Microsoft Office SharePoint
CVE-2020-0893, CVE-2020-0894, CVE-2020-0891, CVE-2020-0795

 

To learn more about Tripwire’s Vulnerability and Exposure Research Team (VERT), including its PPI, click here.

Or, for PPI and more, you can follow VERT on Twitter: @tripwirevert.

The Executive's Guide to the Top 20 Critical Security Controls