Patch Tuesday March 2020 saw patches for 115 vulnerabilities from Microsoft. None of the Microsoft vulnerabilities were disclosed prior to patching, and none are under active exploitation.
LNK File Processing
LNK files are processed by the system whenever you connect to a file share or plug in a USB drive. If this sounds familiar, it's because Stuxnet used the same mechanism to propagate. Since a system process is being exploited, the attacker should be able to execute code at a system level, completely compromising a device. If this looks familiar, it is because Microsoft patched a nearly identical vulnerability last month.
Microsoft Word
Microsoft Word is a common target for maliciously crafted files. Often, attackers have to convince users to open these files in order to execute code. In this case, the attackers need only to convince the user to browse it in a preview pane. Because of the ease of exploit of this vulnerability, Microsoft has rated it as critical.
Application Inspector
Application Inspector examines code from third-party source files into HTML output. If an attacker convinces a user to run Application Inspector on source code that includes a malicious third-party component, they can send sections of the report containing code snippets to an external server. Microsoft rates this vulnerability as important.
Dynamics Business Central
Microsoft Dynamics Business Central is a business management solution usually operating in a mission-critical capacity. An attacker attempting to exploit this vulnerability would need to convince a victim into connecting with a malicious client or elevate permission to system. Exploitation would allow for the attacker to execute arbitrary shell commends to the victim’s server. Since this is a mission-critical server software, Microsoft has rated this vulnerability as critical.
CVE-2020-0796
Mysteriously, Cisco Talos Security almost disclosed information on a vulnerability in SMBv3 that would allow for wormable remote code execution. Microsoft has not released a patch for this vulnerability yet, so details were scrubbed quickly, but not before eagle-eyed researchers caught it. Suggested mitigation in the mean time for this vulnerability is to create a DWORD value under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters called CompressionEnabled and set its value to 1.
