Alert icon Keyboard navigation enabled.
Alert icon TAB or Shift+TAB to navigate across. Down ↓ to open menu. ESC to close menu.
Alert icon Down ↓ to select section. Right → to activate. Up ↑ / Down ↓ / Tab to traverse all. ESC to exit.
BeyondTrust
Skip to content Use space or enter to skip.

What can we help you find today?

Instant Results
  • Website Results
  • Technical Documentation

Filter Options

Focus your search

Filtering by

Your recent searches:

Contact Us Chat with Sales Get Support
  • English
  • Deutsch
  • français
  • español
  • 한국어
  • português
  • Home
  • Resources
  • Blog
  • March 2020 Patch Tuesday current page
Link copied

March 2020 Patch Tuesday

Mar 10, 2020
Author:
400x400 Linkedin X Profile
Phantom Labs™
BeyondTrust
Blog banner default
March 2020 Patch Tuesday
400x400 Linkedin X Profile
Phantom Labs™
BeyondTrust

Patch Tuesday March 2020 saw patches for 115 vulnerabilities from Microsoft. None of the Microsoft vulnerabilities were disclosed prior to patching, and none are under active exploitation.

LNK File Processing

LNK files are processed by the system whenever you connect to a file share or plug in a USB drive. If this sounds familiar, it's because Stuxnet used the same mechanism to propagate. Since a system process is being exploited, the attacker should be able to execute code at a system level, completely compromising a device. If this looks familiar, it is because Microsoft patched a nearly identical vulnerability last month.

Microsoft Word

Microsoft Word is a common target for maliciously crafted files. Often, attackers have to convince users to open these files in order to execute code. In this case, the attackers need only to convince the user to browse it in a preview pane. Because of the ease of exploit of this vulnerability, Microsoft has rated it as critical.

Application Inspector

Application Inspector examines code from third-party source files into HTML output. If an attacker convinces a user to run Application Inspector on source code that includes a malicious third-party component, they can send sections of the report containing code snippets to an external server. Microsoft rates this vulnerability as important.

Dynamics Business Central

Microsoft Dynamics Business Central is a business management solution usually operating in a mission-critical capacity. An attacker attempting to exploit this vulnerability would need to convince a victim into connecting with a malicious client or elevate permission to system. Exploitation would allow for the attacker to execute arbitrary shell commends to the victim’s server. Since this is a mission-critical server software, Microsoft has rated this vulnerability as critical.

CVE-2020-0796

Mysteriously, Cisco Talos Security almost disclosed information on a vulnerability in SMBv3 that would allow for wormable remote code execution. Microsoft has not released a patch for this vulnerability yet, so details were scrubbed quickly, but not before eagle-eyed researchers caught it. Suggested mitigation in the mean time for this vulnerability is to create a DWORD value under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters called CompressionEnabled and set its value to 1.

Latest Posts
  • 14 Password Management Best Practices
    May 28, 2026 14 Password Management Best Practices
    Blog
    12m
  • A Security Researcher’s Guide to Understanding Copilot Studio AI Agents
    May 26, 2026 A Security Researcher’s Guide to Understanding Copilot Studio AI Agents
    Blog
    3m
  • How to Secure Cloud-Native Infrastructure at Scale and Speed: A Conversation with Madhu Adireddi
    May 21, 2026 How to Secure Cloud-Native Infrastructure at Scale and Speed: A Conversation with Madhu Adireddi
    Blog
    5m
  • Cybersecurity as a Boardroom Priority for Major African TelCos
    May 12, 2026 Cybersecurity as a Boardroom Priority for Major African TelCos
    Blog
    8m
  • Geopolitics and Cybersecurity: Why Attackers Go After Identities and Privileged Access First
    May 11, 2026 Geopolitics and Cybersecurity: Why Attackers Go After Identities and Privileged Access First
    Blog
    4m
Related
  • Critical Zero-Day Vulnerability CVE-2016-4171 – Basic Mitigation
    Jun 15, 2016 Critical Zero-Day Vulnerability CVE-2016-4171 – Basic Mitigation
    Blog
    1m
  • Does Compliance = Security?
    Feb 15, 2011 Does Compliance = Security?
    Blog
    1m
Share this Article
  • Link
Stay up to Date
Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

Keep up with BeyondTrust

Customer Support Get Started
  • LinkedIn
  • X
  • Facebook
  • Instagram
  • Add BeyondTrust as a preferred source on Google
  • Privacy
  • Security
  • Manage Cookies
  • Do Not Sell My Data
  • WEEE Compliance

Copyright © 2003 — 2026 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.

Prefers reduced motion setting detected. Animations will now be reduced as a result.