Microsoft released the March 2020 release of the Tuesday Update, which it releases every second Tuesday of the month. In the Tuesday Update, the company closes security vulnerabilities detected in Windows. According to the statement from Microsoft, 115 vulnerabilities were closed with the Tuesday Update released yesterday, and therefore, yesterday’s Tuesday Update became the largest Tuesday Update in history. In the statement regarding the Tuesday Update, 26 vulnerabilities were marked as critical. 26 vulnerabilities marked as critical seem to allow attackers to execute remote code. That’s why installing the update released by Microsoft today is very important. The released update also closes a vulnerability in which software in Microsoft Word cannot process objects in memory. This vulnerability allows the attacker to run remote code without the need to open a malicious file. Attackers can use a vulnerability in the preview section of Outlook to exploit this vulnerability. Application Controller is a new Windows component that is affected by the vulnerability that makes it possible to execute arbitrary code. The vulnerability in Application Controller was explained by Microsoft as a reflection of sample code fragments in third-party source files to HTML output. Attackers can use the Application Controller to run a malicious third-party component in a source code using this vulnerability. Apparently, Microsoft is using the Application Controller as a source code analysis tool that can help detect malicious code and detect the attack surface, among other things. A security vulnerability has been identified in Microsoft Server Message Block 3.1.1 (SMBv3) in addition to the vulnerabilities that Microsoft resolved in the Tuesday, March 2020 Update. A remote code execution vulnerability was detected that came into play when certain operations were performed on SMBv3. The deficit in SMBv3 is considered as likely to cause harm, as in EternalBlue. Microsoft has released an advisory that shows how to configure SMBv3 against attacks.
