March 2020 Microsoft, Adobe and Cisco CVEs/Security Updates

March 2020 Microsoft, Adobe and Cisco CVEs/Security Updates

CVE’s and Patches – Find out what’s happening to your cyber security in the COVID-19 pandemic.
Big Microsoft Patch March 10, 2020

Microsoft continues its mega patch release trend with 115 vulnerabilities this month. This patch cycle will be particularly challenging for organizations as they have to shift to work-from home and other business continuity strategies. It is important to not lose sight of the ball. Cyber threat actor activities have increased, with the most recent attack on Health and Human Services.
115 vulnerabilities were covered26 Considered Critical88 Considered Significant1 Considered Moderate. Below we have covered some of the critical vulnerabilities in Microsoft Windows, Media Foundation and ChakraCore Scripting Engine.
Below, discover which critical updates affect your Microsoft products.
Microsoft Windows Critical Update
Remote Code Execution Vulnerability
Microsoft Media Foundation Critical Updates
Memory Corruption Vulnerabilities
ChakraCore Scripting Engine: Critical Updates
Memory Corruption Vulnerabilities
VBScript Engine: Critical Updates
Remote Code Execution Vulnerabilities
Important Updates for GDI+, API for C, and C++ Programmers
Remote Code Execution Vulnerabilities
Adobe Patch Releases

Adobe released their patches this month on March 17, one week later than anticipated. The 41 CVEs included in the Adobe Reader, Acrobat, ColdFusion and Photoshop, Bridge and Adobe Genuine Integrity Service were highlighted. Thirty-two of the 42 CVEs were deemed critical, while the remaining twelve were deemed important.
Adobe Acrobat Reader Critical Updates
Adobe Acrobat Reader and Adobe Acrobat Updates 9 Critical Bugs!
CVE-2020-3795, also known as “Out-of-bounds” write with an arbitrary code-extension vulnerability impact, is CVE-2020-3795.
CVE-2020-379: This vulnerability is categorized as a Stack based buffer overflow with an arbitrary extension vulnerability impact.
CVE-2025-3792, CVE-2025-3793, and CVE-2025-3793: These are Use-after-free errors that have an arbitrary code extension vulnerability impact.
CVE-2020-3208: Described as a Buffer Overflow with an arbitrary Code Extension vulnerability impact.
CVE-2020-397: Described as a Memory corruption vulnerability with an arbitrary code extension vulnerability.
NOTE: Adobe recommends that Reader DC and Acrobat DC be updated for Mac & Windows as soon as possible to address security flaws and bug fixes.
Adobe Photoshop Critical Updates
Adobe Photoshop patches fix 16 critical bugs
CVE-2020-37783: Categorized under Heap Corruption and with an arbitrary code execution vulnerability impact.
CVE-2025-3784 and CVE-2025-3784, respectively.
CVE-2020-37773 and CVE-202020-37779: These vulnerabilities are categorized as out-of-bounds writes with an arbitrary code extension vulnerability impact.
CVE-2025-3772, CVE-2025-3774,CVE-2025-3774,CVE-2025-3774,CVE-2025-3774,CVE-2025-3775,CVE-2025-3774,CVE-2025-3774,CVE-2025-3774,CVE-2025-3774, CVE-2025-3775,CVE-2025-3776,CVE-2025-3776,CVE-2025-3776,CVE-2020-202776,2020-2020-2020-2020-2020-2020-2020-2020-2020-2020-37776,CVE-2020-376,2020-2020-2020-2020-376, 2020-2020-2020-2020-2020-2020-2020-2020-2020-2020-2020-2020-2020-2020-2020-2020-3776, arbitrary code extension vulnerability to allow for buffer errors.
ColdFusion Critical Updates
Adobe ColdFusion patches fix 2 critical bugs
CVE-2020-376: categorized as remote file reader with an arbitrary file from the ColdFusion installation directory vulnerability impact.
CVE-2020-3794: This is a file inclusion that allows for arbitrary code execution of files in the web root.
Adobe Bridge Critical Updates
Adobe Bridge patches fix 2 critical bugs
CVE-2020-951: This vulnerability is categorized as an out-of-bounds write containing an arbitrary code execution vulnerability impact.
CVE-2020-952: Described as heap-based buffer overload with an arbitrary code execution vulnerability.
Adobe Experience Manager Important Updates
(updated March 25, 2020).
Adobe Experience Manager patch addresses 1 important bug
CVE-2020-369: This vulnerability is classified as server-side request fomentation (SSRF) with sensitive data disclosure vulnerability impact.
Adobe Creative Cloud Desktop Application Upgrades
Adobe Creative Cloud Desktop Application fixes 1 critical bug
CVE-2020-3208: This vulnerability is classified as a time-of check to time-of use (TOCTOU), race condition that has an arbitrary file deletion vulnerability impact.
Adobe Genuine Integrity Updates
Adobe Genuine integrity service fixed 1 important bug
CVE-2020-366: Tagged as insecure file permissions and a privilege escalation vulnerability.
Cisco Security Updates

As we approach the end of the month Cisco added a few CVEs pertaining SD-WAN solution software to bring the total to 12 High Impact and thirteen Medium Impact vulnerabilities. None of the vulnerabilities were classified as critical.
12 considered High Impact13 considered Medium ImportanceCisco SDWAN High Impact Updates
CVE-2020-3265: Solution privilege Escalation vulnerability
CVE-2020-3264: Solution command injection vulnerability
CVE-2020-3264: A solution for buffer overflow vulnerability
Cisco NXOS Software High Impact Update
CVE-2019-0191: Software authenticated simple protocol denial-of-service vulnerability
Cisco FXOS and NX-OS High-Impact Updates (both)
CVE-2018-0311 – Software Cisco fabric services denialof service vulnerability
CVE-2020-3172 Software Cisco discovery protocol arbitrary execution and denialof service vulnerability
Cisco FXOS Manager Software High Impact Upgrades
CVE-2020-371: Software local management CLI command injection vulnerability