Microsoft Patches Two Actively Exploited Windows Flaws

March 14, 2019

March’s Patch Tuesday addresses more than five dozen security updates, 17 of which are critical and two of which are active in the wild. If successfully exploited they can lead to remote code execution.

On Tuesday (March 12), Microsoft confirmed 17 critical security vulnerabilities and exposures from a total of 64 unique CVEs, including two zero-days affecting Windows operating systems. Successful exploitation of these vulnerabilities, two of which are active in the wild, could lead to remote code execution. 

Zero-Day Vulnerabilities

The two vulnerabilities in the wild are CVE-2019-0808 in Windows 7 and Windows Server 2008; and CVE-2019-0797.

1. CVE-2019-0808This vulnerability can be exploited following a successful log-in attempt by the attacker. Once in the attacker has the ability to run a specially made application that could exploit the vulnerability and take control of an affected system – installing programmes; view, change or delete data, and create new accounts with full user rights.

Microsoft claim the update addresses this vulnerability by correcting how Win32k handles objects in memory. This vulnerability affects Windows 7 Server 2008 and 2008 R2 editions and has been abused together with a previously unknown weakness, CVE-2019-5786 in the Chrome browser.

2. CVE-2019-0797Discovered by Kaspersky Lab, this elevation of privilege vulnerability exists in Windows and allows an attacker to run arbitrary code in kernel mode. The bug, which affects Windows 8.1, 10, Server 2012, 2012 R2 and the Server 1709, 1803, 2016 and 2019 editions, can be exploited to install malicious software on the victim’s devices.

3. Alongside Chrome, Internet Explorer, Microsoft Office, Sharepoint and Skype for Business, several patches have been released for Microsoft Edge, including CVE-2019-0769CVE-2019-0770CVE-2019-0771; and CVE-2019-0773. 

A New Month a New Security Update

It was only last month (February 27th), that the Threat Analysis Group reported a zero-day vulnerability (previously publicly-unknown), affecting Google Chrome.

Following this discovery, in regards to vulnerability CVE-2019-5786, Google released an update for all Chrome platforms. This was carried out through Chrome auto-update. However, the Threat Analysis Group is encouraging users to “verify that Chrome auto-update has already updated Chrome to 72.0.3626.121 or later”. 

What Steps Should I Take?

Microsoft users have been advised to place the Windows OS and Internet Explorer updates at the top of their lists, as well as making sure the Google Chrome update from the week prior has been applied. You can find Microsoft’s summary of this month’s releases at https://portal.msrc.microsoft.com/en-us/security-guidance.

Check Out Our Other Recent Posts >

Data Security – How Confident Are You?

A lack of confidence in data security can lead to devastating consequences for your organisation, a robust data security system should be your top priority.