Microsoft patches two actively exploited Windows flaws
March’s Patch Tuesday addresses more than five dozen security updates, 17 of which are critical and two of which are active in the wild. If successfully exploited they can lead to remote code execution.
On Tuesday (March 12), Microsoft confirmed 17 critical security vulnerabilities and exposures from a total of 64 unique CVEs, including two zero-days affecting Windows operating systems. Successful exploitation of these vulnerabilities, two of which are active in the wild, could lead to remote code execution.
The two vulnerabilities in the wild are CVE-2019-0808 in Windows 7 and Windows Server 2008; and CVE-2019-0797.
This vulnerability can be exploited following a successful log-in attempt by the attacker. Once in the attacker has the ability to run a specially made application that could exploit the vulnerability and take control of an affected system – installing programmes; view, change or delete data, and create new accounts with full user rights.
Microsoft claim the update addresses this vulnerability by correcting how Win32k handles objects in memory. This vulnerability affects Windows 7 Server 2008 and 2008 R2 editions and has been abused together with a previously unknown weakness, CVE-2019-5786 in the Chrome browser.
Discovered by Kaspersky Lab, this elevation of privilege vulnerability exists in Windows and allows an attacker to run arbitrary code in kernel mode. The bug, which affects Windows 8.1, 10, Server 2012, 2012 R2 and the Server 1709, 1803, 2016 and 2019 editions, can be exploited to install malicious software on the victim’s devices.
A new month a new security update
It was only last month (February 27th), that the Threat Analysis Group reported a zero-day vulnerability (previously publicly-unknown), affecting Google Chrome.
Following this discovery, in regards to vulnerability CVE-2019-5786, Google released an update for all Chrome platforms. This was carried out through Chrome auto-update. However, the Threat Analysis Group is encouraging users to “verify that Chrome auto-update has already updated Chrome to 72.0.3626.121 or later”.
What steps should I take?
And as always, we advise organisations to follow these security best practices:
Implement vendor patches as soon as possible – it doesn’t hurt to wait a day or two before seeing if any major problems are reported with new updates before installing them.