Microsoft Patches Two Actively Exploited Windows Flaws
March 14, 2019
March’s Patch Tuesday addresses more than five dozen security updates, 17 of which are critical and two of which are active in the wild. If successfully exploited they can lead to remote code execution.
On Tuesday (March 12), Microsoft confirmed 17 critical security vulnerabilities and exposures from a total of 64 unique CVEs, including two zero-days affecting Windows operating systems. Successful exploitation of these vulnerabilities, two of which are active in the wild, could lead to remote code execution.
The two vulnerabilities in the wild are CVE-2019-0808 in Windows 7 and Windows Server 2008; and CVE-2019-0797.
1. CVE-2019-0808: This vulnerability can be exploited following a successful log-in attempt by the attacker. Once in the attacker has the ability to run a specially made application that could exploit the vulnerability and take control of an affected system – installing programmes; view, change or delete data, and create new accounts with full user rights.
2. CVE-2019-0797: Discovered by Kaspersky Lab, this elevation of privilege vulnerability exists in Windows and allows an attacker to run arbitrary code in kernel mode. The bug, which affects Windows 8.1, 10, Server 2012, 2012 R2 and the Server 1709, 1803, 2016 and 2019 editions, can be exploited to install malicious software on the victim’s devices.
3. Alongside Chrome, Internet Explorer, Microsoft Office, Sharepoint and Skype for Business, several patches have been released for Microsoft Edge, including CVE-2019-0769; CVE-2019-0770; CVE-2019-0771; and CVE-2019-0773.
A New Month a New Security Update
It was only last month (February 27th), that the Threat Analysis Group reported a zero-day vulnerability (previously publicly-unknown), affecting Google Chrome.
Following this discovery, in regards to vulnerability CVE-2019-5786, Google released an update for all Chrome platforms. This was carried out through Chrome auto-update. However, the Threat Analysis Group is encouraging users to “verify that Chrome auto-update has already updated Chrome to 72.0.3626.121 or later”.
What Steps Should I Take?
Microsoft users have been advised to place the Windows OS and Internet Explorer updates at the top of their lists, as well as making sure the Google Chrome update from the week prior has been applied. You can find Microsoft’s summary of this month’s releases at https://portal.msrc.microsoft.com/en-us/security-guidance.
Check Out Our Other Recent P
Obsolete software and exposed VPNs come with a host of security vulnerabilities. Understand the dangers and how to secure them in the age of remote work.
74% of breaches involve a privileged account, yet only 3/10 organisations have implemented a PAM solution. Are your privileged accounts at risk?
Domain impersonation is increasingly becoming a problem which targets businesses and their customers. Phishing attackers are now advancing their level of sophistication by utilising domain impersonation as part of BEC scams that can result in CEO fraud, malware infection, or ransom.