Thursday, February 25, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Microsoft March Patch Tuesday comes with fixes for two Windows zero-days

March 12, 2019
in Internet Security
Microsoft March Patch Tuesday comes with fixes for two Windows zero-days
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Microsoft rolled out today its monthly batch of security patches known as Patch Tuesday.

This month, the Redmond-based company fixed 64 vulnerabilities, 17 of which were rated critical, including two zero-days affecting in its main product, the Windows operating system.

You might also like

More than 6,700 VMware servers exposed online and vulnerable to major new bug

Google funds Linux kernel developers to work exclusively on security

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

First Windows zero-day

The first of these zero-days is one that Google made public last week. Google said this zero-day was being abused in attacks against Windows 7 32-bit users.

Today Microsoft didn’t release patches for Windows 7 only, but also for Windows Server 2008 systems, which are also impacted by this issue –tracked as CVE-2019-0808.

According to a Google security alert from last week, attackers used the Windows zero-day together with a Chrome zero-day to escape the Chrome browser sandbox and execute malicious code on targeted systems.

CVE-2019-0808’s role in the exploit chain was to allow attackers to execute their malicious code with elevated admin privileges once the Chrome zero-day helped attackers escape from the Chrome security sandbox.

Google, too, patched its side of the aisle last week, with the release of Chrome 72.0.3626.121.

Second Windows zero-day

Further, Microsoft also patched a second zero-day today, discovered by Kaspersky researchers, and tracked as CVE-2019-0797. Just like the first, this zero-day is an elevation of privilege (EoP) bug that can allow attackers to run code with admin privileges.

“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory,” Microsoft said today in a security advisory. “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

This zero-day impacts all Windows versions, including Windows 10. Neither Microsoft or Kaspersky revealed any details about the attacks exploiting this zero-day.

Other fixes

In addition to the two zero-days, Microsoft fixed (again) three major vulnerabilities in the Windows DHCP client that could allow remote attackers to take over vulnerable machines (CVE-2019-0697, CVE-2019-0698, and CVE-2019-0726).

The OS maker has been patching lots of these DHCP security flaws lately, with at least one in almost every Patch Tuesday released in the last few months.

Last but not least, Microsoft also corrected a patch for a Windows Deployment Services (WDS) bug it initially fixed last year. This bug is different from a similar WDS bug reported by Check Point.

For additional information on the other bugs patched in this month’s Patch Tuesday, please refer to the table embedded below, or to this Patch Tuesday report generated by ZDNet or this alternative one assembled by Trend Micro’s Zero-Day Initiative, or this one by SANS.

Tag CVE ID CVE Title
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Adobe Flash Player ADV190008 March 2019 Adobe Flash Security Update
Microsoft Windows ADV190009 SHA-2 Code Sign Support Advisory
Microsoft Windows ADV190010 Best Practices Regarding Sharing of a Single User Account Across Multiple Users
Active Directory CVE-2019-0683 Active Directory Elevation of Privilege Vulnerability
Azure CVE-2019-0816 Azure SSH Keypairs Security Feature Bypass Vulnerability
Internet Explorer CVE-2019-0768 Internet Explorer Security Feature Bypass Vulnerability
Internet Explorer CVE-2019-0761 Internet Explorer Security Feature Bypass Vulnerability
Internet Explorer CVE-2019-0763 Internet Explorer Memory Corruption Vulnerability
Microsoft Browsers CVE-2019-0780 Microsoft Browser Memory Corruption Vulnerability
Microsoft Browsers CVE-2019-0762 Microsoft Browsers Security Feature Bypass Vulnerability
Microsoft Edge CVE-2019-0612 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2019-0678 Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Edge CVE-2019-0779 Microsoft Edge Memory Corruption Vulnerability
Microsoft Graphics Component CVE-2019-0808 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-0774 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0797 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-0614 Windows GDI Information Disclosure Vulnerability
Microsoft JET Database Engine CVE-2019-0617 Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0748 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2019-0778 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2019-0592 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0746 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0639 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0783 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0609 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0611 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0666 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2019-0769 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0665 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2019-0667 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2019-0680 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0773 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0770 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0771 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0772 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0603 Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0754 Windows Denial of Service Vulnerability
Microsoft Windows CVE-2019-0765 Comctl32 Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0766 Microsoft Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0784 Windows ActiveX Remote Code Execution Vulnerability
Microsoft XML CVE-2019-0756 MS XML Remote Code Execution Vulnerability
NuGet CVE-2019-0757 NuGet Package Manager Tampering Vulnerability
Skype for Business CVE-2019-0798 Skype for Business and Lync Spoofing Vulnerability
Team Foundation Server CVE-2019-0777 Team Foundation Server Cross-site Scripting Vulnerability
Visual Studio CVE-2019-0809 Visual Studio Remote Code Execution Vulnerability
Windows DHCP Client CVE-2019-0726 Windows DHCP Client Remote Code Execution Vulnerability
Windows DHCP Client CVE-2019-0697 Windows DHCP Client Remote Code Execution Vulnerability
Windows DHCP Client CVE-2019-0698 Windows DHCP Client Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-0695 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2019-0690 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2019-0701 Windows Hyper-V Denial of Service Vulnerability
Windows Kernel CVE-2019-0702 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0696 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-0775 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0755 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0767 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0782 Windows Kernel Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2019-0776 Win32k Information Disclosure Vulnerability
Windows Print Spooler Components CVE-2019-0759 Windows Print Spooler Information Disclosure Vulnerability
Windows SMB Server CVE-2019-0704 Windows SMB Information Disclosure Vulnerability
Windows SMB Server CVE-2019-0703 Windows SMB Information Disclosure Vulnerability
Windows SMB Server CVE-2019-0821 Windows SMB Information Disclosure Vulnerability
Windows Subsystem for Linux CVE-2019-0689 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Subsystem for Linux CVE-2019-0682 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Subsystem for Linux CVE-2019-0694 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Subsystem for Linux CVE-2019-0693 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Subsystem for Linux CVE-2019-0692 Windows Subsystem for Linux Elevation of Privilege Vulnerability

Additional information is also available on Microsoft’s official Security Update Guide portal, which also includes interactive filtering options so users can find the updates and patches for only the products that are of interest.

Since the Microsoft Patch Tuesday is also the day when other vendors also release security patches, it’s also worth mentioning that Adobe released its batch earlier today. This month, the company has shipped security updates for Adobe Photoshop CC, its image editing software, and Digital Editions, its e-book reader app.

Another company which released security updates is SAP. Its updates are here.

More vulnerability reports:

Credit: Source link

Previous Post

Microsoft Releases Patches for 64 Flaws — Two Under Active Attack

Next Post

RANZCR draft guidelines calls for “correct use” of AI and machine learning

Related Posts

More than 6,700 VMware servers exposed online and vulnerable to major new bug
Internet Security

More than 6,700 VMware servers exposed online and vulnerable to major new bug

February 25, 2021
Google funds Linux kernel developers to work exclusively on security
Internet Security

Google funds Linux kernel developers to work exclusively on security

February 25, 2021
Want to pass on your old PCs to good causes? Here’s how to do it while staying secure
Internet Security

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

February 24, 2021
Red Hat closes StackRox Kubernetes security acquisition
Internet Security

Red Hat closes StackRox Kubernetes security acquisition

February 24, 2021
COVID pandemic causes spike in cyberattacks against hospitals, medical companies
Internet Security

COVID pandemic causes spike in cyberattacks against hospitals, medical companies

February 24, 2021
Next Post
RANZCR draft guidelines calls for “correct use” of AI and machine learning

RANZCR draft guidelines calls for “correct use” of AI and machine learning

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

More than 6,700 VMware servers exposed online and vulnerable to major new bug
Internet Security

More than 6,700 VMware servers exposed online and vulnerable to major new bug

February 25, 2021
Everything You Need to Know About Evolving Threat of Ransomware
Internet Privacy

Everything You Need to Know About Evolving Threat of Ransomware

February 25, 2021
Machine learning speeding up patent classifications at USPTO
Machine Learning

Machine learning speeding up patent classifications at USPTO

February 25, 2021
How to Make Data Annotation More Efficient? | by ByteBridge | Feb, 2021
Neural Networks

How to Make Data Annotation More Efficient? | by ByteBridge | Feb, 2021

February 25, 2021
How to Nail Virtual and Digital Communication
Marketing Technology

How to Nail Virtual and Digital Communication

February 25, 2021
Google funds Linux kernel developers to work exclusively on security
Internet Security

Google funds Linux kernel developers to work exclusively on security

February 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • More than 6,700 VMware servers exposed online and vulnerable to major new bug February 25, 2021
  • Everything You Need to Know About Evolving Threat of Ransomware February 25, 2021
  • Machine learning speeding up patent classifications at USPTO February 25, 2021
  • How to Make Data Annotation More Efficient? | by ByteBridge | Feb, 2021 February 25, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates