Microsoft released security fixes for a total of 64 vulnerabilities across its multiple products. Out of the 64, 17 are rated critical, 45 are important, one moderate and one low on the severity scale. In addition to security updates, Microsoft has also released 4 advisories. This month’s patches cover fixes for the flaws discovered in Microsoft Windows, Microsoft Edge, Internet Explorer, Exchange Server, ChakraCore, the .NET Framework, Team Foundation Server, Visual Studio, Windows Hyper-V and NuGet package manager.
Patches for two widely exploited vulnerabilities - Two zero-day privilege escalation vulnerabilities - CVE-2019-0808 and CVE-2019-0797 were found to be actively exploited in wild. These flaws have been fixed as a part of this month’s Patch Tuesday. While CVE-2019-0808 existed in Windows 7, CVE-2019-0797 affected Windows 8, Windows 10, and Windows Server versions 2012, 2016, and 2019.
Citing the perils of the CVE-2019-0797 vulnerability, Microsoft said, “An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Microsoft also fixed two bugs that are reported to be disclosed publicly. This includes a Windows denial of service vulnerability ((CVE-2019-0754) and a vulnerability in the NuGet Package Manager (CVE-2019-0757).
Other patches - Other critical vulnerabilities that are addressed in the newly released security updates are memory corruption vulnerability in Internet Explorer (CVE-2019-0763), memory corruption vulnerabilities in Scripting Engine ((CVE-2019-0770, CVE-2019-0769, CVE-2019-0771 and CVE-2019-0773) and Remote code execution vulnerabilities in Windows VBScript Engine ( (CVE-2019-0666 and (CVE-2019-0667).
“Microsoft also released several patches for Microsoft Edge this month, including CVE-2019-0769, CVE-2019-0770, CVE-2019-0771 and CVE-2019-0773. All of these vulnerabilities are ChakraCore scripting engine vulnerabilities affecting Microsoft Edge running on Windows 10, and if exploited could allow an attacker to exploit arbitrary code. Unlike February’s disclosure, none of these vulnerabilities appear to be exploited in the wild at this time,” said Recorded Future’s Senior Solutions Architect Allan Liska, SC Magazine reported.
Users are urged to apply these security patches at the earliest in order to stay safe from unwanted risks or attacks.