Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/12/2019
05:10 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack

Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild.

Microsoft today rolled out security fixes for 64 security vulnerabilities along with four security advisories.

Of the bugs patched, 17 are rated critical, 45 are important, one moderate, and one low in severity. Four vulnerabilities are publicly known; two have been exploited in the wild. This month's patches cover Microsoft Windows, Office Services and Web Apps, Internet Explorer, Edge, Exchange Server, ChakraCore, the .NET Framework, Team Foundation Services, and NuGet package manager.

The vulns being used in attacks are two zero-day elevation of privilege vulnerabilities in Windows, both rated important, that enable an attacker with system access to escalate their privileges and take over the system.

The first, CVE-2019-0797, was reported by Kaspersky Lab and affects Windows 8, Windows 10, and Windows Server versions 2012, 2016, and 2019. The second, CVE-2019-0808, was reported by the Google Threat Analysis Group. Researchers recently discovered attackers leveraging a Google Chrome vulnerability (CVE-2019-5786) along with the Microsoft flaw to attack systems.

"While bugs in Win32k are rated Important due to the access requirement, the impact of successful attacks shows why they shouldn't be ignored," writes Dustin Childs of Trend Micro's Zero-Day Initiative.

This is the third month in a row Microsoft has issued multiple patches for its Windows Server DHCP service. It started the year fixing RCE vulnerability CVE-2019-0547 in January. The following month it released CVE-2019-0626 to patch a memory corruption bug in its DHCP service that would let a successful attacker run arbitrary code on a target DHCP server.

"There are three Windows DHCP Client Remote Code Execution vulnerabilities with a 9.8 CVSS score in this month's release," noted Satnam Narang, senior research engineer at Tenable, who said the continuance of this patching trend signals "increased attention on finding DHCP bugs."

Now, March brings CVE-2019-0697, CVE-2019-0698, and CVE-2019-0726. Each patch addresses a bug that could let attackers execute code on target systems. It's worth noting none of these vulnerabilities, all rated critical, require user interaction. An attacker could send specially crafted DHCP responses to a client in order to exploit the bug and gain system access.

"Deployment of patches to cover the three RCE vulnerabilities should be prioritized for all Windows systems," said Jimmy Graham, director of product management for Qualys.

Other critical bugs addressed today exist in Chakra Scripting Engine, VBScript Engine, and Internet Explorer.

The day before it released its latest wave of security fixes, Microsoft announced a new Windows 10 feature that automatically uninstalls updates that fail as a result of incompatibility or new software problems. If this happens, users will see a notification saying "We removed some recently installed updates to recover your device from a startup failure," says Microsoft.

This step is only taken if all other automatic recovery has proven unsuccessful.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25821
PUBLISHED: 2020-09-23
** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2020-3130
PUBLISHED: 2020-09-23
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP re...
CVE-2020-3133
PUBLISHED: 2020-09-23
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit t...
CVE-2020-3135
PUBLISHED: 2020-09-23
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based...
CVE-2020-3137
PUBLISHED: 2020-09-23
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because th...