Microsoft has issued its first Patch Tuesday for this year to address 49 CVE-listed security vulnerabilities in its Windows operating systems and other products, 7 of which are rated critical, 40 important and 2 moderate in severity.
Just one of the security vulnerabilities patched by the tech giant this month has been reported as being publicly known at the time of release, and none are being actively exploited in the wild.
All the seven critical-rated vulnerabilities lead to remote code execution and primarily impact various versions of Windows 10 and Server editions.
Two of the 7 critical flaws affect Microsoft’s Hyper-V host OS that fails to properly validate input from an authenticated user on a guest operating system, three affect the ChakraCore scripting engine that fails to properly handle objects in memory in Edge, one affects Edge directly that occurs when the browser improperly handles objects in memory, and one impacts the Windows DHCP client that fails to properly handle certain DHCP responses.
The publicly disclosed flaw but not exploited in the wild, identified as CVE-2019-0579 and rated as important, concerns a remote code execution (RCE) vulnerability in the Windows Jet Database engine that could be exploited to execute arbitrary code on a victim’s system by tricking him into opening a specially-crafted file.
Other “Important” vulnerabilities are addressed in the .NET framework, MS Exchange Server, Edge, Internet Explorer, SharePoint, the Office suite, Windows Data Sharing Service, Visual Studio, Outlook, and Windows Subsystem for Linux.
One of the MS Office flaws patched this month is an information disclosure bug (CVE-2019-0560) which exists when Microsoft Office improperly discloses the contents of its memory.
Attackers can exploit this vulnerability by tricking a user into opening a specially crafted Office document. Successful exploitation could allow an attacker to obtain information from the Office memory that can later be used to compromise a victim’s computer or data.
Microsoft credited Tal Dery and Menahem Breuer of Mimecast Research Labs for this vulnerability. To know more details about their findings, you can head on to an advisory and a blog post published by Mimecast.
images from Hacker News