Select Page

It’s time for another batch of “Patch Tuesday” updates from Microsoft.

Microsoft today released its March 2019 software updates to address a total of 64 CVE-listed security vulnerabilities in its Windows operating systems and other products, 17 of which are rated critical, 45 important, one moderate and one low in severity.

The update addresses flaws in Windows, Internet Explorer, Edge, MS Office, and MS Office SharePoint, ChakraCore, Skype for Business, and Visual Studio NuGet.

Four of the security vulnerabilities, all rated important, patched by the tech giant this month were disclosed publicly, of which none were found exploited in the wild.

Microsoft Patches Two Zero-Day Flaws Under Active Attack

Microsoft has also patched two separate zero-day elevation of privilege vulnerabilities in Windows.

Both flaws, also rated as important, reside in Win32k component that hackers are actively exploiting in the wild, including the one that Google warned of last week.

If you are unaware, Google last week released a critical update for Chrome web browser to address a high-severity flaw (CVE-2019-5786) that attackers found exploiting in combination with a Windows vulnerability (CVE-2019-0808).

Successful exploitation of both flaws together allowed remote attackers to execute arbitrary code on targeted computers running Windows 7 or Server 2008 and take full control of them.

The second zero-day elevation of privilege vulnerability in Windows, assigned as CVE-2019-0797, that’s also being exploited in the wild is similar to the first one but affects Windows 10, 8.1, Server 2012, 2016, and 2019.

This flaw was detected and reported to Microsoft by security researchers Vasily Berdnikov and Boris Larin of Kaspersky Labs, who in a blog post today revealed that the flaw has actively been exploited in targeted attacks by several threat actors including, FruityArmor and SandCat.

“CVE-2019-0797 is a race condition that is present in the win32k driver due to a lack of proper synchronisation between undocumented syscalls NtDCompositionDiscardFrame and NtDCompositionDestroyConnection,” the researchers say.

images from Hacker News