March 2019 Patch Tuesday is here, addressing 64 vulnerabilities in Windows, 17 of which are critical, 45 important, oe moderate and another one low-severity in rating. Two of these vulnerabilities, CVE-2019-0797 and CVE-2019-0808, have been exploited in the wild.
This month’s Patch Tuesday addressed flaws in .NET Framework, Microsoft Edge, Exchange, Internet Explorer, Microsoft Office, Office Services and Web Apps, NuGet, Team Foundation Server, and Windows. It’s important to note that seven of the vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative.
More about CVE-2019-0797 and CVE-2019-0808
CVE-2019-0797 and CVE-2019-0808 are described as Win32k elevation of privilege vulnerabilities which are nearly identical.
As explained by Trend Micro’s Zero Day Initiative, one was reported by Kaspersky Labs while the other was reported by the Google Threat Analysis Group, which implies both of these have been spotted in targeted malware. The vulnerabilities could allow an attacker to elevate privileges and take over a system after access to this system is already obtained.
While flaws in Win32k are rated Important due to the access requirement, the impact of successful attacks shows why they shouldn’t be ignored, the researchers said.
As for the rest of the vulnerabilities addressed through this month’s share of patches, nearly all of the critical flaws could lead remote execution attacks, where different versions of Windows 10 and Server editions could be impacted. Most of these vulnerabilities are located in Chakra Scripting Engine, VBScript Engine, DHCP Client, and IE.
The rest of the flaws could be exploited in information disclosure and denial-of-service attacks.
As for users who may experience issues with updates, Microsoft just introduced a new safety feature which is designed to improve the way updates are installed and removed on Windows 10. The new feature will automatically uninstall problematic software updates whenever Windows 10 detects a startup failure. From now on, Microsoft will be removingrecently installed updates which turned out buggy.