marcha 2019 Patch Tuesday é aqui, abordando 64 vulnerabilidades no Windows, 17 dos quais são críticos, 45 importante, OE moderada e uma outra de baixa severidade na classificação. Duas dessas vulnerabilidades, CVE-2019-0797 e CVE-2019-0808, foram explorados na natureza.
This month’s Patch Tuesday addressed flaws in .NET Framework, Microsoft borda, Troca, Internet Explorer, Microsoft Office, Serviços de escritório e aplicativos da Web, NuGet, Team Foundation Server, e Windows. It’s important to note that seven of the vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative.
More about CVE-2019-0797 and CVE-2019-0808
CVE-2019-0797 and CVE-2019-0808 are described as Win32k elevation of privilege vulnerabilities which are nearly identical.
As explained by Trend Micro’s Zero Day Initiative, one was reported by Kaspersky Labs while the other was reported by the Google Threat Analysis Group, which implies both of these have been spotted in targeted malware. The vulnerabilities could allow an attacker to elevate privileges and take over a system after access to this system is already obtained.
While flaws in Win32k are rated Important due to the access requirement, the impact of successful attacks shows why they shouldn’t be ignored, os pesquisadores disseram.
As for the rest of the vulnerabilities addressed through this month’s share of patches, nearly all of the critical flaws could lead remote execution attacks, where different versions of Windows 10 and Server editions could be impacted. Most of these vulnerabilities are located in Chakra Scripting Engine, VBScript Engine, DHCP Client, e IE.
The rest of the flaws could be exploited in information disclosure and denial-of-service attacks.
As for users who may experience issues with updates, Microsoft just introduced a new safety feature which is designed to improve the way updates are installed and removed on Windows 10. The new feature will automatically uninstall problematic software updates whenever Windows 10 detects a startup failure. De agora em diante, Microsoft will be removing [wplinkpreview url =”https://sensorstechforum.com/buggy-windows-10-updates-uninstalled-automatically/”] atualizações instaladas recentemente que acabou de buggy.