Microsoft is back with its monthly set of security updates and brings with it 64 vulnerabilities. 17 of them are rated critical, 45 are rated important, 1 rated moderate and another rated low in severity. 35 CVEs were reported for Windows alone, which is the highest count amongst the vulnerabilities reported for other products this month. 4 CVEs were publicly disclosed and 2 CVEs are being exploited in the wild. The devil is in the details.

Also, Microsoft brought us news on the eve of Patch Tuesday claiming that faulty fixes and updates installed on Windows10 will be automatically uninstalled when it detects a startup failure and when all other automatic recovery attempts have been unsuccessful on your machine. It also claims that such updates will be prevented from installing on the system for the next 30 days, so that the systems can run as expected and in the meantime, Microsoft can probe into the issue.

The two important In-the-Wild Windows Zero-Days

CVE-2019-0797 and CVE-2019-0808 were reported by Kaspersky Lab and Google’s Threat Analysis Group respectively. These are important elevation of privilege vulnerabilities in Windows. The flaw exists in Win32k component due to improper handling of objects in the memory. An attacker could run arbitrary code in kernel mode on successful exploitation. The fact that the attacker would have to be logged on to the system to exploit this vulnerability seems to be a blessing in disguise. But once an attacker makes his way through, he can take control of the system by running a specially crafted file. While there is no clear information about the threat groups or malware exploiting these CVEs, sources point out that CVE-2019-0808 and CVE-2019-5786, a Google Chrome Zero Day reported last week, were exploited together. The Windows zero-day and the Chrome zero-day were used to bypass the Chrome browser sandbox and execute malicious code on vulnerable machines.

Publicly Disclosed Vulnerabilities

Microsoft spilled the beans for 4 CVEs ahead of time. These are four unique and important vulnerabilities.

  • CVE-2019-0809 : This is a remote code execution vulnerability in Visual Studio. The flaw exists when Visual Studio C++ Redistributable Installer fails to validate input before loading dynamic link library (DLL) files. This allows an attacker to execute arbitrary code in the context of the current user.
  • CVE-2019-0757 : This is a tampering vulnerability in the NuGet Package Manager for Linux and Mac. An authenticated attacker could modify a NuGet package’s folder structure and change files and folders that are unpackaged on a system.
  • CVE-2019-0754 : This is a denial of service vulnerability in Windows. The flaw exists due to improper handling of objects in memory. An attacker who logs on to the system and runs a specially crafted file could cause a target system to stop responding.
  • CVE-2019-0683 : This is an elevation of privilege vulnerability in Active Directory Forest trusts. An attacker who has compromised an Active Directory forest can request delegation of a TGT for an identity from the trusted forest due to an improper default setting. This allows an attacker to impersonate user identity.

March 2019 Patch Tuesday release consists of security updates for the following products:

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office SharePoint
  • ChakraCore
  • Team Foundation Server
  • Skype for Business
  • Visual Studio
  • NuGet

Microsoft security bulletin summary for March 2019:

Product : Internet Explorer
CVEs/Advisory : CVE-2019-0609, CVE-2019-0665, CVE-2019-0666, CVE-2019-0667, CVE-2019-0680, CVE-2019-0746, CVE-2019-0761, CVE-2019-0762, CVE-2019-0763, CVE-2019-0768, CVE-2019-0780, CVE-2019-0783
Severity : Critical
Impact : Remote Code Execution, Security Feature Bypass
KBs : 4489868, 4489871, 4489872, 4489873, 4489878, 4489880, 4489881, 4489882, 4489886, 4489891, 4489899

Product : Microsoft Edge
CVEs/Advisory : CVE-2019-0592, CVE-2019-0609, CVE-2019-0611, CVE-2019-0612, CVE-2019-0639, CVE-2019-0678, CVE-2019-0746, CVE-2019-0762, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0779, CVE-2019-0780
Severity : Critical
Impact : Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
KBs : 4489868, 4489871, 4489872, 4489882, 4489886, 4489899

Product : Microsoft Windows
CVEs/Advisory : ADV190009, CVE-2019-0603, CVE-2019-0614, CVE-2019-0617, CVE-2019-0682, CVE-2019-0683, CVE-2019-0689, CVE-2019-0690, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694, CVE-2019-0695, CVE-2019-0696, CVE-2019-0697, CVE-2019-0698, CVE-2019-0701, CVE-2019-0702, CVE-2019-0703, CVE-2019-0704, CVE-2019-0726, CVE-2019-0754, CVE-2019-0755, CVE-2019-0756, CVE-2019-0759, CVE-2019-0765, CVE-2019-0766, CVE-2019-0767, CVE-2019-0772, CVE-2019-0774, CVE-2019-0775, CVE-2019-0776, CVE-2019-0782, CVE-2019-0784, CVE-2019-0797, CVE-2019-0808, CVE-2019-0821
Severity : Critical
Impact : Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution
KBs : 4474419, 4489868, 4489871, 4489872, 4489876, 4489878, 4489880, 4489881, 4489882, 4489883, 4489884, 4489885, 4489886, 4489891, 4489899

Product : Microsoft Office and Microsoft Office SharePoint
CVEs/Advisory : CVE-2019-0748, CVE-2019-0778, CVE-2019-0798
Severity : Important
Impact : Remote Code Execution, Spoofing, Tampering
KBs : 4462208, 4462211, 4462226

Product : ChakraCore
CVEs/Advisory : CVE-2019-0592, CVE-2019-0609, CVE-2019-0611, CVE-2019-0639, CVE-2019-0746, CVE-2019-0769, CVE-2019-0771, CVE-2019-0773
Severity : Critical
Impact : Elevation of Privilege, Information Disclosure, Remote Code Execution

Product : Team Foundation Server
CVEs/Advisory : CVE-2019-0777
Severity : Low
Impact : Spoofing

Product : Adobe Flash Player
CVEs/Advisory : ADV190008
Severity : Low
Impact : Defense in Depth
KBs : 4489907

Product : Skype for Business
CVEs/Advisory : CVE-2019-0798
Severity : Important
Impact : Spoofing
KBs : 3061064

Product : NuGet
CVEs/Advisory : CVE-2019-0757
Severity : Important
Impact : Tampering

Product : Visual Studio
CVEs/Advisory : CVE-2019-0757, CVE-2019-0809
Severity : Important
Impact : Tampering, Remote Code Execution

SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.

Patch Tuesday: Microsoft Security Bulletin Summary for March 2019
Article Name
Patch Tuesday: Microsoft Security Bulletin Summary for March 2019
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *