Patch Tuesday: Microsoft Security Bulletin Summary for March 2019

Microsoft Patch Tuesday March 2019 is back with its monthly set of security updates and brings with it 64 vulnerabilities. 17 of them are rated critical, 45 are rated important, 1 rated moderate and another rated low in severity using a vulnerability scanning tool. Also, 35 CVEs were reported for Windows alone, which is the highest count amongst the vulnerabilities reported for other products this month. However, 4 CVEs were publicly disclosed and 2 CVEs are being exploited in the wild. The devil is in the details.

Also, Microsoft brought us news on the eve of Patch Tuesday claiming that faulty fixesand updates installed on Windows10 will be automatically uninstalled when it detects a startup failure and when all other automatic recovery attempts have been unsuccessful on your machine. It also claims that such updates will be prevented from installing on the system for the next 30 days, so that the systems can run as expected and in the meantime, Microsoft can probe into the issue using a patch management solution.

CVE-2019-0797 and CVE-2019-0808 were reported by Kaspersky Lab and Google’s Threat Analysis Group respectively. These are important elevation of privilege vulnerabilities in Windows. The flaw exists in Win32k component due to improper handling of objects in the memory. However, An attacker could run arbitrary code in kernel mode on successful exploitation. Also, The fact that the attacker would have to be logged on to the system to exploit this vulnerability seems to be a blessing in disguise. But once an attacker makes his way through, he can take control of the system by running a specially crafted file. While there is no clear information about the threat groups or malware exploiting these CVEs, sources point out that CVE-2019-0808 and CVE-2019-5786, a Google Chrome Zero Day reported last week, were exploited together. Also, The Windows zero-day and the Chrome zero-day were used to bypass the Chrome browser sandbox and execute malicious code on vulnerable machines.

Microsoft spilled the beans for 4 CVEs ahead of time. These are four unique and important vulnerabilities.

• CVE-2019-0809 : This is a remote code execution vulnerability in Visual Studio. The flaw exists when Visual Studio C++ Redistributable Installer fails to validate input before loading dynamic link library (DLL) files. This allows an attacker to execute arbitrary code in the context of the current user.
• CVE-2019-0757 : This is a tampering vulnerability in the NuGet Package Manager for Linux and Mac. An authenticated attacker could modify a NuGet package’s folder structure and change files and folders that are unpackaged on a system.
• CVE-2019-0754 : This is a denial of service vulnerability in Windows. The flaw exists due to improper handling of objects in memory. An attacker who logs on to the system and runs a specially crafted file could cause a target system to stop responding.
• CVE-2019-0683 : This is an elevation of privilege vulnerability in Active Directory Forest trusts. An attacker who has compromised an Active Directory forest can request delegation of a TGT for an identity from the trusted forest due to an improper default setting. This allows an attacker to impersonate user identity.

• Adobe Flash Player
• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office and Microsoft Office SharePoint
• ChakraCore
• Team Foundation Server
• Skype for Business
• Visual Studio
• NuGet

1. Product : Internet ExplorerCVEs/Advisory : CVE-2019-0609, CVE-2019-0665, CVE-2019-0666, CVE-2019-0667, CVE-2019-0680, CVE-2019-0746, CVE-2019-0761, CVE-2019-0762, CVE-2019-0763, CVE-2019-0768, CVE-2019-0780, CVE-2019-0783Severity : CriticalImpact : Remote Code Execution and then Security Feature BypassKBs : 4489868, 4489871, 4489872, 4489873, 4489878, 4489880, 4489881, 4489882, 4489886, 4489891, 4489899

2. Product : Microsoft EdgeCVEs/Advisory : CVE-2019-0592, CVE-2019-0609, CVE-2019-0611, CVE-2019-0612, CVE-2019-0639, CVE-2019-0678, CVE-2019-0746, CVE-2019-0762, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0779, CVE-2019-0780Severity : CriticalImpact : Elevation of Privilege, Information Disclosure, Remote Code Execution and then Security Feature BypassKBs : 4489868, 4489871, 4489872, 4489882, 4489886, 4489899

3. Product : Microsoft WindowsCVEs/Advisory : ADV190009, CVE-2019-0603, CVE-2019-0614, CVE-2019-0617, CVE-2019-0682, CVE-2019-0683, CVE-2019-0689, CVE-2019-0690, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694, CVE-2019-0695, CVE-2019-0696, CVE-2019-0697, CVE-2019-0698, CVE-2019-0701, CVE-2019-0702, CVE-2019-0703, CVE-2019-0704, CVE-2019-0726, CVE-2019-0754, CVE-2019-0755, CVE-2019-0756, CVE-2019-0759, CVE-2019-0765, CVE-2019-0766, CVE-2019-0767, CVE-2019-0772, CVE-2019-0774, CVE-2019-0775, CVE-2019-0776, CVE-2019-0782, CVE-2019-0784, CVE-2019-0797, CVE-2019-0808, CVE-2019-0821Severity : CriticalImpact : Denial of Service, Elevation of Privilege, Information Disclosure and then Remote Code ExecutionKBs : 4474419, 4489868, 4489871, 4489872, 4489876, 4489878, 4489880, 4489881, 4489882, 4489883, 4489884, 4489885, 4489886, 4489891, 4489899

4. Product : Microsoft Office and Microsoft Office SharePointCVEs/Advisory : CVE-2019-0748, CVE-2019-0778, CVE-2019-0798Severity : ImportantImpact : Remote Code Execution, Spoofing and then TamperingKBs : 4462208, 4462211, 4462226

5. Product : ChakraCoreCVEs/Advisory : CVE-2019-0592, CVE-2019-0609, CVE-2019-0611, CVE-2019-0639, CVE-2019-0746, CVE-2019-0769, CVE-2019-0771, CVE-2019-0773Severity : CriticalImpact : Elevation of Privilege, Information Disclosure and then Remote Code Execution

6. Product : Team Foundation ServerCVEs/Advisory : CVE-2019-0777Severity : LowImpact : Spoofing

7. Product : Adobe Flash PlayerCVEs/Advisory : ADV190008Severity : LowImpact : Defense in DepthKBs : 4489907

8. Product : Skype for BusinessCVEs/Advisory : CVE-2019-0798Severity : ImportantImpact : SpoofingKBs : 3061064

9. Product : NuGetCVEs/Advisory : CVE-2019-0757Severity : ImportantImpact : Tampering

10. Product : Visual StudioCVEs/Advisory : CVE-2019-0757, CVE-2019-0809Severity : ImportantImpact : Tampering, Remote Code Execution

However, SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Also, Download Saner now and keep your systems updated and secure.