Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack

[InfoSec News <alerts () infosecnews org>]

https://www.darkreading.com/threat-intelligence/microsoft-patch-tuesday-64-vulnerabilities-patched-2-under-attack/d/d-id/1334141

By Kelly Sheridan
Dark Reading
3/12/2019

Microsoft today rolled out security fixes for 64 security vulnerabilities along 
with four security advisories.

Of the bugs patched, 17 are rated critical, 45 are important, one moderate, and 
one low in severity. Four vulnerabilities are publicly known; two have been 
exploited in the wild. This month's patches cover Microsoft Windows, Office 
Services and Web Apps, Internet Explorer, Edge, Exchange Server, ChakraCore, 
the .NET Framework, Team Foundation Services, and NuGet package manager.

The vulns being used in attacks are two zero-day elevation of privilege 
vulnerabilities in Windows, both rated important, that enable an attacker with 
system access to escalate their privileges and take over the system.

The first, CVE-2019-0797, was reported by Kaspersky Lab and affects Windows 8, 
Windows 10, and Windows Server versions 2012, 2016, and 2019. The second, 
CVE-2019-0808, was reported by the Google Threat Analysis Group. Researchers 
recently discovered attackers leveraging a Google Chrome vulnerability 
(CVE-2019-5786) along with the Microsoft flaw to attack systems.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_