A new Microsoft security update released for March 2019 under patch Tuesday with the fixes for 64 vulnerabilities, so its time to update your Windows System.
These patched vulnerabilities are affected by many of the Microsoft products including,
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office SharePoint
- ChakraCore
- Team Foundation Server
- Skype for Business
- Visual Studio
- NuGet
Among the 64 vulnerabilities, 15 being classified as “Critical” and the rest of the are categorized under arbitrary, moderate, low severity.
2 Active Zero-day Bug Fixes
This new Microsoft security update includes an active exploit discovered by Kaspersky and Google.
Google recently announced critical browser update for a vulnerability that affected a windows 7 to run arbitrary code and take the full control of the system and it’s fixed now CVE-2019-0808
This vulnerability allow attackers to install programs; view, change, or delete data; or create new accounts with full user rights.
Another vulnerability (CVE-2019-0797)that reported by Kaspersky researchers is an elevation of privilege vulnerability exists in Windows when the Win32k component fails arbitrary.
An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Microsoft security updates
This Microsoft security update fixed the vulnerabilities in following product and here you can access the complete details of respective vulnerability .
Internet Explorer
| Internet Explorer | CVE-2019-0768 | Internet Explorer Security Feature Bypass Vulnerability | Important |
| Internet Explorer | CVE-2019-0761 | Internet Explorer Security Feature Bypass Vulnerability | Important |
| Internet Explorer | CVE-2019-0763 | Internet Explorer Memory Corruption Vulnerability | Critical |
Microsoft Edge
| Microsoft Edge | CVE-2019-0612 | Microsoft Edge Security Feature Bypass Vulnerability | Important |
| Microsoft Edge | CVE-2019-0678 | Microsoft Edge Elevation of Privilege Vulnerability | Important |
| Microsoft Edge | CVE-2019-0779 | Microsoft Edge Memory Corruption Vulnerability | Important |
Microsoft Graphics Component
| Microsoft Graphics Component | CVE-2019-0808 | Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-0774 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-0797 | Win32k Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-0614 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Scripting Engine
| Microsoft Scripting Engine | CVE-2019-0592 | Chakra Scripting Engine Memory Corruption Vulnerability | Moderate |
| Microsoft Scripting Engine | CVE-2019-0746 | Chakra Scripting Engine Memory Corruption Vulnerability | Low |
| Microsoft Scripting Engine | CVE-2019-0639 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-0783 | Scripting Engine Memory Corruption Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2019-0609 | Scripting Engine Memory Corruption Vulnerability | Moderate |
| Microsoft Scripting Engine | CVE-2019-0611 | Chakra Scripting Engine Memory Corruption Vulnerability | Low |
| Microsoft Scripting Engine | CVE-2019-0666 | Windows VBScript Engine Remote Code Execution Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-0769 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-0665 | Windows VBScript Engine Remote Code Execution Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2019-0667 | Windows VBScript Engine Remote Code Execution Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-0680 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-0773 | Scripting Engine Memory Corruption Vulnerability | Moderate |
| Microsoft Scripting Engine | CVE-2019-0770 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-0771 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-0772 | Windows VBScript Engine Remote Code Execution Vulnerability | Important |
Windows Subsystem for Linux
| Windows Subsystem for Linux | CVE-2019-0689 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important |
| Windows Subsystem for Linux | CVE-2019-0682 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important |
| Windows Subsystem for Linux | CVE-2019-0694 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important |
| Windows Subsystem for Linux | CVE-2019-0693 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important |
| Windows Subsystem for Linux | CVE-2019-0692 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important |
Windows DHCP Client
| Windows DHCP Client | CVE-2019-0726 | Windows DHCP Client Remote Code Execution Vulnerability | Critical |
| Windows DHCP Client | CVE-2019-0697 | Windows DHCP Client Remote Code Execution Vulnerability | Critical |
| Windows DHCP Client | CVE-2019-0698 | Windows DHCP Client Remote Code Execution Vulnerability | Critical |
Microsoft Windows
| Microsoft Windows | CVE-2019-0603 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | ADV190010 | Best Practices Regarding Sharing of a Single User Account Across Multiple Users | N/A |
| Microsoft Windows | ADV190009 | SHA-2 Code Sign Support Advisory | N/A |
| Microsoft Windows | CVE-2019-0754 | Windows Denial of Service Vulnerability | Important |
| Microsoft Windows | CVE-2019-0765 | Comctl32 Remote Code Execution Vulnerability | Important |
| Microsoft Windows | CVE-2019-0766 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-0784 | Windows ActiveX Remote Code Execution Vulnerability | Critical |
Windows Hyper-V
| Windows Hyper-V | CVE-2019-0695 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2019-0690 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2019-0701 | Windows Hyper-V Denial of Service Vulnerability | Important |
Others
| Microsoft XML | CVE-2019-0756 | MS XML Remote Code Execution Vulnerability | Critical |
| NuGet | CVE-2019-0757 | NuGet Package Manager Tampering Vulnerability | Important |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
| Skype for Business | CVE-2019-0798 | Skype for Business and Lync Spoofing Vulnerability | Important |
| Team Foundation Server | CVE-2019-0777 | Team Foundation Server Cross-site Scripting Vulnerability | Low |
| Visual Studio | CVE-2019-0809 | Visual Studio Remote Code Execution Vulnerability | Important |
| Active Directory | CVE-2019-0683 | Active Directory Elevation of Privilege Vulnerability | Important |
| Adobe Flash Player | ADV190008 | March 2019 Adobe Flash Security Update | Low |
| Azure | CVE-2019-0816 | Azure SSH Keypairs Security Feature Bypass Vulnerability | Moderate |
| Microsoft Office | CVE-2019-0748 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-0778 | Microsoft Office SharePoint XSS Vulnerability | Important |
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
