Thursday, July 25, 2024
EHA

Microsoft Released Security Updates & Fixed More than 70 Flaws Along with Active Zero-Day Browser Bug

Microsoft released new security updates for February under patch Tuesday with the fixes for more than 70 vulnerabilities that affected Microsoft products.

This is a second security update for this month and the first security advisory Microsoft releases on earlier of this month for the fixes of Privilege Escalation Vulnerability With Exchange Server.

Most of the vulnerabilities reported by various independent security researchers around the globe for the following Microsoft products.

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Framework
  • Microsoft Exchange Server
  • Microsoft Visual Studio
  • Azure IoT SDK
  • Microsoft Dynamics
  • Team Foundation Server
  • Visual Studio Code

Microsoft fixed an active Internet Explorer zero-day vulnerability (CVE-2019-0676) in the security updates and the bug allow attackers to send open a malicious website link to exploit the browser flaw.

Also in another bug critical bug in Microsoft’s Exchange Server  (CVE-2019-0686) allows a remote attacker with a simple mailbox account to gain administrator privileges.

A Remote code execution vulnerability (CVE-2019-0640) that affected Microsoft Edge browser scripting engine handles also fixed in this security updates.

Edge Flaw allows an attacker who successfully exploited the vulnerability could gain the same user rights as the current user and if the current user logged in as admin then it could lead an attack to gain admin level access and take full control of the affected system.

There are 18 vulnerabilities are marked as critical severity and the vulnerabilities categories under Remote Code Execution and script engine Memory Corruption.

Critical Vulnerabilities list

Scripting Engine Memory Corruption VulnerabilityCVE-2019-0655Critical
Microsoft Edge Memory Corruption VulnerabilityCVE-2019-0650Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2019-0651Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2019-0652Critical
Microsoft Edge Memory Corruption Vulnerability CVE-2019-0645Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2019-0642Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2019-0640Critical
Windows DHCP Server Remote Code Execution VulnerabilityCVE-2019-0626Critical
GDI+ Remote Code Execution VulnerabilityCVE-2019-0618Critical
Microsoft SharePoint RCE Vulnerability CVE-2019-0604Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2019-0605Critical
Internet Explorer Memory Corruption VulnerabilityCVE-2019-0606Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2019-0607Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2019-0590Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2019-0591Critical
Scripting Engine Memory Corruption VulnerabilityCVE-2019-0593Critical
Microsoft SharePoint RCE VulnerabilityCVE-2019-0594Critical

Another fix Microsoft released for Critical DHCP vulnerability (CVE-2019-0626) this month that could allow an attacker to send a specially crafted packet to a DHCP server

Also, Microsoft fixed all the office vulnerabilities that include 19 security updates and 28 non-security updates.

Website

Latest articles

ShadowRoot Ransomware Attacking Organizations With Weaponized PDF Documents

A rudimentary ransomware targets Turkish businesses through phishing emails with ".ru" domain sender addresses....

BreachForumsV1 Database Leaked: Private messages, Emails & IP Exposed

BreachForumsV1, a notorious online platform for facilitating illegal activities, has reportedly suffered a massive...

250 Million Hamster Kombat Players Targeted Via Android And Windows Malware

Despite having simple gameplay, the new Telegram clicker game Hamster Kombat has become very...

Beware Of Malicious Python Packages That Steal Users Sensitive Data

Malicious Python packages uploaded by "dsfsdfds" to PyPI infiltrated user systems by exfiltrating sensitive...

Chinese Hackers Using Shared Framework To Create Multi-Platform Malware

Shared frameworks are often prone to hackers' abuses as they have been built into...

BlueStacks Emulator For Windows Flaw Exposes Millions Of Gamers To Attack

A significant vulnerability was discovered in BlueStacks, the world's fastest Android emulator and cloud...

Google Chrome 127 Released with a fix for 24 Security Vulnerabilities

Google has unveiled the latest version of its Chrome browser, Chrome 127, which is...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles