Microsoft released new security updates for February under patch Tuesday with the fixes for more than 70 vulnerabilities that affected Microsoft products.
This is a second security update for this month and the first security advisory Microsoft releases on earlier of this month for the fixes of Privilege Escalation Vulnerability With Exchange Server.
Most of the vulnerabilities reported by various independent security researchers around the globe for the following Microsoft products.
Microsoft fixed an active Internet Explorer zero-day vulnerability (CVE-2019-0676) in the security updates and the bug allow attackers to send open a malicious website link to exploit the browser flaw.
Also in another bug critical bug in Microsoft’s Exchange Server (CVE-2019-0686) allows a remote attacker with a simple mailbox account to gain administrator privileges.
A Remote code execution vulnerability (CVE-2019-0640) that affected Microsoft Edge browser scripting engine handles also fixed in this security updates.
Edge Flaw allows an attacker who successfully exploited the vulnerability could gain the same user rights as the current user and if the current user logged in as admin then it could lead an attack to gain admin level access and take full control of the affected system.
There are 18 vulnerabilities are marked as critical severity and the vulnerabilities categories under Remote Code Execution and script engine Memory Corruption.
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0655 | Critical |
| Microsoft Edge Memory Corruption Vulnerability | CVE-2019-0650 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0651 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0652 | Critical |
| Microsoft Edge Memory Corruption Vulnerability | CVE-2019-0645 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0642 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0640 | Critical |
| Windows DHCP Server Remote Code Execution Vulnerability | CVE-2019-0626 | Critical |
| GDI+ Remote Code Execution Vulnerability | CVE-2019-0618 | Critical |
| Microsoft SharePoint RCE Vulnerability | CVE-2019-0604 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0605 | Critical |
| Internet Explorer Memory Corruption Vulnerability | CVE-2019-0606 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0607 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0590 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0591 | Critical |
| Scripting Engine Memory Corruption Vulnerability | CVE-2019-0593 | Critical |
| Microsoft SharePoint RCE Vulnerability | CVE-2019-0594 | Critical |
Another fix Microsoft released for Critical DHCP vulnerability (CVE-2019-0626) this month that could allow an attacker to send a specially crafted packet to a DHCP server
Also, Microsoft fixed all the office vulnerabilities that include 19 security updates and 28 non-security updates.
A groundbreaking technique for Kerberos relaying over HTTP, leveraging multicast poisoning, has been recently detailed…
Since mid-2024, cybersecurity researchers have been monitoring a sophisticated Android malware campaign dubbed "Tria Stealer,"…
Proton, the globally recognized provider of privacy-focused services such as Proton VPN and Proton Pass,…
The cybersecurity landscape faces increasing challenges as Arcus Media ransomware emerges as a highly sophisticated…
Proofpoint researchers have identified a marked increase in phishing campaigns and malicious domain registrations designed…
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a sophisticated, state-sponsored…