Tech

Microsoft March Patch Tuesday comes with fixes for two Windows zero-days

Microsoft patches 64 vulnerabilities in the March 2019 Patch Tuesday, 17 of which are rated critical.

Written by Catalin Cimpanu, Contributor on March 12, 2019

Microsoft rolled out today its monthly batch of security patches known as Patch Tuesday.

Security

This month, the Redmond-based company fixed 64 vulnerabilities, 17 of which were rated critical, including two zero-days affecting in its main product, the Windows operating system.

First Windows zero-day

The first of these zero-days is one that Google made public last week. Google said this zero-day was being abused in attacks against Windows 7 32-bit users.

Today Microsoft didn't release patches for Windows 7 only, but also for Windows Server 2008 systems, which are also impacted by this issue --tracked as CVE-2019-0808.

According to a Google security alert from last week, attackers used the Windows zero-day together with a Chrome zero-day to escape the Chrome browser sandbox and execute malicious code on targeted systems.

CVE-2019-0808's role in the exploit chain was to allow attackers to execute their malicious code with elevated admin privileges once the Chrome zero-day helped attackers escape from the Chrome security sandbox.

Google, too, patched its side of the aisle last week, with the release of Chrome 72.0.3626.121.

Second Windows zero-day

Further, Microsoft also patched a second zero-day today, discovered by Kaspersky researchers, and tracked as CVE-2019-0797. Just like the first, this zero-day is an elevation of privilege (EoP) bug that can allow attackers to run code with admin privileges.

"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory," Microsoft said today in a security advisory. "An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

This zero-day impacts all Windows versions, including Windows 10. Neither Microsoft or Kaspersky revealed any details about the attacks exploiting this zero-day.

Other fixes

In addition to the two zero-days, Microsoft fixed (again) three major vulnerabilities in the Windows DHCP client that could allow remote attackers to take over vulnerable machines (CVE-2019-0697, CVE-2019-0698, and CVE-2019-0726).

The OS maker has been patching lots of these DHCP security flaws lately, with at least one in almost every Patch Tuesday released in the last few months.

3 more DHCP client critical RCEs this month! https://t.co/2T6VbvBDox https://t.co/EZ7Olk4j7U https://t.co/u9jS8hDfJy
— Brandon Falk (@gamozolabs) March 12, 2019

Last but not least, Microsoft also corrected a patch for a Windows Deployment Services (WDS) bug it initially fixed last year. This bug is different from a similar WDS bug reported by Check Point.

For additional information on the other bugs patched in this month's Patch Tuesday, please refer to the table embedded below, or to this Patch Tuesday report generated by ZDNet or this alternative one assembled by Trend Micro's Zero-Day Initiative, or this one by SANS.

Tag	CVE ID	CVE Title
Servicing Stack Updates	ADV990001	Latest Servicing Stack Updates
Adobe Flash Player	ADV190008	March 2019 Adobe Flash Security Update
Microsoft Windows	ADV190009	SHA-2 Code Sign Support Advisory
Microsoft Windows	ADV190010	Best Practices Regarding Sharing of a Single User Account Across Multiple Users
Active Directory	CVE-2019-0683	Active Directory Elevation of Privilege Vulnerability
Azure	CVE-2019-0816	Azure SSH Keypairs Security Feature Bypass Vulnerability
Internet Explorer	CVE-2019-0768	Internet Explorer Security Feature Bypass Vulnerability
Internet Explorer	CVE-2019-0761	Internet Explorer Security Feature Bypass Vulnerability
Internet Explorer	CVE-2019-0763	Internet Explorer Memory Corruption Vulnerability
Microsoft Browsers	CVE-2019-0780	Microsoft Browser Memory Corruption Vulnerability
Microsoft Browsers	CVE-2019-0762	Microsoft Browsers Security Feature Bypass Vulnerability
Microsoft Edge	CVE-2019-0612	Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge	CVE-2019-0678	Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Edge	CVE-2019-0779	Microsoft Edge Memory Corruption Vulnerability
Microsoft Graphics Component	CVE-2019-0808	Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2019-0774	Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component	CVE-2019-0797	Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component	CVE-2019-0614	Windows GDI Information Disclosure Vulnerability
Microsoft JET Database Engine	CVE-2019-0617	Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office	CVE-2019-0748	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office SharePoint	CVE-2019-0778	Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine	CVE-2019-0592	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0746	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0639	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0783	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0609	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0611	Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0666	Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine	CVE-2019-0769	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0665	Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine	CVE-2019-0667	Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine	CVE-2019-0680	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0773	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0770	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0771	Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine	CVE-2019-0772	Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Windows	CVE-2019-0603	Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
Microsoft Windows	CVE-2019-0754	Windows Denial of Service Vulnerability
Microsoft Windows	CVE-2019-0765	Comctl32 Remote Code Execution Vulnerability
Microsoft Windows	CVE-2019-0766	Microsoft Windows Elevation of Privilege Vulnerability
Microsoft Windows	CVE-2019-0784	Windows ActiveX Remote Code Execution Vulnerability
Microsoft XML	CVE-2019-0756	MS XML Remote Code Execution Vulnerability
NuGet	CVE-2019-0757	NuGet Package Manager Tampering Vulnerability
Skype for Business	CVE-2019-0798	Skype for Business and Lync Spoofing Vulnerability
Team Foundation Server	CVE-2019-0777	Team Foundation Server Cross-site Scripting Vulnerability
Visual Studio	CVE-2019-0809	Visual Studio Remote Code Execution Vulnerability
Windows DHCP Client	CVE-2019-0726	Windows DHCP Client Remote Code Execution Vulnerability
Windows DHCP Client	CVE-2019-0697	Windows DHCP Client Remote Code Execution Vulnerability
Windows DHCP Client	CVE-2019-0698	Windows DHCP Client Remote Code Execution Vulnerability
Windows Hyper-V	CVE-2019-0695	Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V	CVE-2019-0690	Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V	CVE-2019-0701	Windows Hyper-V Denial of Service Vulnerability
Windows Kernel	CVE-2019-0702	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2019-0696	Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel	CVE-2019-0775	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2019-0755	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2019-0767	Windows Kernel Information Disclosure Vulnerability
Windows Kernel	CVE-2019-0782	Windows Kernel Information Disclosure Vulnerability
Windows Kernel-Mode Drivers	CVE-2019-0776	Win32k Information Disclosure Vulnerability
Windows Print Spooler Components	CVE-2019-0759	Windows Print Spooler Information Disclosure Vulnerability
Windows SMB Server	CVE-2019-0704	Windows SMB Information Disclosure Vulnerability
Windows SMB Server	CVE-2019-0703	Windows SMB Information Disclosure Vulnerability
Windows SMB Server	CVE-2019-0821	Windows SMB Information Disclosure Vulnerability
Windows Subsystem for Linux	CVE-2019-0689	Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Subsystem for Linux	CVE-2019-0682	Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Subsystem for Linux	CVE-2019-0694	Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Subsystem for Linux	CVE-2019-0693	Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Subsystem for Linux	CVE-2019-0692	Windows Subsystem for Linux Elevation of Privilege Vulnerability

Additional information is also available on Microsoft's official Security Update Guide portal, which also includes interactive filtering options so users can find the updates and patches for only the products that are of interest.

Since the Microsoft Patch Tuesday is also the day when other vendors also release security patches, it's also worth mentioning that Adobe released its batch earlier today. This month, the company has shipped security updates for Adobe Photoshop CC, its image editing software, and Digital Editions, its e-book reader app.

Another company which released security updates is SAP. Its updates are here.