Microsoft March Patch Tuesday comes with fixes for two Windows zero-days

Microsoft patches 64 vulnerabilities in the March 2019 Patch Tuesday, 17 of which are rated critical.

windows-updates-patch-tuesday.jpg

Microsoft rolled out today its monthly batch of security patches known as Patch Tuesday.

This month, the Redmond-based company fixed 64 vulnerabilities, 17 of which were rated critical, including two zero-days affecting in its main product, the Windows operating system.

First Windows zero-day

The first of these zero-days is one that Google made public last week. Google said this zero-day was being abused in attacks against Windows 7 32-bit users.

Today Microsoft didn't release patches for Windows 7 only, but also for Windows Server 2008 systems, which are also impacted by this issue --tracked as CVE-2019-0808.

According to a Google security alert from last week, attackers used the Windows zero-day together with a Chrome zero-day to escape the Chrome browser sandbox and execute malicious code on targeted systems.

CVE-2019-0808's role in the exploit chain was to allow attackers to execute their malicious code with elevated admin privileges once the Chrome zero-day helped attackers escape from the Chrome security sandbox.

Google, too, patched its side of the aisle last week, with the release of Chrome 72.0.3626.121.

Second Windows zero-day

Further, Microsoft also patched a second zero-day today, discovered by Kaspersky researchers, and tracked as CVE-2019-0797. Just like the first, this zero-day is an elevation of privilege (EoP) bug that can allow attackers to run code with admin privileges.

"An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory," Microsoft said today in a security advisory. "An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights."

This zero-day impacts all Windows versions, including Windows 10. Neither Microsoft or Kaspersky revealed any details about the attacks exploiting this zero-day.

Other fixes

In addition to the two zero-days, Microsoft fixed (again) three major vulnerabilities in the Windows DHCP client that could allow remote attackers to take over vulnerable machines (CVE-2019-0697, CVE-2019-0698, and CVE-2019-0726).

The OS maker has been patching lots of these DHCP security flaws lately, with at least one in almost every Patch Tuesday released in the last few months.

Last but not least, Microsoft also corrected a patch for a Windows Deployment Services (WDS) bug it initially fixed last year. This bug is different from a similar WDS bug reported by Check Point.

For additional information on the other bugs patched in this month's Patch Tuesday, please refer to the table embedded below, or to this Patch Tuesday report generated by ZDNet or this alternative one assembled by Trend Micro's Zero-Day Initiative, or this one by SANS.

TagCVE IDCVE Title
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Adobe Flash Player ADV190008 March 2019 Adobe Flash Security Update
Microsoft Windows ADV190009 SHA-2 Code Sign Support Advisory
Microsoft Windows ADV190010 Best Practices Regarding Sharing of a Single User Account Across Multiple Users
Active Directory CVE-2019-0683 Active Directory Elevation of Privilege Vulnerability
Azure CVE-2019-0816 Azure SSH Keypairs Security Feature Bypass Vulnerability
Internet Explorer CVE-2019-0768 Internet Explorer Security Feature Bypass Vulnerability
Internet Explorer CVE-2019-0761 Internet Explorer Security Feature Bypass Vulnerability
Internet Explorer CVE-2019-0763 Internet Explorer Memory Corruption Vulnerability
Microsoft Browsers CVE-2019-0780 Microsoft Browser Memory Corruption Vulnerability
Microsoft Browsers CVE-2019-0762 Microsoft Browsers Security Feature Bypass Vulnerability
Microsoft Edge CVE-2019-0612 Microsoft Edge Security Feature Bypass Vulnerability
Microsoft Edge CVE-2019-0678 Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Edge CVE-2019-0779 Microsoft Edge Memory Corruption Vulnerability
Microsoft Graphics Component CVE-2019-0808 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-0774 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0797 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-0614 Windows GDI Information Disclosure Vulnerability
Microsoft JET Database Engine CVE-2019-0617 Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0748 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2019-0778 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2019-0592 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0746 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0639 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0783 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0609 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0611 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0666 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2019-0769 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0665 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2019-0667 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2019-0680 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0773 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0770 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0771 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0772 Windows VBScript Engine Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0603 Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0754 Windows Denial of Service Vulnerability
Microsoft Windows CVE-2019-0765 Comctl32 Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-0766 Microsoft Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0784 Windows ActiveX Remote Code Execution Vulnerability
Microsoft XML CVE-2019-0756 MS XML Remote Code Execution Vulnerability
NuGet CVE-2019-0757 NuGet Package Manager Tampering Vulnerability
Skype for Business CVE-2019-0798 Skype for Business and Lync Spoofing Vulnerability
Team Foundation Server CVE-2019-0777 Team Foundation Server Cross-site Scripting Vulnerability
Visual Studio CVE-2019-0809 Visual Studio Remote Code Execution Vulnerability
Windows DHCP Client CVE-2019-0726 Windows DHCP Client Remote Code Execution Vulnerability
Windows DHCP Client CVE-2019-0697 Windows DHCP Client Remote Code Execution Vulnerability
Windows DHCP Client CVE-2019-0698 Windows DHCP Client Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-0695 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2019-0690 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2019-0701 Windows Hyper-V Denial of Service Vulnerability
Windows Kernel CVE-2019-0702 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0696 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-0775 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0755 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0767 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0782 Windows Kernel Information Disclosure Vulnerability
Windows Kernel-Mode Drivers CVE-2019-0776 Win32k Information Disclosure Vulnerability
Windows Print Spooler Components CVE-2019-0759 Windows Print Spooler Information Disclosure Vulnerability
Windows SMB Server CVE-2019-0704 Windows SMB Information Disclosure Vulnerability
Windows SMB Server CVE-2019-0703 Windows SMB Information Disclosure Vulnerability
Windows SMB Server CVE-2019-0821 Windows SMB Information Disclosure Vulnerability
Windows Subsystem for Linux CVE-2019-0689 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Subsystem for Linux CVE-2019-0682 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Subsystem for Linux CVE-2019-0694 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Subsystem for Linux CVE-2019-0693 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows Subsystem for Linux CVE-2019-0692 Windows Subsystem for Linux Elevation of Privilege Vulnerability

Additional information is also available on Microsoft's official Security Update Guide portal, which also includes interactive filtering options so users can find the updates and patches for only the products that are of interest.

Since the Microsoft Patch Tuesday is also the day when other vendors also release security patches, it's also worth mentioning that Adobe released its batch earlier today. This month, the company has shipped security updates for Adobe Photoshop CC, its image editing software, and Digital Editions, its e-book reader app.

Another company which released security updates is SAP. Its updates are here.

More vulnerability reports: