Microsoft February Patch Tuesday Addressed A Zero Day And Numerous Critical Bugs

In January, Microsoft’s scheduled updates fixed numerous security flaws that included some few critical ones. However, with Microsoft February Patch Tuesday update bundle, the vendors address quite a bunch of critical vulnerabilities. It also addresses a zero-day bug in Internet Explorer.

Microsoft February Patch Tuesday Fixed IE Zero-Day

With February’s scheduled updates, Microsoft has patched a zero-day vulnerability affecting Internet Explorer. The vulnerability (CVE-2019-0676) allegedly existed due to improper object handling in memory. Describing the flaw in their advisory, Microsoft stated,

“An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website.”

As revealed, exploiting the bug could result in information disclosure. Microsoft confirms active exploits of the flaw. Therefore, the users must ensure updating their systems to the patched versions to avoid any chaos later.

76 Other Flaws Also Fixed Including 20 Critical Bugs

Apart from the zero-day, Microsoft has also fixed 76 other vulnerabilities together with 20 critical security flaws. These include 2 Microsoft SharePoint RCE flaws, 11 Scripting Engine Memory Corruption flaws in Microsoft Edge, 3 Microsoft Edge Memory Corruption vulnerabilities, 1 RCE flaw in Windows DHCP Server, 1 IE memory corruption vulnerability, and 2 GDI+ RCE flaws.

Besides, Microsoft has also fixed 54 important security flaws. Two of such vulnerabilities existed in Windows SMB (CVE-2019-0630 and CVE-2019-0633) server handling. Each of these could allow an attacker for remote code execution. Regarding the exploit, Microsoft stated in the advisories,

“A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests… To exploit the vulnerability, in most situations, an authenticated attacker could send a specially crafted packet to a targeted SMBv2 server.”

Whereas, the other Microsoft products receiving security fixes with this update bundle include Microsoft Windows, ChakraCore, MS Office and web apps, .NET Framework, Microsoft Dynamic, Microsoft Exchange Server, and a few others.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients