Microsoft March Patch Tuesday Addressed Multiple Flaws And Two Zero-Day Bugs

  • 95
  •  
  •  
  • 1
  •  
  •  
  •  
    96
    Shares

The scheduled Microsoft March Patch Tuesday update bundle has rolled-out. This update bundle also addresses numerous security flaws. In addition, it also fixes two zero-day vulnerabilities affecting Windows.

Fixes For Two Zero-Day Flaws Targeting Windows Users

Microsoft has released the scheduled updates for March 2019. This giant update bundle includes two zero-day flaws.

Reportedly, one of these zero-day flaws was under wild exploits as revealed by Google earlier. Together with a zero-day flaw (CVE-2019-5786) in Google Chrome, the hackers exploited this Windows 7 zero-day (CVE-2019-0808) as a security sandbox escape. About this flaw, Microsoft stated in its advisory,

“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

While Google quickly fixed the vulnerability at their end with the release of Chrome Chrome 72.0.3626.121, Microsoft kept working on a fix. They have now released the patch for this flaw for Windows 7 32-bit systems users.

The other zero-day vulnerability patched by Microsoft is also a privilege escalation flaw similar to the above-mentioned one. However, this zero-day CVE-2019-0797 affected all Windows systems including Windows 10. Microsoft also confirmed active exploits of the flaw in their advisory. However, they haven’t revealed any details about it.

More About Microsoft March Patch Tuesday Updates

In addition to the above two, Microsoft March Patch Tuesday updates also brought fixes for four publicly known vulnerabilities. Microsoft reported no active exploits for them though. These include an active directory elevation of privilege vulnerability (CVE-2019-0683), a remote code execution vulnerability in Visual Studio (CVE-2019-0809), a tampering vulnerability in NuGet Package Manager (CVE-2019-0757) and a Windows denial of service (CVE-2019-0754).

In all, Microsoft’s March updates address 17 critical vulnerabilities, 45 important flaws, 1 moderate severity, and 1 low-severity flaw. The Microsoft products receiving patches include Microsoft Edge, Internet Explorer, Adobe Flash Player, Microsoft Office, Microsoft Office SharePoint, Skype, Team Foundation Server, Microsoft Windows, NuGet, Visual Studio, and ChakraCore.

In February as well, Microsoft patched quite a few of security vulnerabilities including 20 critical and 54 important flaws.

Let us know your thoughts in the comments section.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!