Today, Microsoft launched its monthly batch of security patches called Patch Tuesday. The company based in Redmond fixed 64 vulnerabilities this month, 17 of which have been rated critical and affecting its main product, Windows.
The first of these zero-days is one that Google announced last week. Google said the zero-day attacks on Windows 7 were abused by 32-bit users. Microsoft today not only released patches for Windows 7, but also for Windows Server 2008 systems affected by this problem-tracked as CVE-2019-0808.
According to last week’s Google security alert, attackers have spent zero-day on Windows with a Chrome zero-day to escape the Chrome browser and run malicious code on targeted systems. CVE-2019-0808‘s role in the exploit chain is to enable attackers; once the Chrome zero-day helped Chrome security attackers escape the Chrome sandbox, to execute their malicious code with increased administrative privileges.
Google, too, last week patched its aisle side, releasing Chrome 72.0.3626.121. SECOND WINDOWS ZERO-DAY Also, a second null-day, found by Kaspersky researchers, was patched and tracked by Microsoft as CVE-2019-0797.
Just like the first one, this zero-day is a privilege (EoP) error that allows attackers to execute code with administrative privileges. “The privilege vulnerability in Windows is increased if Win32k does not handle objects correctly in memory,” said Microsoft in a security advisory today. “An attacker who has been successful in exploiting this vulnerability could run arbitrary kernel code.
An assailant could then install programs, view, and change or delete data, or create new full user rights accounts.” Neither Microsoft nor Kaspersky revealed details about the zero-day attacks. Additional corrections In addition to the two zero-days, Microsoft has fixed (again) three main Windows DHCP client vulnerabilities, which may allow remote attackers to seize the vulnerable machines (CVE-2019-0697, CVE-2019-0698, and CVE-2019-0726).
The OS maker recently patched many of these DHCP security failures, with at least one patch released in the last few months on nearly every Tuesday. Finally, Microsoft has also corrected the patch for a bug initially fixed by Windows Deployment Services (WDS) last year.
This bug is not the same as a similar Check Point WDS bug. Please see the table below or the report generated by Trend Micro’s Zero-Day Initiative, or by SANS, for additional information on the other bugs that were patched this month in Patch Tuesday. Further data can also be found on the official Microsoft Security Update Guide website, including interactive filtering options, allowing users to find updates and patches for only products of interest. Since Microsoft Patch Tuesday is also the day when other sellers release security patches, Adobe released its batch earlier today.
This month, Adobe Photoshop CC, its Image editing software and Digital Editions, its E-book reader application, have sent security update. SAP is another company that has released security updates. Here are his updates.
Leave a Reply