Microsoft Patch Tuesday March 2019 Overview
Microsoft has released its March 2019 Patch Tuesday security updates, addressing a total of 64 vulnerabilities, with 17 rated as critical. These patches affect core products, especially the Windows operating system.
Among the vulnerabilities patched, two significant zero-day exploits were identified that targeted both consumer and enterprise systems.
Zero-Day Vulnerability: CVE-2019-0808
One of the most severe flaws, tracked as CVE-2019-0808, was revealed by Google last week. The bug was actively exploited by attackers targeting Windows 7 and Windows Server 2008 users running 32-bit architecture.
This vulnerability was part of an exploit chain alongside a Chrome zero-day vulnerability, allowing attackers to escape Chrome’s sandbox and execute malicious code with elevated administrative privileges.
Microsoft confirmed the patch now prevents attackers from abusing this flaw. Google also patched Chrome with version 72.0.3626.121, closing the other half of the exploit.
Second Zero-Day: CVE-2019-0797
Another privilege escalation bug patched during Microsoft Patch Tuesday March 2019 was tracked as CVE-2019-0797.
Discovered by Kaspersky researchers, this elevation of privilege (EoP) vulnerability existed in the Windows kernel (Win32k). If exploited, attackers could run arbitrary code in kernel mode, install programs, change or delete data, or create accounts with full administrative rights.
While Microsoft confirmed limited attacks in the wild, details of the campaigns have not yet been disclosed.
Microsoft Patches DHCP Client Flaws
In addition to zero-days, Microsoft also released fixes for three critical DHCP client vulnerabilities:
-
CVE-2019-0697
-
CVE-2019-0698
-
CVE-2019-0726
These flaws could allow remote attackers to take over vulnerable machines simply by sending malicious DHCP responses.
This is not the first time Microsoft has patched DHCP vulnerabilities — recent Patch Tuesday cycles have repeatedly addressed DHCP-related issues due to their high exploitation potential.
Additional Microsoft Security Updates
Beyond zero-days and DHCP flaws, Microsoft also released fixes for:
-
Windows Deployment Services (WDS)Â vulnerabilities.
-
Multiple Windows client and server security flaws.
-
Updates for Edge and Internet Explorer browser vulnerabilities.
Patch Management for Enterprises
For IT administrators, CISOs, and security teams, March 2019’s Patch Tuesday security updates highlight the urgent need for:
-
Immediate patch deployment for CVE-2019-0808 and CVE-2019-0797.
-
Strong patch management strategies to ensure timely updates.
-
Using vulnerability scanning tools to verify patch effectiveness.
-
Educating teams on attack chains combining Chrome and Windows flaws.
Failure to patch could leave corporate environments highly vulnerable to remote code execution exploits and targeted cyberattacks.
Security Patches from Other Vendors
Microsoft Patch Tuesday often coincides with updates from other vendors. In March 2019:
-
Adobe issued security updates for Photoshop CC and Digital Editions.
-
SAPÂ released new patches for enterprise software.
This highlights the importance of a comprehensive patching strategy that goes beyond Microsoft environments to cover all critical business applications.
Conclusion
The March 2019 Microsoft Patch Tuesday update is one of the most significant in recent months, addressing 64 vulnerabilities, including two active zero-day attacks (CVE-2019-0808 and CVE-2019-0797).
For businesses, applying these Microsoft security updates is critical to prevent exploits that enable privilege escalation, remote code execution, and potential ransomware attacks.
CISOs, IT managers, and enterprise security leaders should act quickly to strengthen defenses against these newly disclosed vulnerabilities.