Microsoft Patch Tuesday March 2019 is back with its monthly set of security updates and brings with it 64 vulnerabilities. 17 of them are rated critical, 45 are rated important, 1 rated moderate and another rated low in severity using a vulnerability scanning tool. Also, 35 CVEs were reported for Windows alone, which is the highest count amongst the vulnerabilities reported for other products this month. However, 4 CVEs were publicly disclosed and 2 CVEs are being exploited in the wild. The devil is in the details.
Also, Microsoft brought us news on the eve of Patch Tuesday claiming that faulty fixes and updates installed on Windows10 will be automatically uninstalled when it detects a startup failure and when all other automatic recovery attempts have been unsuccessful on your machine. It also claims that such updates will be prevented from installing on the system for the next 30 days, so that the systems can run as expected and in the meantime, Microsoft can probe into the issue using a patch management solution.
The two important In-the-Wild Windows Zero-Days
CVE-2019-0797 and CVE-2019-0808 were reported by Kaspersky Lab and Google’s Threat Analysis Group respectively. These are important elevation of privilege vulnerabilities in Windows. The flaw exists in Win32k component due to improper handling of objects in the memory. However, An attacker could run arbitrary code in kernel mode on successful exploitation. Also, The fact that the attacker would have to be logged on to the system to exploit this vulnerability seems to be a blessing in disguise. But once an attacker makes his way through, he can take control of the system by running a specially crafted file. While there is no clear information about the threat groups or malware exploiting these CVEs, sources point out that CVE-2019-0808 and CVE-2019-5786, a Google Chrome Zero Day reported last week, were exploited together. Also, The Windows zero-day and the Chrome zero-day were used to bypass the Chrome browser sandbox and execute malicious code on vulnerable machines.
Publicly Disclosed Vulnerabilities
Microsoft spilled the beans for 4 CVEs ahead of time. These are four unique and important vulnerabilities.
- CVE-2019-0809 : This is a remote code execution vulnerability in Visual Studio. The flaw exists when Visual Studio C++ Redistributable Installer fails to validate input before loading dynamic link library (DLL) files. This allows an attacker to execute arbitrary code in the context of the current user.
- CVE-2019-0757 : This is a tampering vulnerability in the NuGet Package Manager for Linux and Mac. An authenticated attacker could modify a NuGet package’s folder structure and change files and folders that are unpackaged on a system.
- CVE-2019-0754 : This is a denial of service vulnerability in Windows. The flaw exists due to improper handling of objects in memory. An attacker who logs on to the system and runs a specially crafted file could cause a target system to stop responding.
- CVE-2019-0683 : This is an elevation of privilege vulnerability in Active Directory Forest trusts. An attacker who has compromised an Active Directory forest can request delegation of a TGT for an identity from the trusted forest due to an improper default setting. This allows an attacker to impersonate user identity.
Microsoft Patch Tuesday March 2019 release consists of security updates for the following products:
- Adobe Flash Player
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office SharePoint
- ChakraCore
- Team Foundation Server
- Skype for Business
- Visual Studio
- NuGet
Microsoft security bulletin summary for March 2019:
- Product : Internet Explorer
CVEs/Advisory : CVE-2019-0609, CVE-2019-0665, CVE-2019-0666, CVE-2019-0667, CVE-2019-0680, CVE-2019-0746, CVE-2019-0761, CVE-2019-0762, CVE-2019-0763, CVE-2019-0768, CVE-2019-0780, CVE-2019-0783
Severity : Critical
Impact : Remote Code Execution and then Security Feature Bypass
KBs : 4489868, 4489871, 4489872, 4489873, 4489878, 4489880, 4489881, 4489882, 4489886, 4489891, 4489899
2. Product : Microsoft Edge
CVEs/Advisory : CVE-2019-0592, CVE-2019-0609, CVE-2019-0611, CVE-2019-0612, CVE-2019-0639, CVE-2019-0678, CVE-2019-0746, CVE-2019-0762, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0779, CVE-2019-0780
Severity : Critical
Impact : Elevation of Privilege, Information Disclosure, Remote Code Execution and then Security Feature Bypass
KBs : 4489868, 4489871, 4489872, 4489882, 4489886, 4489899
3. Product : Microsoft Windows
CVEs/Advisory : ADV190009, CVE-2019-0603, CVE-2019-0614, CVE-2019-0617, CVE-2019-0682, CVE-2019-0683, CVE-2019-0689, CVE-2019-0690, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694, CVE-2019-0695, CVE-2019-0696, CVE-2019-0697, CVE-2019-0698, CVE-2019-0701, CVE-2019-0702, CVE-2019-0703, CVE-2019-0704, CVE-2019-0726, CVE-2019-0754, CVE-2019-0755, CVE-2019-0756, CVE-2019-0759, CVE-2019-0765, CVE-2019-0766, CVE-2019-0767, CVE-2019-0772, CVE-2019-0774, CVE-2019-0775, CVE-2019-0776, CVE-2019-0782, CVE-2019-0784, CVE-2019-0797, CVE-2019-0808, CVE-2019-0821
Severity : Critical
Impact : Denial of Service, Elevation of Privilege, Information Disclosure and then Remote Code Execution
KBs : 4474419, 4489868, 4489871, 4489872, 4489876, 4489878, 4489880, 4489881, 4489882, 4489883, 4489884, 4489885, 4489886, 4489891, 4489899
4. Product : Microsoft Office and Microsoft Office SharePoint
CVEs/Advisory : CVE-2019-0748, CVE-2019-0778, CVE-2019-0798
Severity : Important
Impact : Remote Code Execution, Spoofing and then Tampering
KBs : 4462208, 4462211, 4462226
5. Product : ChakraCore
CVEs/Advisory : CVE-2019-0592, CVE-2019-0609, CVE-2019-0611, CVE-2019-0639, CVE-2019-0746, CVE-2019-0769, CVE-2019-0771, CVE-2019-0773
Severity : Critical
Impact : Elevation of Privilege, Information Disclosure and then Remote Code Execution
6. Product : Team Foundation Server
CVEs/Advisory : CVE-2019-0777
Severity : Low
Impact : Spoofing
7. Product : Adobe Flash Player
CVEs/Advisory : ADV190008
Severity : Low
Impact : Defense in Depth
KBs : 4489907
8. Product : Skype for Business
CVEs/Advisory : CVE-2019-0798
Severity : Important
Impact : Spoofing
KBs : 3061064
9. Product : NuGet
CVEs/Advisory : CVE-2019-0757
Severity : Important
Impact : Tampering
10. Product : Visual Studio
CVEs/Advisory : CVE-2019-0757, CVE-2019-0809
Severity : Important
Impact : Tampering, Remote Code Execution
However, SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Also, Download Saner now and keep your systems updated and secure.