Get a virtual number for receiving sms for free online on the SIMmonline server!
One of the zero days is CVE-2019-0808, which the Google Threat Analysis Team told Microsoft when they saw it being used in targeted attacks along with a zero day affecting Chrome.
According to Microsoft, a vulnerability that affects the Win32k component allows an authenticated attacker to escalate privileges and execute arbitrary code in kernel mode.
It seems that this vulnerability only affects Windows 7 and Windows Server 2008. Google says that Windows 10 is not affected by the measures taken to eliminate the vulnerabilities introduced by Microsoft in the latest version of the operating system.
No information was provided about the attacks associated with this vulnerability. However, it is worth noting that this is the second month in a row when Microsoft fixes a zero day detected by the Google Threat Analysis Group. Last month's patches fixed Internet Explorer Day Zero.
Microsoft's second zero day fixed on Tuesday is CVE-2019-0797, another Win32k privilege escalation vulnerability.
Unlike CVE-2019-0808, this issue affects Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2016, and Windows Server 2019. However, Microsoft’s recommendations indicate that the company believes that the operation is unlikely with respect to the latest versions of Windows .
Kaspersky Lab reported this security hole to Microsoft. It is believed that this flaw was used by two groups of threats in targeted attacks.
Four vulnerabilities fixed by Microsoft on Tuesday were published prior to the release of the hotfix. This includes a denial of service (DoS) vulnerability in Windows, an elevation of privilege vulnerability in Active Directory, a remote code execution error in Visual Studio, and a vulnerability in the open source package manager NuGet for Linux and Mac. All detected vulnerabilities were classified by Microsoft as “important”.
Recent updates address a total of 17 critical vulnerabilities affecting Windows Microsoft Edge and Internet Explorer web browsers. The list contains three remote code execution errors in the Windows DHCP client.
“These errors are particularly effective because they do not require user interaction - the attacker sends a specially crafted response to the client - and each OS has a DHCP client. It is likely that a man-in-the-middle component may be required to execute the attack correctly, but a successful exploit will have far-reaching consequences, ”ZDI Trend Micro explained in a blog post that summarizes Microsoft fixes.
The Adobe Patch Tuesday updates for March 2019 correct two critical flaws affecting Photoshop CC and Digital Editions, but the company believes that they are unlikely to be used. The software giant has also recently fixed some vulnerabilities in one of its sandbox services.