SIMonline

Service receive & sending SMS

Microsoft Patch Tuesday fixes over 60 vulnerabilities in your PC

1706   |     /   Programs

Microsoft Patch Tuesday fixes over 60 vulnerabilities in your PC
March 2019 Microsoft Patch Tuesday updates address more than 60 vulnerabilities, including two zero-day Windows flaws that were used in targeted attacks.




Get a virtual number for receiving sms for free online on the SIMmonline server!

One of the zero days is CVE-2019-0808, which the Google Threat Analysis Team told Microsoft when they saw it being used in targeted attacks along with a zero day affecting Chrome.

According to Microsoft, a vulnerability that affects the Win32k component allows an authenticated attacker to escalate privileges and execute arbitrary code in kernel mode.

It seems that this vulnerability only affects Windows 7 and Windows Server 2008. Google says that Windows 10 is not affected by the measures taken to eliminate the vulnerabilities introduced by Microsoft in the latest version of the operating system.

No information was provided about the attacks associated with this vulnerability. However, it is worth noting that this is the second month in a row when Microsoft fixes a zero day detected by the Google Threat Analysis Group. Last month's patches fixed Internet Explorer Day Zero.

Microsoft's second zero day fixed on Tuesday is CVE-2019-0797, another Win32k privilege escalation vulnerability.

Unlike CVE-2019-0808, this issue affects Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2016, and Windows Server 2019. However, Microsoft’s recommendations indicate that the company believes that the operation is unlikely with respect to the latest versions of Windows .

Kaspersky Lab reported this security hole to Microsoft. It is believed that this flaw was used by two groups of threats in targeted attacks.

Four vulnerabilities fixed by Microsoft on Tuesday were published prior to the release of the hotfix. This includes a denial of service (DoS) vulnerability in Windows, an elevation of privilege vulnerability in Active Directory, a remote code execution error in Visual Studio, and a vulnerability in the open source package manager NuGet for Linux and Mac. All detected vulnerabilities were classified by Microsoft as “important”.

Recent updates address a total of 17 critical vulnerabilities affecting Windows Microsoft Edge and Internet Explorer web browsers. The list contains three remote code execution errors in the Windows DHCP client.

“These errors are particularly effective because they do not require user interaction - the attacker sends a specially crafted response to the client - and each OS has a DHCP client. It is likely that a man-in-the-middle component may be required to execute the attack correctly, but a successful exploit will have far-reaching consequences, ”ZDI Trend Micro explained in a blog post that summarizes Microsoft fixes.

The Adobe Patch Tuesday updates for March 2019 correct two critical flaws affecting Photoshop CC and Digital Editions, but the company believes that they are unlikely to be used. The software giant has also recently fixed some vulnerabilities in one of its sandbox services.


Similar news


Selling SSL / TLS Certificates on Dark Web

SSL, TLS certificates and related services can be easily obtained on dark web sites, according to an academic study sponsored by Venafi, a company specializing in the protection of cryptographic keys and digital certificates.

PDF Signature Vulnerability

Researchers have warned that many popular PDF viewers and online verification services contain vulnerabilities that can be used to make unauthorized changes to signed PDF documents without losing their signature.

Windows servers are vulnerable to DoS attacks, Microsoft warns

Microsoft told users that Windows servers running IIS are vulnerable to denial of service (DoS) attacks based on malicious HTTP / 2 requests.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2018 - 2024

All rights reserved