https://www.darkreading.com/threat-intelligence/microsoft-patch-tuesday-64-vulnerabilities-patched-2-under-attack/d/d-id/1334141
By Kelly Sheridan
Dark Reading
3/12/2019
Microsoft today rolled out security fixes for 64 security vulnerabilities along
with four security advisories.
Of the bugs patched, 17 are rated critical, 45 are important, one moderate, and
one low in severity. Four vulnerabilities are publicly known; two have been
exploited in the wild. This month's patches cover Microsoft Windows, Office
Services and Web Apps, Internet Explorer, Edge, Exchange Server, ChakraCore,
the .NET Framework, Team Foundation Services, and NuGet package manager.
The vulns being used in attacks are two zero-day elevation of privilege
vulnerabilities in Windows, both rated important, that enable an attacker with
system access to escalate their privileges and take over the system.
The first, CVE-2019-0797, was reported by Kaspersky Lab and affects Windows 8,
Windows 10, and Windows Server versions 2012, 2016, and 2019. The second,
CVE-2019-0808, was reported by the Google Threat Analysis Group. Researchers
recently discovered attackers leveraging a Google Chrome vulnerability
(CVE-2019-5786) along with the Microsoft flaw to attack systems.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
