Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack


Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild.



Microsoft today rolled out security fixes for 64 security vulnerabilities along with four security advisories.
Of the bugs patched, 17 are rated critical, 45 are important, one moderate, and one low in severity. Four vulnerabilities are publicly known; two have been exploited in the wild. This months patches cover Microsoft Windows, Office Services and Web Apps, Internet Explorer, Edge, Exchange Server, ChakraCore, the .NET Framework, Team Foundation Services, and NuGet package manager.
The vulns being used in attacks are two zero-day elevation of privilege vulnerabilities in Windows, both rated important, that enable an attacker with system access to escalate their privileges and take over the system.
The first, CVE-2019-0797, was reported by Kaspersky Lab and affects Windows 8, Windows 10, and Windows Server versions 2012, 2016, and 2019. The second, CVE-2019-0808, was reported by the Google Threat Analysis Group. Researchers recently
discovered
attackers leveraging a Google Chrome vulnerability (CVE-2019-5786) along with the Microsoft flaw to attack systems.
While bugs in Win32k are rated Important due to the access requirement, the impact of successful attacks shows why they shouldnt be ignored,
writes
Dustin Childs of Trend Micros Zero-Day Initiative.
This is the third month in a row Microsoft has issued multiple patches for its Windows Server DHCP service. It
started
the year fixing RCE vulnerability CVE-2019-0547 in January. The following month it released
CVE-2019-0626
to patch a memory corruption bug in its DHCP service that would let a successful attacker run arbitrary code on a target DHCP server.
There are three Windows DHCP Client Remote Code Execution vulnerabilities with a 9.8 CVSS score in this months release, noted Satnam Narang, senior research engineer at Tenable, who said the continuance of this patching trend signals increased attention on finding DHCP bugs.
Now, March brings CVE-2019-0697, CVE-2019-0698, and CVE-2019-0726. Each patch addresses a bug that could let attackers execute code on target systems. Its worth noting none of these vulnerabilities, all rated critical, require user interaction. An attacker could send specially crafted DHCP responses to a client in order to exploit the bug and gain system access.
Deployment of patches to cover the three RCE vulnerabilities should be prioritized for all Windows systems, said Jimmy Graham, director of product management for Qualys.
Other critical bugs addressed today exist in Chakra Scripting Engine, VBScript Engine, and Internet Explorer.
The day before it released its latest wave of security fixes, Microsoft announced a new Windows 10 feature that automatically uninstalls updates that fail as a result of incompatibility or new software problems. If this happens, users will see a notification saying We removed some recently installed updates to recover your device from a startup failure,
says Microsoft
.
This step is only taken if all other automatic recovery has proven unsuccessful.
Related Content:
5 Essentials for Securing and Managing Windows 10
The 12 Worst Serverless Security Risks
3 Places Security Teams Are Wasting Time
6 Tips for Getting the Most from Your VPN
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ Veritabile Defecte de Proiectare a Securitatii in Software -> Top 10 Software Security Design Flaws ◂
Discovered: 23/12/2024
Category: security

▸ Sony, XBox Targeted by DDoS Attacks, Hacktivist Threats ◂
Discovered: 23/12/2024
Category: security

▸ There are plenty of online tools for reporting bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack