March, 2019: Patch Tuesday: 2 Windows Elevation of Privilege Vulnerabilities Exploited in the Wild

Welcome to this March Patch Tuesday Bulletin. This month there are 63 unique CVE’s, 4 products with critical rated vulnerabilities, 2 vulnerabilities exploited in the wild, and 4 publicly disclosed vulnerabilities. Pay close attention to CVE-2019-0808 and CVE-2019-0797 since they are both Windows privilege escalation vulnerabilities being exploited in the wild. In order to exploit these vulnerabilities an attacker would need to execute a maliciously crafted application which would allow the attacker to execute code as a privileged user. The 4 publicly disclosed vulnerabilities affect Active Directory, Windows, Visual Studio, and the NuGet package manager. Exploitation is not rated likely for any of these platforms. This month would be a good time to start thinking about how you might detect and respond to attacks on zero-day vulnerabilities. You can’t prevent attacks on zero-day’s, but it is often possible to detect adversary activity and act swiftly.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Internet Explorer

IE 9, 10, 11

Critical

CVE-2019-0609

CVE-2019-0665

CVE-2019-0666

CVE-2019-0667

CVE-2019-0680

CVE-2019-0746

CVE-2019-0761

CVE-2019-0762

CVE-2019-0763

CVE-2019-0768

CVE-2019-0780

CVE-2019-0783

*Workaround: No

**Public: No

Exploited: No

 

Remote Code Execution

Security Feature Bypass

Edge

Edge

Critical

CVE-2019-0592

CVE-2019-0609

CVE-2019-0611

CVE-2019-0612

CVE-2019-0639

CVE-2019-0678

CVE-2019-0746

CVE-2019-0762

CVE-2019-0769

CVE-2019-0770

CVE-2019-0771

CVE-2019-0773

CVE-2019-0779

CVE-2019-0780

*Workaround: No

**Public: No

Exploited: No

Elevation of Privilege

Remote Code Execution

Information Disclosure

Security Feature Bypass

 

Windows

Windows 7, 8.1, RT 8.1, 10

Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019

 

Critical

CVE-2019-0603

CVE-2019-0614

CVE-2019-0617

CVE-2019-0682

CVE-2019-0683**

CVE-2019-0689

CVE-2019-0690

CVE-2019-0692

CVE-2019-0693

CVE-2019-0694

CVE-2019-0695

CVE-2019-0696

CVE-2019-0697

CVE-2019-0698

CVE-2019-0701

CVE-2019-0702

CVE-2019-0703

CVE-2019-0704

CVE-2019-0726

CVE-2019-0754**

CVE-2019-0755

CVE-2019-0756

CVE-2019-0759

CVE-2019-0765

CVE-2019-0766

CVE-2019-0767

CVE-2019-0772

CVE-2019-0774

CVE-2019-0775

CVE-2019-0776

CVE-2019-0782

CVE-2019-0784

CVE-2019-0797

CVE-2019-0808

CVE-2019-0821

*Workaround: No

**Public: Yes

Exploited: Yes

Defense in Depth

Remote Code Execution

Information Disclosure

Elevation of Privilege

Denial of Service

Office and Office SharePoint

Office 2010

SharePoint Server 2016

Important

CVE-2019-0748

CVE-2019-0778

*Workaround: No

**Public: No

Exploited: No

Remote Code Execution

Tampering

 

ChakraCore

ChakraCore

Critical

CVE-2019-0592

CVE-2019-0609

CVE-2019-0611

CVE-2019-0639

CVE-2019-0746

CVE-2019-0769

CVE-2019-0771

CVE-2019-0773

*Workaround: No

**Public: No

Exploited: No

Elevation of Privilege

Remote Code Execution

Information Disclosure

Team Foundation Server

Team Foundation Server 2017, 2018

Low

CVE-2019-0777

*Workaround: No

**Public: No

Exploited: No

Spoofing

Skype for Business

Skype for Business Server 2015

Important

CVE-2019-0798

*Workaround: No

**Public: No

Exploited: No

Spoofing

Visual Studio

Visual Studio 2017

Visual Studio for Mac

Important

CVE-2019-0757**

CVE-2019-0809**

*Workaround: No

**Public: Yes

Exploited: No

Tampering

Remote Code Execution

NuGet

NuGet 4.3.1, 4.4.2, 4.5.2, 4.6.3, 4.7.2, 4.8.2, 4.9.4

Important

CVE-2019-0757**

*Workaround: No

**Public: Yes

Exploited: No

Tampering


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.