Welcome to this March Patch Tuesday Bulletin. This month there are 63 unique CVE’s, 4 products with critical rated vulnerabilities, 2 vulnerabilities exploited in the wild, and 4 publicly disclosed vulnerabilities. Pay close attention to CVE-2019-0808 and CVE-2019-0797 since they are both Windows privilege escalation vulnerabilities being exploited in the wild. In order to exploit these vulnerabilities an attacker would need to execute a maliciously crafted application which would allow the attacker to execute code as a privileged user. The 4 publicly disclosed vulnerabilities affect Active Directory, Windows, Visual Studio, and the NuGet package manager. Exploitation is not rated likely for any of these platforms. This month would be a good time to start thinking about how you might detect and respond to attacks on zero-day vulnerabilities. You can’t prevent attacks on zero-day’s, but it is often possible to detect adversary activity and act swiftly.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.