View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Microsoft Patches 18 Critical Vulnerabilities: Here’s What to Prioritise

Two zero days being exploited in the wild

By CBR Staff Writer

Microsoft patches this week include fixes for 18 critical security  including remote code execution (RCE) vulnerabilities that impact Windows 10 and Windows Server 2019 and a zero day first spotted by Kaspersky Labs that was being actively exploited in the wild.

For the third month Microsoft has also patched high severity vulns in its Windows DHCP (Dynamic Host Configuration Protocol) client or Windows DHCP Server. The updates came as Patch Tuesday addressed 65 vulnerabilities.

Thirteen of the critical vulnerabilities are for scripting engines and browser components, impacting Microsoft browsers and Office. Along with the Windows DHCP Client issues, there were also patches for an RCE vuln in Windows Deployment Services TFTP Server and Privilege Escalation in Microsoft Dynamics 365.

Microsoft Patches: What to Prioritise

Zero-day vulnerabilities are previously unknown software bugs that can be exploited by attackers to breach a victim’s device and network. The highest profile new exploit uses a vulnerability in Microsoft Windows’ graphic subsystem to achieve local privilege escalation. This provides the attacker with full control over a victim’s computer.

Kaspersky Labs said in a release on Wednesday that it believes the detected exploit could have been used by several threat actors including FruityArmor and the recently discovered, apparently Middle East-based threat group SandCat.

Jimmy Graham, from cloud security specialist Qualys, told Computer Business Review in an emailed statement that alongside the zero day patch the following Microsoft patches should be prioritised to ensure security.

Workstation Patches

  • Browser, Scripting Engine, ActiveX, and MSXML patches should be prioritised for workstation-type devices, meaning any system that is used for email or to access the internet via a browser.

Windows DHCP Client

  • The Windows DHCP Client is used across workstations and servers. Deployment of patches to cover the three RCE vulnerabilities should be prioritised for all Windows systems.

Windows Deployment Services TFTP Server

  • If you are using Windows Deployment Services, this patch should be prioritised, as exploitation could lead to remote code execution on the affected host.

Microsoft Dynamics 365

  • On-prem deployments of Microsoft Dynamics 365 are vulnerable to privilege escalation, and patching for these systems should also be prioritised.

With regard to the DHCP vulnerabilities, Allan Liska, senior solutions architect at Recorded Future said: “To this point Recorded Future has not seen Microsoft’s DHCP vulnerabilities exploited in the wild, as they are often difficult to take advantage of, and the access to do so generally means there are easier ways to deploy malware.”

Content from our partners
Why enterprises of all sizes must  embrace smart manufacturing solutions
European Technology Leadership: Deutsche Bank CTO Gordon Mackechnie
Print’s role in driving the environmental agenda

He added: “Microsoft also released several patches for Microsoft Edge this month, including CVE-2019-0769, CVE-2019-0770, CVE-2019-0771 and CVE-2019-0773. All of these vulnerabilities are ChakraCore scripting engine vulnerabilities…”

A second Win32 kernel privilege escalation vulnerability, CVE-2019-0808, has also been exploited, but no POC exploit code has been released. This vulnerability impacts Windows 7 and Windows Server 2008. In both cases, an attacker would have to have access to the system to exploit the vulnerability, but once they have access and exploit it would give the attacker full control of the system.

See also: Patch Tuesday (February 2019): Microsoft Resolves 74 Unique CVEs

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU