View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
March 13, 2019updated 21 Aug 2023 3:44pm

Microsoft Patches 18 Critical Vulnerabilities: Here’s What to Prioritise

Two zero days being exploited in the wild

By CBR Staff Writer

Microsoft patches this week include fixes for 18 critical security  including remote code execution (RCE) vulnerabilities that impact Windows 10 and Windows Server 2019 and a zero day first spotted by Kaspersky Labs that was being actively exploited in the wild.

For the third month Microsoft has also patched high severity vulns in its Windows DHCP (Dynamic Host Configuration Protocol) client or Windows DHCP Server. The updates came as Patch Tuesday addressed 65 vulnerabilities.

Thirteen of the critical vulnerabilities are for scripting engines and browser components, impacting Microsoft browsers and Office. Along with the Windows DHCP Client issues, there were also patches for an RCE vuln in Windows Deployment Services TFTP Server and Privilege Escalation in Microsoft Dynamics 365.

Microsoft Patches: What to Prioritise

Zero-day vulnerabilities are previously unknown software bugs that can be exploited by attackers to breach a victim’s device and network. The highest profile new exploit uses a vulnerability in Microsoft Windows’ graphic subsystem to achieve local privilege escalation. This provides the attacker with full control over a victim’s computer.

Kaspersky Labs said in a release on Wednesday that it believes the detected exploit could have been used by several threat actors including FruityArmor and the recently discovered, apparently Middle East-based threat group SandCat.

Jimmy Graham, from cloud security specialist Qualys, told Computer Business Review in an emailed statement that alongside the zero day patch the following Microsoft patches should be prioritised to ensure security.

Workstation Patches

  • Browser, Scripting Engine, ActiveX, and MSXML patches should be prioritised for workstation-type devices, meaning any system that is used for email or to access the internet via a browser.

Windows DHCP Client

  • The Windows DHCP Client is used across workstations and servers. Deployment of patches to cover the three RCE vulnerabilities should be prioritised for all Windows systems.

Windows Deployment Services TFTP Server

  • If you are using Windows Deployment Services, this patch should be prioritised, as exploitation could lead to remote code execution on the affected host.

Microsoft Dynamics 365

  • On-prem deployments of Microsoft Dynamics 365 are vulnerable to privilege escalation, and patching for these systems should also be prioritised.

With regard to the DHCP vulnerabilities, Allan Liska, senior solutions architect at Recorded Future said: “To this point Recorded Future has not seen Microsoft’s DHCP vulnerabilities exploited in the wild, as they are often difficult to take advantage of, and the access to do so generally means there are easier ways to deploy malware.”

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

He added: “Microsoft also released several patches for Microsoft Edge this month, including CVE-2019-0769, CVE-2019-0770, CVE-2019-0771 and CVE-2019-0773. All of these vulnerabilities are ChakraCore scripting engine vulnerabilities…”

A second Win32 kernel privilege escalation vulnerability, CVE-2019-0808, has also been exploited, but no POC exploit code has been released. This vulnerability impacts Windows 7 and Windows Server 2008. In both cases, an attacker would have to have access to the system to exploit the vulnerability, but once they have access and exploit it would give the attacker full control of the system.

Read more: Microsoft is now a cybersecurity titan. That could be a problem

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.