Microsoft's Security Bulletin for March Patches That Fix 68 Security Vulnerabilities Threat Alert - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.

Microsoft’s Security Bulletin for March Patches That Fix 68 Security Vulnerabilities Threat Alert

March 20, 2019 | Adeline Zhang

Overview

Microsoft released the March 2019 security patch on Tuesday that fixes 68 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Active Directory, Adobe Flash Player, Azure, Internet Explorer, Microsoft Browsers, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft XML, NuGet, Servicing Stack Updates, Skype for Business, Team Foundation Server, Visual Studio, Windows DHCP Client, Windows Hyper-V, Windows Kernel, Windows Kernel-Mode Drivers, Windows Print Spooler Components, Windows SMB Server, and Windows Subsystem for Linux.

Details can be found in the following table.

Product	CVE ID	CVE Title	Severity Level
Active Directory	CVE-2019-0683	Active Directory Privilege Escalation Vulnerability	Important
Adobe Flash Player	ADV190008	March 2019 Adobe Flash Security Update	Low
Azure	CVE-2019-0816	Azure SSH Keypairs Security Feature Bypass Vulnerability	Moderate
Internet Explorer	CVE-2019-0761	Internet Explorer Security Feature Bypass Vulnerability	Low
Internet Explorer	CVE-2019-0763	Internet Explorer Memory Corruption Vulnerability	Moderate
Internet Explorer	CVE-2019-0768	Internet Explorer Security Feature Bypass Vulnerability	Important
Microsoft Browsers	CVE-2019-0762	Microsoft Browsers Security Feature Bypass Vulnerability	Low
Microsoft Browsers	CVE-2019-0780	Microsoft Browser Memory Corruption Vulnerability	Important
Microsoft Edge	CVE-2019-0612	Microsoft Edge Security Feature Bypass Vulnerability	Important
Microsoft Edge	CVE-2019-0678	Microsoft Edge Privilege Escalation Vulnerability	Important
Microsoft Edge	CVE-2019-0779	Microsoft Edge Memory Corruption Vulnerability	Important
Microsoft Graphics Component	CVE-2019-0774	Windows GDI Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2019-0797	Win32k Privilege Escalation Vulnerability	Important
Microsoft Graphics Component	CVE-2019-0808	Win32k Privilege Escalation Vulnerability	Important
Microsoft Graphics Component	CVE-2019-0614	Windows GDI Information Disclosure Vulnerability	Important
Microsoft JET Database Engine	CVE-2019-0617	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-0748	Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2019-0778	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Scripting Engine	CVE-2019-0609	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0611	Chakra Scripting Engine Memory Corruption Vulnerability	Low
Microsoft Scripting Engine	CVE-2019-0639	Scripting Engine Memory Corruption Vulnerability	Moderate
Microsoft Scripting Engine	CVE-2019-0746	Chakra Scripting Engine Memory Corruption Vulnerability	Important
Microsoft Scripting Engine	CVE-2019-0769	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0770	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0771	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0772	Windows VBScript Engine Remote Code Execution Vulnerability	Important
Microsoft Scripting Engine	CVE-2019-0773	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0783	Scripting Engine Memory Corruption Vulnerability	Important
Microsoft Scripting Engine	CVE-2019-0592	Chakra Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0665	Windows VBScript Engine Remote Code Execution Vulnerability	Important
Microsoft Scripting Engine	CVE-2019-0666	Windows VBScript Engine Remote Code Execution Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0667	Windows VBScript Engine Remote Code Execution Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-0680	Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Windows	CVE-2019-0754	Windows Denial-of-Service Vulnerability	Important
Microsoft Windows	CVE-2019-0765	Comctl32 Remote Code Execution Vulnerability	Important
Microsoft Windows	CVE-2019-0766	Microsoft Windows Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-0784	Windows ActiveX Remote Code Execution Vulnerability	Critical
Microsoft Windows	ADV190009	SHA-2 Code Sign Support Advisory	Unknown
Microsoft Windows	ADV190010	Best Practices Regarding Sharing of a Single User Account Across Multiple Users	Unknown
Microsoft Windows	CVE-2019-0603	Windows Deployment Services TFTP Server Remote Code Execution Vulnerability	Critical
Microsoft XML	CVE-2019-0756	MS XML Remote Code Execution Vulnerability	Critical
NuGet	CVE-2019-0757	NuGet Package Manager Tampering Vulnerability	Important
Servicing Stack Updates	ADV990001	Latest Servicing Stack Updates	Critical
Skype for Business	CVE-2019-0798	Skype for Business and Lync Spoofing Vulnerability	Important
Team Foundation Server	CVE-2019-0777	Team Foundation Server Cross-site Scripting Vulnerability	Low
Visual Studio	CVE-2019-0809	Visual Studio Remote Code Execution Vulnerability	Important
Windows DHCP Client	CVE-2019-0697	Windows DHCP Client Remote Code Execution Vulnerability	Critical
Windows DHCP Client	CVE-2019-0698	Windows DHCP Client Remote Code Execution Vulnerability	Critical
Windows DHCP Client	CVE-2019-0726	Windows DHCP Client Remote Code Execution Vulnerability	Critical
Windows Hyper-V	CVE-2019-0690	Windows Hyper-V Denial-of-Service Vulnerability	Important
Windows Hyper-V	CVE-2019-0695	Windows Hyper-V Denial-of-Service Vulnerability	Important
Windows Hyper-V	CVE-2019-0701	Windows Hyper-V Denial-of-Service Vulnerability	Important
Windows Kernel	CVE-2019-0755	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2019-0767	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2019-0775	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2019-0782	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2019-0696	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2019-0702	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel-Mode Drivers	CVE-2019-0776	Win32k Information Disclosure Vulnerability	Important
Windows Print Spooler Components	CVE-2019-0759	Windows Print Spooler Information Disclosure Vulnerability	Important
Windows SMB Server	CVE-2019-0703	Windows SMB Information Disclosure Vulnerability	Important
Windows SMB Server	CVE-2019-0704	Windows SMB Information Disclosure Vulnerability	Important
Windows SMB Server	CVE-2019-0821	Windows SMB Information Disclosure Vulnerability	Important
Windows Subsystem for Linux	CVE-2019-0682	Windows Subsystem for Linux Privilege Escalation Vulnerability	Important
Windows Subsystem for Linux	CVE-2019-0689	Windows Subsystem for Linux Privilege Escalation Vulnerability	Important
Windows Subsystem for Linux	CVE-2019-0692	Windows Subsystem for Linux Privilege Escalation Vulnerability	Important
Windows Subsystem for Linux	CVE-2019-0693	Windows Subsystem for Linux Privilege Escalation Vulnerability	Important
Windows Subsystem for Linux	CVE-2019-0694	Windows Subsystem for Linux Privilege Escalation Vulnerability	Important

Recommended Mitigation Measures

Microsoft has released the January 2019 security patch to fix these issues. Please install the patch as soon as possible.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

https://www.nsfocusglobal.com.

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

Download: Security Bulletin for March Patches That Fix 68 Security Vulnerabilities Threat Alert