Microsoft’s Security Bulletin for March Patches That Fix 68 Security Vulnerabilities Threat Alert

Microsoft’s Security Bulletin for March Patches That Fix 68 Security Vulnerabilities Threat Alert

March 20, 2019 | Adeline Zhang

Overview  

Microsoft released the March 2019 security patch on Tuesday that fixes 68 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Active Directory, Adobe Flash Player, Azure, Internet Explorer, Microsoft Browsers, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft XML, NuGet, Servicing Stack Updates, Skype for Business, Team Foundation Server, Visual Studio, Windows DHCP Client, Windows Hyper-V, Windows Kernel, Windows Kernel-Mode Drivers, Windows Print Spooler Components, Windows SMB Server, and Windows Subsystem for Linux.

Details can be found in the following table.

Product CVE ID CVE Title Severity Level
Active Directory CVE-2019-0683 Active Directory Privilege Escalation Vulnerability Important
Adobe Flash Player ADV190008 March 2019 Adobe Flash Security Update Low
Azure CVE-2019-0816 Azure SSH Keypairs Security Feature Bypass Vulnerability Moderate
Internet Explorer CVE-2019-0761 Internet Explorer Security Feature Bypass Vulnerability Low
Internet Explorer CVE-2019-0763 Internet Explorer Memory Corruption Vulnerability Moderate
Internet Explorer CVE-2019-0768 Internet Explorer Security Feature Bypass Vulnerability Important
Microsoft Browsers CVE-2019-0762 Microsoft Browsers Security Feature Bypass Vulnerability Low
Microsoft Browsers CVE-2019-0780 Microsoft Browser Memory Corruption Vulnerability Important
Microsoft Edge CVE-2019-0612 Microsoft Edge Security Feature Bypass Vulnerability Important
Microsoft Edge CVE-2019-0678 Microsoft Edge Privilege Escalation Vulnerability Important
Microsoft Edge CVE-2019-0779 Microsoft Edge Memory Corruption Vulnerability Important
Microsoft Graphics Component CVE-2019-0774 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0797 Win32k Privilege Escalation Vulnerability Important
Microsoft Graphics Component CVE-2019-0808 Win32k Privilege Escalation Vulnerability Important
Microsoft Graphics Component CVE-2019-0614 Windows GDI Information Disclosure Vulnerability Important
Microsoft JET Database Engine CVE-2019-0617 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0748 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2019-0778 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Scripting Engine CVE-2019-0609 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0611 Chakra Scripting Engine Memory Corruption Vulnerability Low
Microsoft Scripting Engine CVE-2019-0639 Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-0746 Chakra Scripting Engine Memory Corruption Vulnerability Important
Microsoft Scripting Engine CVE-2019-0769 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0770 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0771 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0772 Windows VBScript Engine Remote Code Execution Vulnerability Important
Microsoft Scripting Engine CVE-2019-0773 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0783 Scripting Engine Memory Corruption Vulnerability Important
Microsoft Scripting Engine CVE-2019-0592 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0665 Windows VBScript Engine Remote Code Execution Vulnerability Important
Microsoft Scripting Engine CVE-2019-0666 Windows VBScript Engine Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0667 Windows VBScript Engine Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0680 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2019-0754 Windows Denial-of-Service Vulnerability Important
Microsoft Windows CVE-2019-0765 Comctl32 Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2019-0766 Microsoft Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0784 Windows ActiveX Remote Code Execution Vulnerability Critical
Microsoft Windows ADV190009 SHA-2 Code Sign Support Advisory Unknown
Microsoft Windows ADV190010 Best Practices Regarding Sharing of a Single User Account Across Multiple Users Unknown
Microsoft Windows CVE-2019-0603 Windows Deployment Services TFTP Server Remote Code Execution Vulnerability Critical
Microsoft XML CVE-2019-0756 MS XML Remote Code Execution Vulnerability Critical
NuGet CVE-2019-0757 NuGet Package Manager Tampering Vulnerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Skype for Business CVE-2019-0798 Skype for Business and Lync Spoofing Vulnerability Important
Team Foundation Server CVE-2019-0777 Team Foundation Server Cross-site Scripting Vulnerability Low
Visual Studio CVE-2019-0809 Visual Studio Remote Code Execution Vulnerability Important
Windows DHCP Client CVE-2019-0697 Windows DHCP Client Remote Code Execution Vulnerability Critical
Windows DHCP Client CVE-2019-0698 Windows DHCP Client Remote Code Execution Vulnerability Critical
Windows DHCP Client CVE-2019-0726 Windows DHCP Client Remote Code Execution Vulnerability Critical
Windows Hyper-V CVE-2019-0690 Windows Hyper-V Denial-of-Service Vulnerability Important
Windows Hyper-V CVE-2019-0695 Windows Hyper-V Denial-of-Service Vulnerability Important
Windows Hyper-V CVE-2019-0701 Windows Hyper-V Denial-of-Service Vulnerability Important
Windows Kernel CVE-2019-0755 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-0767 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-0775 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-0782 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-0696 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-0702 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel-Mode Drivers CVE-2019-0776 Win32k Information Disclosure Vulnerability Important
Windows Print Spooler Components CVE-2019-0759 Windows Print Spooler Information Disclosure Vulnerability Important
Windows SMB Server CVE-2019-0703 Windows SMB Information Disclosure Vulnerability Important
Windows SMB Server CVE-2019-0704 Windows SMB Information Disclosure Vulnerability Important
Windows SMB Server CVE-2019-0821 Windows SMB Information Disclosure Vulnerability Important
Windows Subsystem for Linux CVE-2019-0682 Windows Subsystem for Linux Privilege Escalation Vulnerability Important
Windows Subsystem for Linux CVE-2019-0689 Windows Subsystem for Linux Privilege Escalation Vulnerability Important
Windows Subsystem for Linux CVE-2019-0692 Windows Subsystem for Linux Privilege Escalation Vulnerability Important
Windows Subsystem for Linux CVE-2019-0693 Windows Subsystem for Linux Privilege Escalation Vulnerability Important
Windows Subsystem for Linux CVE-2019-0694 Windows Subsystem for Linux Privilege Escalation Vulnerability Important

 

Recommended Mitigation Measures

Microsoft has released the January 2019 security patch to fix these issues. Please install the patch as soon as possible.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

https://www.nsfocusglobal.com.

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

Download:  Security Bulletin for March Patches That Fix 68 Security Vulnerabilities Threat Alert