Microsoft's March round of security updates for its Windows operating system is patching no fewer than 17 flaws rated as critical, with two others known to be exploited in the wild by attackers.
The two exploited vulnerabilites affect the Windows win32k.sys kernel driver, and are very similar privilege escalation bugs.
They have been given the Common Vulnerabilities and Exposures indexes of CVE-2019-0797 and CVE-2019-0808; security vendor Kaspersky Labs discovered the former, and Google's Threat Analysis Group the latter, which was exploited in combination with a flaw in its Chrome web browser on Windows.
Microsoft is again patching vulnerabilites in the dynamic host control protocol (DHCP) client for Windows, with three flaws allowing remote code execution.
A malicious DHCP server sending specially crafted responses to unpatched clients can exploit the three vulnerabilities to fully take over the target systems.
The DHCP flaws are rated as 9.8 out of 10 on the Common Vulnerabilities Scoring System.