iTnews

Patch Wednesday plugs exploited Windows vulnerabilities

By Juha Saarinen on Mar 13, 2019 12:40PM
Patch Wednesday plugs exploited Windows vulnerabilities

Seventeen flaws rated critical.

Microsoft's March round of security updates for its Windows operating system is patching no fewer than 17 flaws rated as critical, with two others known to be exploited in the wild by attackers.

The two exploited vulnerabilites affect the Windows win32k.sys kernel driver, and are very similar privilege escalation bugs.

They have been given the Common Vulnerabilities and Exposures indexes of CVE-2019-0797 and CVE-2019-0808; security vendor Kaspersky Labs discovered the former, and Google's Threat Analysis Group the latter, which was exploited in combination with a flaw in its Chrome web browser on Windows.

Critical but not known to be exploited bugs handled this Patch Wednesday are remote code execution vulnerabilities in the Chakra Javascript engine, Windows TFTP deployment server, and memory corruption in the Windows scripting engine.

Microsoft is again patching vulnerabilites in the dynamic host control protocol (DHCP) client for Windows, with three flaws allowing remote code execution.

A malicious DHCP server sending specially crafted responses to unpatched clients can exploit the three vulnerabilities to fully take over the target systems.

The DHCP flaws are rated as 9.8 out of 10 on the Common Vulnerabilities Scoring System.

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
dhcpmicrosoftsecuritywin32ksyswindows

Partner Content

How a 'micro data centre' enables your business, your way
Promoted Content How a 'micro data centre' enables your business, your way
Teaching tech teams every step of implementing a machine learning project
Promoted Content Teaching tech teams every step of implementing a machine learning project
Vast majority of surveyed firms still rely on password authentication
Promoted Content Vast majority of surveyed firms still rely on password authentication
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Juha Saarinen
Mar 13 2019
12:40PM
0 Comments

Related Articles

  • Researchers patch Microsoft's 'Petitpotam' vulnerability patch
  • Wrong Windows file permissions allow admin privilege escalation
  • Microsoft says Israeli group sold tools to hack Windows
  • Researchers bypass Windows Hello facial recognition biometrics
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform

NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'

Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS

NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co's 250Mbps and gigabit growth is finally clear

Digital Nation

The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.