Microsoft security updates  - Microsoft security updates - Microsoft Released Security Updates & Fixed More than 70 Flaws

new for February under patch Tuesday with the fixes for more than vulnerabilities that affected Microsoft products.

This is a secondsecurity update for this month and the first security advisory Microsoft releases on earlier of this month for the fixes of Privilege Escalation Vulnerability With Exchange Server.

Most of the vulnerabilities reported by various independent security researchers around the globe for the following Microsoft products.

  • Internet Explorer
  • Microsoft Edge
  • Microsoft
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Framework
  • Microsoft Exchange Server
  • Microsoft Visual Studio
  • Azure IoT SDK
  • Microsoft Dynamics
  • Team Foundation Server
  • Visual Studio Code

Microsoft an active Internet Explorer zero-day vulnerability (CVE-2019-0676) in the security updates and the bug allow attackers to send open a malicious website link to exploit the browser flaw.

Also in another bug critical bug in Microsoft’s Exchange Server  (CVE-2019-0686) allows a remote attacker with a simple mailbox account to gain administrator privileges.

A Remote code execution vulnerability (CVE-2019-0640) that affected Microsoft Edge browser scripting engine handles also fixed in this security updates.

Edge Flaw allows an attacker who successfully exploited the vulnerability could gain the same user rights as the current user and if the current user logged in as admin then it could lead an attack to gain admin level access and take full control of the affected system.

There are 18 vulnerabilities are marked as critical severity and the vulnerabilities categories under Remote Code Execution and script engine Memory Corruption.

Critical Vulnerabilities list

Scripting Engine
Memory Corruption Vulnerability
CVE--0655 Critical
Microsoft Edge Memory Corruption
Vulnerability
CVE-2019-0650 Critical
Scripting Engine Memory Corruption
Vulnerability
CVE-2019-0651 Critical
Scripting Engine Memory Corruption
Vulnerability
CVE-2019-0652 Critical
Microsoft Edge Memory Corruption
Vulnerability
 CVE-2019-0645 Critical
Scripting Engine Memory Corruption
Vulnerability
CVE-2019-0642 Critical
Scripting Engine Memory Corruption
Vulnerability
CVE-2019-0640 Critical
Windows DHCP Server Remote Code Execution
Vulnerability
CVE-2019-0626 Critical
GDI+ Remote Code Execution Vulnerability CVE-2019-0618 Critical
Microsoft SharePoint RCE Vulnerability  CVE-2019-0604 Critical
Scripting Engine Memory Corruption
Vulnerability
CVE-2019-0605 Critical
Internet Explorer Memory Corruption
Vulnerability
CVE-2019-0606 Critical
Scripting Engine Memory Corruption
Vulnerability
CVE-2019-0607 Critical
Scripting Engine Memory Corruption
Vulnerability
CVE-2019-0590 Critical
Scripting Engine Memory Corruption
Vulnerability
CVE-2019-0591 Critical
Scripting Engine Memory Corruption
Vulnerability
CVE-2019-0593 Critical
Microsoft SharePoint RCE Vulnerability CVE-2019-0594 Critical

Another fix Microsoft released for Critical DHCP vulnerability (CVE-2019-0626) this month that could allow an attacker to send a specially crafted packet to a DHCP server

Also, Microsoft fixed all the office vulnerabilities that include 19 security updates and 28 non-security updates.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here