Microsoft 12 marca 2019 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 64 poprawki bezpieczeństwa, w tym 15 poprawek oznaczonych jako krytyczne.

Aktualizacje naprawiają luki m.in. w:

  • Active Directory
  • Adobe Flash Player
  • Azure
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Exchange Server
  • Microsoft Scripting Engine
  • Microsoft Visual Studio
  • Microsoft Dynamics
  • Windows DHCP Client
  • Windows Kernel

Najistotniejszymi podatnościami, które zostały naprawione są:

CVE-2019-0808, CVE-2019-0797 – luka spowodowana niepoprawną obsługą obiektów w pamięci przez sterownik Win32k. Aby wykorzystać tę podatność, atakujący musi być zalogowany do systemu, uruchomić spreparowaną aplikację. Luka umożliwia instalacje programów, przeglądanie/zmianę/usunięcie danych lub tworzenie nowych kont z pełnymi uprawnieniami.

CVE-2019-0754 – luka wywołująca odmowę usługi (DoS) spowodowana błędną obsługą obiektów w pamięci przez system. Atakujący, może spowodować, że system docelowy przestanie odpowiadać.

Poniżej przedstawiamy szczegółowe zestawienie aktualizacji:

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Active Directory Elevation of Privilege Vulnerability
CVE-2019-0683 Yes No Important 4.9 4.4
Azure SSH Keypairs Security Feature Bypass Vulnerability
CVE-2019-0816 No No Less Likely Less Likely Moderate
Best Practices Regarding Sharing of a Single User Account Across Multiple Users
ADV190010 No No
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-0611 No No Important 4.3 3.9
CVE-2019-0746 No No Less Likely Less Likely Important 6.4 5.8
CVE-2019-0592 No No Critical 4.2 3.8
Comctl32 Remote Code Execution Vulnerability
CVE-2019-0765 No No Less Likely Less Likely Important 6.4 5.8
Internet Explorer Memory Corruption Vulnerability
CVE-2019-0763 No No More Likely More Likely Critical 6.4 5.8
Internet Explorer Security Feature Bypass Vulnerability
CVE-2019-0761 No No Less Likely Less Likely Important
CVE-2019-0768 No No More Likely More Likely Important 4.3 3.9
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-0617 No No Less Likely Less Likely Important 7.8 7.0
Latest Servicing Stack Updates
ADV990001 No No Critical
MS XML Remote Code Execution Vulnerability
CVE-2019-0756 No No Less Likely Less Likely Critical 7.5 6.7
March 2019 Adobe Flash Security Update
ADV190008 No No More Likely More Likely Low
Microsoft Browser Memory Corruption Vulnerability
CVE-2019-0780 No No Important 6.4 5.8
Microsoft Browsers Security Feature Bypass Vulnerability
CVE-2019-0762 No No Important 2.4 2.2
Microsoft Edge Elevation of Privilege Vulnerability
CVE-2019-0678 No No Important 4.2 3.8
Microsoft Edge Memory Corruption Vulnerability
CVE-2019-0779 No No Important 4.2 3.8
Microsoft Edge Security Feature Bypass Vulnerability
CVE-2019-0612 No No Important 4.3 3.9
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2019-0748 No No Important
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-0778 No No Important
Microsoft Windows Elevation of Privilege Vulnerability
CVE-2019-0766 No No Less Likely Less Likely Important 6.7 6.7
NuGet Package Manager Tampering Vulnerability
CVE-2019-0757 Yes No Less Likely Less Likely Important
SHA-2 Code Sign Support Advisory
ADV190009 No No
Scripting Engine Memory Corruption Vulnerability
CVE-2019-0609 No No Critical 6.4 5.8
CVE-2019-0639 No No Critical 4.2 3.8
CVE-2019-0769 No No Critical 4.2 3.8
CVE-2019-0770 No No Critical 4.2 3.8
CVE-2019-0771 No No Critical 4.2 3.8
CVE-2019-0773 No No Critical 4.2 3.8
CVE-2019-0783 No No More Likely More Likely Important 6.4 5.8
CVE-2019-0680 No No Critical 6.4 5.8
Skype for Business and Lync Spoofing Vulnerability
CVE-2019-0798 No No Less Likely Less Likely Important
Team Foundation Server Cross-site Scripting Vulnerability
CVE-2019-0777 No No Less Likely Less Likely Low
Visual Studio Remote Code Execution Vulnerability
CVE-2019-0809 Yes No Less Likely Less Likely Important
Win32k Elevation of Privilege Vulnerability
CVE-2019-0797 No Yes Detected Unlikely Important 7.0 6.3
CVE-2019-0808 No Yes Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2019-0776 No No Less Likely Less Likely Important 4.7 4.2
Windows ActiveX Remote Code Execution Vulnerability
CVE-2019-0784 No No Less Likely Less Likely Critical 4.2 3.8
Windows DHCP Client Remote Code Execution Vulnerability
CVE-2019-0697 No No Less Likely Less Likely Critical 9.8 8.8
CVE-2019-0698 No No Less Likely Less Likely Critical 9.8 8.8
CVE-2019-0726 No No Less Likely Less Likely Critical 9.8 8.8
Windows Denial of Service Vulnerability
CVE-2019-0754 Yes No Less Likely Less Likely Important 5.5 5.0
Windows Deployment Services TFTP Server Remote Code Execution Vulnerability
CVE-2019-0603 No No Less Likely Less Likely Critical 7.5 6.7
Windows GDI Information Disclosure Vulnerability
CVE-2019-0774 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0614 No No Less Likely Less Likely Important 4.7 4.2
Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0690 No No Less Likely Less Likely Important 6.8 6.1
CVE-2019-0695 No No Less Likely Less Likely Important 6.8 6.1
CVE-2019-0701 No No Less Likely Less Likely Important 6.8 6.1
Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-0696 No No More Likely More Likely Important 7.0 6.3
Windows Kernel Information Disclosure Vulnerability
CVE-2019-0755 No No More Likely More Likely Important 5.5 5.0
CVE-2019-0767 No No More Likely More Likely Important 4.7 4.2
CVE-2019-0775 No No More Likely More Likely Important 4.7 4.2
CVE-2019-0782 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0702 No No Less Likely Less Likely Important 5.5 5.0
Windows Print Spooler Information Disclosure Vulnerability
CVE-2019-0759 No No Less Likely Less Likely Important 4.7 4.2
Windows SMB Information Disclosure Vulnerability
CVE-2019-0703 No No More Likely More Likely Important 6.5 5.9
CVE-2019-0704 No No More Likely More Likely Important 6.5 5.9
CVE-2019-0821 No No More Likely More Likely Important 6.5 5.9
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2019-0682 No No Less Likely Less Likely Important 7.0 6.3
CVE-2019-0689 No No Less Likely Less Likely Important 7.0 6.3
CVE-2019-0692 No No Less Likely Less Likely Important 7.0 6.3
CVE-2019-0693 No No Less Likely Less Likely Important 7.0 6.3
CVE-2019-0694 No No Less Likely Less Likely Important 7.0 6.3
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2019-0772 No No Less Likely Less Likely Important 6.4 5.8
CVE-2019-0665 No No More Likely More Likely Important 7.5 6.7
CVE-2019-0666 No No More Likely More Likely Critical 7.5 6.7
CVE-2019-0667 No No More Likely More Likely Critical 7.5 6.7