Microsoft has issued its second Patch Tuesday for this year to address a total of 77 CVE-listed security vulnerabilities in its Windows operating systems and other products, 20 of which are rated critical, 54 important and 3 moderate in severity.February security update addresses flaws in Adobe Flash Player, Internet Explorer, Edge, Windows, MS Office, and Office Services and Web Apps, ChakraCore, .NET Framework, Exchange Server, Visual Studio, Azure IoT SDK, Dynamics, Team Foundation Server, and Visual Studio Code.Four of the security vulnerabilities patched by the tech giant this month have been reported as being publicly known at the time of release, and one is being actively exploited in the wild.
The vulnerability actively being exploited in the wild is rated as important and resides in the way Internet Explorer handles objects in the memory.An attacker can trick victims into landing on a specially crafted website and exploit this vulnerability, identified as CVE-2019-0676, to check for files on a target system, leading to information disclosure.Though Microsoft has not yet shared any details about the malicious campaign exploiting this flaw, the vulnerability likely restricted to targeted attacks.One of the publicly disclosed flaws but not exploited in the wild, identified as CVE-2019-0636 and rated as important, concerns an information vulnerability in Windows operating system that could allow an attacker to read the contents of files on disk.
“An information vulnerability exists when Windows improperly discloses file information,” Microsoft says in its advisory. “To exploit the vulnerability, an attacker would have to log onto an affected system and run a specially crafted application.”

As expected, almost each of the listed critical-rated vulnerabilities leads to remote code execution attacks and primarily impact various versions of Windows 10 and Server editions.
Though there is no public exploit, the critical remote code execution vulnerabilities in …

Go to Source


Comments are closed.