On Tuesday, Microsoft addressed 79 vulnerabilities and released three advisories. Out of the 79 vulnerabilities, 19 of them have received a critical severity classification. One of the main updates pertains to an elevation of privileges vulnerability (CVE-2019-0863) which was being exploited in the wild when it was discovered. The flaw involved the way Windows Error Reporting handled files. For it to be carried out successfully an attacker would first need access to the system through malware and manual attacks. “An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs, view, change, or delete data, or create new accounts with administrator privileges,” said researchers. Another one of the critical vulnerabilities that was patched involved a remote Desktop Services remote code-execution vulnerability (CVE-2019-0708). This specific bug received quite a bit of attention due to its similarities to WannaCry, the worldwide cyber-attack that occurred in May of 2017. They believe the vulnerability would mainly affect Windows 7, but patches have also been released for Windows XP and Server 2003. The vulnerabilities addressed cover a wide array of issues. A full list of the flaws can be found on Microsoft’s webpage.
If customers use a Windows product or operating system that is listed in any of the patches they should download the patch immediately. If there are questions or concerns, users can attempt to contact Microsoft directly, or seek help from another security professional in regard to the vulnerabilities and patches and how they may be affected by them.