Fixes have been made on 64 security vulnerabilities as well as four security advisories. The patches cover a wide variety of Microsoft products such as Microsoft Windows, Office Services and Web Apps, Internet Explorer, Edge, Exchange Server, ChakraCore, the .NET Framework, Team Foundation Services, and NuGet package manager. Seventeen of these received a critical rating, 45 were rated important, one moderate, and another with a low severity rating. Only four of these bugs are publicly known, while two elevation of privilege vulnerabilities are being used in attacks. CVE-2019-0797 was the first to be reported and it was known to affect Windows 8, 10, as well as Server version 2012, 2016, and 2019. The second was CVE-2019-0808, which is a Windows zero-day that’s also coupled with a Chrome zero-day that allows attackers to escape the Chrome sandbox and inject a malicious payload on the targeted systems. In addition to these two zero-days, Microsoft also addressed three large scale vulnerabilities (CVE-2019-0697, CVE-2019-0698, and CVE-2019-0726) that were within Windows DHCP which essentially could lead to an attacker taking over machines that are vulnerable.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased