Microsoft Patch Tuesday Fixes Zero Day

Friday, February 15, 2019 @ 03:02 PM gHale

Microsoft released 77 monthly security fixes across its varied product lines for February, including a Zero Day in Internet Explorer, which is already undergoing exploits.

The Zero Day has a case number of CVE-2019-0676. An attacker who successfully exploited this vulnerability could look for files on disk, Microsoft officials said.

RELATED STORIES
Adobe Reader Zero Day Micropatch Released
Adobe Clears Experience Manager Holes
Flash by Default Ending in Firefox
‘Important’ Adobe Patch Tuesday

In addition, there are two vulnerabilities in the SMB (Server Message Block) protocol that can lead to remote code execution.

These holes have case numbers of CVE-2019-0630 and CVE-2019-0633. Attackers could can gain access to weakly secured networks after basic dictionary attacks.

In addition, there’s also a remote code execution vulnerability (CVE-2019-0626) in the DHCP server component included with Windows Servers.

Microsoft also patched CVE-2019-0686, which is also called PrivExchange. Proof-of-concept code for the PrivExchange vulnerability went out in January. The code exploited a bug in Microsoft Exchange 2013 and newer versions.



Leave a Reply

You must be logged in to post a comment.