March Patch Tuesday: Eliminate the Exploits
It's the second Tuesday of March, which means it's time for another round of Patch Tuesday security updates.
Microsoft has released 64 patches today covering IE, Edge, Exchange, Windows and Office. There are 17 rated Critical, 45 rated Important, 1 is rated Moderate and 1 is rated Low in severity—this is much less than last month’s release of over 80 updates, however there are still some surprises in this release to keep you busy.
Prioritize Now: Public Announced and Current Exploits
Four of the updates CVE-2019-0683, CVE-2019-0754, CVE-2019-0757 and CVE-2019-0809 are marked as “Publicly Disclosed” meaning there is an increased risk of attack in the very near future, and two updates CVE-2019-0797 & CVE-2019-0808 are marked as “Being Exploited” meaning you should prioritize them now.
Robert Brown, Director of Services for Verismic said, “You should treat these 6 updates with the highest importance, and you should especially treat CVE-2019-0797 & CVE-2019-0808 as a Zero Day because active exploits means actual attempts on your networks by those who wish to expose your data.”
Adobe Patches Flash, Photoshop and Digital Editions
Adobe has given a slight reprieve to IT managers this month by releasing only 3 updates: one for Flash, Photoshop and Digital Editions. Although these updates carry a Critical severity, they are ranked by Adobe with a Priority of 3 meaning administrators should install these updates at their discretion.
Features Updates Due for Retirement
On April 9, the Windows 10 feature update version 1709 will be due for retirement on Home, Pro and Pro for Workstations editions. If you are still using Enterprise or Education editions, you have another year to plan your upgrade.
Use Syxsense to organize and deploy Windows, third-party, Mac OS and Linux updates to keep your environment safe. Our clients love having control over when and where the scanning and deployment of updates takes place, providing peace of mind to any IT department.
Patch Tuesday Release
ID | Description | Severity | Publicly Announced | Actively Exploited | Recommended |
CVE-2019-0797 | Win32k Elevation of Privilege Vulnerability | Important | No | Yes | Yes |
CVE-2019-0808 | Win32k Elevation of Privilege Vulnerability | Important | No | Yes | Yes |
CVE-2019-0683 | Active Directory Elevation of Privilege Vulnerability | Important | Yes | No | Yes |
CVE-2019-0754 | Windows Denial of Service Vulnerability | Important | Yes | No | Yes |
CVE-2019-0757 | NuGet Package Manager Tampering Vulnerability | Important | Yes | No | Yes |
CVE-2019-0809 | Visual Studio Remote Code Execution Vulnerability | Important | Yes | No | Yes |
CVE-2019-0592 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
CVE-2019-0603 | Windows Deployment Services TFTP Server Remote Code Execution Vulnerability | Critical | No | No | Yes |
CVE-2019-0609 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
CVE-2019-0639 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
CVE-2019-0666 | Windows VBScript Engine Remote Code Execution Vulnerability | Critical | No | No | Yes |
CVE-2019-0667 | Windows VBScript Engine Remote Code Execution Vulnerability | Critical | No | No | Yes |
CVE-2019-0680 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
CVE-2019-0697 | Windows DHCP Client Remote Code Execution Vulnerability | Critical | No | No | Yes |
CVE-2019-0698 | Windows DHCP Client Remote Code Execution Vulnerability | Critical | No | No | Yes |
CVE-2019-0726 | Windows DHCP Client Remote Code Execution Vulnerability | Critical | No | No | Yes |
CVE-2019-0756 | MS XML Remote Code Execution Vulnerability | Critical | No | No | Yes |
CVE-2019-0763 | Internet Explorer Memory Corruption Vulnerability | Critical | No | No | Yes |
CVE-2019-0769 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
CVE-2019-0770 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
CVE-2019-0771 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
CVE-2019-0773 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
CVE-2019-0784 | Windows ActiveX Remote Code Execution Vulnerability | Critical | No | No | Yes |
CVE-2019-0612 | Microsoft Edge Security Feature Bypass Vulnerability | Important | No | No | |
CVE-2019-0614 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-0617 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
CVE-2019-0665 | Windows VBScript Engine Remote Code Execution Vulnerability | Important | No | No | |
CVE-2019-0678 | Microsoft Edge Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-0682 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-0689 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-0690 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | |
CVE-2019-0692 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-0693 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-0694 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-0695 | Hyper-V Denial of Service Vulnerability | Important | No | No | |
CVE-2019-0696 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-0701 | Hyper-V Denial of Service Vulnerability | Important | No | No | |
CVE-2019-0702 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-0703 | Windows SMB Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-0704 | Windows SMB Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-0748 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | No | No | |
CVE-2019-0755 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-0759 | Windows Print Spooler Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-0761 | Windows Security Zone Bypass Vulnerability | Important | No | No | |
CVE-2019-0762 | Microsoft Browsers Security Feature Bypass Vulnerability | Important | No | No | |
CVE-2019-0765 | Comctl32 Remote Code Execution Vulnerability | Important | No | No | |
CVE-2019-0766 | Microsoft Windows Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-0767 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-0768 | Internet Explorer Security Feature Bypass Vulnerability | Important | No | No | |
CVE-2019-0772 | Windows VBScript Engine Remote Code Execution Vulnerability | Important | No | No | |
CVE-2019-0774 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-0775 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-0776 | Win32k Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-0778 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | |
CVE-2019-0779 | Microsoft Edge Memory Corruption Vulnerability | Important | No | No | |
CVE-2019-0782 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-0783 | Scripting Engine Memory Corruption Vulnerability | Important | No | No | |
CVE-2019-0798 | Skype for Business and Lync Spoofing Vulnerability | Important | No | No | |
CVE-2019-0821 | Windows SMB Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-0611 | Chakra Scripting Engine Memory Corruption Vulnerability | Important | No | No | |
CVE-2019-0746 | Chakra Scripting Engine Memory Corruption Vulnerability | Important | No | No | |
CVE-2019-0780 | Microsoft Browser Memory Corruption Vulnerability | Important | No | No | |
CVE-2019-0816 | Azure SSH Keypairs Security Feature Bypass Vulnerability | Moderate | No | No | |
CVE-2019-0777 | Team Foundation Server Cross-site Scripting Vulnerability | Low | No | No |
Start a Free Trial
Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.