Microsoft Fixes Two Zero-Days in Windows
Microsoft’s March 2019 Patch Tuesday rollout includes fixes for a total of 65 vulnerabilities in Windows and other Microsoft software, and no less than 18 flaws are rated as critical.
More important is that Microsoft also resolves two zero-days in Windows, and needless to say, you should prioritize these patches on your devices.
First and foremost, it’s CVE-2019-0808, a vulnerability discovered by Google’s Threat Analysis Group and which was disclosed earlier this month. Google warned of active exploits in the wild and recommended users to update to Windows 10 because the additional mitigations in this OS versions can block attacks.
The flaw affects the Win32k component, and Microsoft explains in a technical advisory that attackers can run arbitrary code in kernel mode and then get full rights on a compromised host. Only Windows 7 and Windows Server 2008 are aff… (read more)