A total of 65 vulnerabilities resolved this Patch Tuesday

Mar 13, 2019 04:26 GMT  ·  By

Microsoft’s March 2019 Patch Tuesday rollout includes fixes for a total of 65 vulnerabilities in Windows and other Microsoft software, and no less than 18 flaws are rated as critical.

More important is that Microsoft also resolves two zero-days in Windows, and needless to say, you should prioritize these patches on your devices.

First and foremost, it’s CVE-2019-0808, a vulnerability discovered by Google’s Threat Analysis Group and which was disclosed earlier this month. Google warned of active exploits in the wild and recommended users to update to Windows 10 because the additional mitigations in this OS versions can block attacks.

The flaw affects the Win32k component, and Microsoft explains in a technical advisory that attackers can run arbitrary code in kernel mode and then get full rights on a compromised host. Only Windows 7 and Windows Server 2008 are affected.

Patch, patch, patch!

The second zero-day that Microsoft patches this month is CVE-2019-0797, which also affects the Win32k component due to objects improperly handled in memory.

“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft says.

The flaw is already being exploited, and this time, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2016, and Windows Server 2019 are the versions affected.

The March 2019 Patch Tuesday also includes fixes for a series of other vulnerabilities, and users are recommended to install the available updates as soon as possible. On Windows 10, all patches are included in cumulative updates, and you can read more about the release here.

Windows 7 and Windows 8.1 are also being provided with monthly rollups that comprise all the aforementioned fixes, and given that zero-days are currently being exploited, users are recommended to begin patching as soon as possible.