Microsoft Patch Tuesday March 2019

Foresight-Cyber-Threat-Intel-Updates-mono.png

As expected, and appreciated, Microsoft has released patches to their products (plus Adobe’s). The full list can be a bit daunting: looking at the Security Update portal, there are 1455 items in the patch table. https://portal.msrc.microsoft.com/en-us/security-guidance

All our clients subscribed to vulnerability management - Advanced SOC - services should receive notification of the applicability of these in their environments. For the rest, I want to highlight the most critical patches and actions needed.

As always, our advice is to run well-maintained patch process. Our consultants can help companies re-engineer patch and vulnerability management processes.

Internet Explorer

Even Microsoft now claims this is not a web browser! If any organisation still allows its users to access the Internet with this insecure application, please stop and talk to us. And yes, do patch as there are various scripting execution vulnerabilities (CVE-2019-0609, CVE-2019-0667, CVE-2019-0680, CVE-2019-0763).

Edge browser

Anyone still using it? Then you should know there is a critical update to fix Edge’s way of handling JavaScript (CVE-2019-0592, CVE-2019-0609, CVE-2019-0639, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771 and CVE-2019-0773).

Windows

For those using TFTP to deploy Windows 10 - this mostly applies to very large enterprises - there is an update to fix remote execution vulnerability (CVE-2019-0603). Same applies to all Windows versions - both server and desktop.

Then there are interesting vulnerabilities (CVE-2019-0697, CVE-2019-0698 and CVE-2019-0726) in a DHCP client code. This affect ALL versions of Windows when a DHCP client is enabled, which is typically always on end-user computers and on many servers. However, this vulnerability is less critical in well-designed and managed internal networks where L2 switching is secured and protects against DHCP attacks. However, on company laptops, which may be taken to untrusted coffee shops (yes we all need coffee) this may present an elevated risk. We advise companies to prioritise the patch deployment for this vulnerability on their laptops!

A less obvious vulnerability, which I hope has no way of being successfully exploited is CVE-2019-0784 - ActiveX vulnerability. Anyone still allowing their browsers (and Internet Explorer) to run arbitrary ActiveX content from Internet?

No exploits have been detected for the above, vulnerabilities; however that can change very quickly.