Microsoft’s Patch Tuesday Fixes 77 Vulnerabilities
Tech giant, Microsoft, has released security updates that will be installed by users worldwide to fix 77 flaws.
The monthly rollout, known as February Patch Tuesday addresses flaws in MS Office, Windows, Edge, Adobe Flash Player, .NET Framework, Visual Studio, ChakraCore, Exchange Server, Internet Explorer, Team Foundation Server and many more of their products.
Out the many vulnerabilities that have been patched by the updates, 4 have been reported as publicly known, with one of them still being remotely exploited in the wild.
The tech company disclosed this particular flaw, identified as CVE-2019-0676, which allows hackers to trick unsuspected users into landing on a crafted site that is aimed at checking system files, leading to information exposure.
Even though the company hasn’t gone into specifics about the malicious program exploiting this flaw, they announced that the program is likely restricted to targeted systems.
One of the critical flaws fixed is the Internet Explorer Zero-Day that made it possible for hackers to read the contents of files on disk. It is, however, unclear if this flaw had been exploited by hackers within the shores of the country or orchestrated by cyber terrorists in other parts of the world.
Microsoft also revealed that a remote code execution which affected DHCP server component included with Windows Servers have been corrected. According to them, a cybercriminal could send ill-formed DHCP packets to servers which would further hijack the underlying server.
Exploitation of this kind of vulnerability may lead to massive remote code executions since most Windows Servers are used as enterprise networks.
Most notably, the company disclosed that the patch also fixed PrivExchange vulnerability. This had allowed malicious programmers to exploit a bug in Exchange Web Services push notifications on the server, to automatically advance privileges to administrator level.
In lieu of this, Adobe has also released security updates to fix over 70 flaws in all their software, 71 of which are targeted towards Adobe Acrobat and Reader.
Users worldwide have been recommended to download and apply the security updates which can be done remotely by from the computer system.
