Patch Tuesday comes up with a list of new vulnerabilities

The February edition of Patch Tuesday brings in extra work for the users and sysadmins by revealing 70 CVE-listed vulnerabilities from each vendor along with a critical security fix from Cisco. Users are advised to have a look at these security flaws and patch them as soon as possible.

DHCP (Dynamic Host Configuration Protocol)

For the Redmond servers, the February dump contains 77 CVE-listed bugs across Windows, Office and Edge/IE.

Potentially the most severe vulnerability in the dump was the CVE-2019-0626, a remote code execution vulnerability in the Windows Server DHCP component. According to experts, the specific bug won’t affect regular users. However, the admins who are running the DHCP servers on their network should make this fix a top priority.

Another main concern for admins is the CVE-2019-0676, present in the Internet Explorer that allows attackers to check specific files present on a computer through a specially constructed webpage.

Generally, it is predicted that this bug would be used specifically for targeted attacks where the hackers can go after a machine linked with the targeted company or group.

Four other vulnerabilities have also been disclosed in the dump including the CVE-2019-0636, CVE-2019-0686, CVE-2019-0646, and CVE-2019-0647. But the investigation reveals that they do not permit for remote code execution (RCE).

From the total of 36 RCE vulnerabilities patched this month, 16 were found to be programming errors in Microsoft’s IE and Edge browsers. If the vulnerabilities had persisted, the attacker would have been successful in his exploitation goals by encouraging users to visit malicious web pages.

Due to the potential threats, it is important to update the IE and Edge products as soon as possible.
Also Read: More Than 3 Billion Accounts' Details Hacked and Up for Sale. Are You At Risk?
Another popular RCE target is the Office with seven remote code fixes. Two of them (CVE-2019-0594, and CVE-2019-0604) were found in SharePoint while the rest of others were part of the Office Access Connectivity Engine.

In each of the case affecting Office, the attackers would have to make the victim manually open the malicious file. Unfortunately, carrying out this act is relatively easy in OfficeDocs as numerous files are sent between companies from this platform.

Besides the above, five other remote code execution bugs were patched for Jet Database Engine, a built-in component of Windows and Windows Server. These also operated similarly to others and required the users to manually open the specially crafted file.

Adobe also joins the patch bandwagon

To keep up with its rival Microsoft, Adobe has also delivered a patch load addressing 75 CVE entries of its own.

From the list, 39 arbitrary code execution vulnerabilities are found in Acrobat and Reader. In each case, the attackers execute code on the targeted machine that convinces users to open the harmful PDF file. A total of 71 patches for this month were for the vulnerabilities present in Acrobat/Reader for Windows, Mac, and Linux boxes.

On the contrary, Flash Player is having a better month with just one listing of CVE.

Creative Cloud also received a patch for DLL hijacking flaw while Cold Fusion also saw one remote code execution and one information disclosure vulnerability.

The NAE fix

Companies that are utilizing the Cisco’s Network Access Engine (NAE) tool for the management of their networks and data centers are advised to look at the Switchzilla’s Tuesday Advisory to ensure their software are updated.

It's now 2019, and your Windows Dynamic Host Configuration Protocol server can be pwned by a packet, Internet explorer and Microsoft Edge by a web page, and so on
Photo: Getty Images

No comments:

Post a Comment