Microsoft has just released its March installment of Patch Tuesday updates to address 66 vulnerabilities in its applications. Of these 66 vulnerabilities, two are currently being exploited in the wild, 17 are critical, 45 are important, one is moderate, and one is low. This Patch Tuesday, Microsoft not only provides the patches, but also an antidote if anything goes south—with this update, Windows 10 will uninstall problematic patches automatically. This way users can install Patch Tuesday updates with peace of mind.
Patch Tuesday updates for Microsoft products
This month’s Patch Tuesday covers updates for the following list of products and software:
- Adobe Flash Player
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office SharePoint
- Team Foundation Server
- Skype for Business
- Visual Studio
Zero-day vulnerabilities patched
1. CVE-2019-0808 Win32k elevation of privilege vulnerability
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, which could lead to remote code execution. This Patch Tuesday update fixes this vulnerability by correcting how Win32k handles objects in memory.
2. CVE-2019-5786 RCE vulnerability in Google Chrome
The Chrome Security team released a fix last week for a highly critical vulnerability in Google Chrome, CVE-2019-5786. This vulnerability, reported as a use-after-free vulnerability in the FileReader component of Chrome, could allow a remote attacker to execute arbitrary code and take full control of computers.
This month’s security updates come with 17 critical fixes. Most of these updates address vulnerabilities in scripting engines like Chakra Scripting Engine, VBScript Engine, and DHCP Client, and browsers like Internet Explorer and Edge. Failing to patch these vulnerabilities could lead to arbitrary code execution.
Third-party patches: Adobe updates
Adobe has addressed two critical vulnerabilities in Adobe Photoshop CC this month, releasing information about these flaws under Bulletin ID APSB19-15. Successful exploitation could lead to arbitrary code execution.
This Patch Tuesday, Microsoft also released non-security updates for Office 2010, Office 2013, and Office 2016. View the entire list of non-security updates for the month of March.
Automate both Microsoft and third-party updates
When it comes to effective patch management, all applications are equally important. Failing to patch any type of application can leave IT infrastructure vulnerable to threats. The best way to stay secure is to patch all applications, regardless of vendor.
ManageEngine offers two patching solutions: Desktop Central and Patch Manager Plus. Both offer automated patch management for more than 750 applications, including over 300 third-party applications. Try either of these solutions free for 30 days to start patching now.
** Optrics Inc. is an Authorized ManageEngine partner
The original article can be found here: