Image
In-The-Wild & Disclosed CVEs
CVE-2019-0754
This CVE describes a Denial of Service vulnerability that could cause a target system to stop responding when code is executed on the local system. Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.CVE-2019-0757
This CVE describes a vulnerability in the NuGet Package Manager on Linux and macOS. The NuGet Package Manager is the package manager for .NET. An authenticated attacker can modify a package’s folder structure allowing the modification of files and folders during the unpackaging process. Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.CVE-2019-0797
A vulnerability in Win32k could allow an attacker to execute code in kernel mode. Exploitation of this vulnerability has been detected with Windows 7, Server 2008, and Server 2008 R2. Microsoft has rated this as a 0 (Exploitation Detected) on the Exploitability Index for older software releases and a 3 (Exploitation Unlikely) for the latest software releases.CVE-2019-0808
A vulnerability in Win32k could allow an attacker to execute code in kernel mode. Exploitation of this vulnerability has been detected with Windows 7, Server 2008, and Server 2008 R2. Microsoft has rated this as a 0 (Exploitation Detected) on the Exploitability Index for older software releases and a 4 (Not affected) for the latest software releases.CVE-2019-0683
Microsoft Active Directory allows an attacker in the trust forest to request delegation of a ticket-granting ticket (TGT) from another identity within the trusted forest. Exploitation requires that an attacker has compromised a server with unconstrained Kerberos delegation. The attacker then waits for incoming service connections. The attacker can then request TGT delegation on behalf of whatever identities have accessed the compromised system. Successful exploitation allows the attacker to access resources with elevated permissions. For example, the attacker may be able to use a DCSync attack to obtain credential material from a domain controller. The issue has been resolved by disabling TGT request delegation in AD forests. Microsoft has rated this as a 4 (Not Affected) on the Exploitability Index on the latest software release. It is also rated as a 2 (Exploitation Less Likely) on older software releases.CVE-2019-0809
The Visual Studio C++ Redistributable Installer improperly validates DLL files before loading them. This means that a malicious DLL placed on a system could be executed when the installer is run leading to code execution in the context of the logged in user. Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag |
CVE Count |
CVEs |
Windows Hyper-V |
3 |
CVE-2019-0690, CVE-2019-0695, CVE-2019-0701 |
Microsoft Windows |
5 |
CVE-2019-0754, CVE-2019-0765, CVE-2019-0766, CVE-2019-0784, CVE-2019-0603 |
Microsoft Edge |
3 |
CVE-2019-0612, CVE-2019-0678, CVE-2019-0779 |
Visual Studio |
1 |
CVE-2019-0809 |
Internet Explorer |
3 |
CVE-2019-0761, CVE-2019-0763, CVE-2019-0768 |
Microsoft Browsers |
2 |
CVE-2019-0762, CVE-2019-0780 |
Microsoft Office SharePoint |
1 |
CVE-2019-0778 |
Team Foundation Server |
1 |
CVE-2019-0777 |
Microsoft JET Database Engine |
1 |
CVE-2019-0617 |
Microsoft Graphics Component |
4 |
CVE-2019-0774, CVE-2019-0797, CVE-2019-0808, CVE-2019-0614 |
Microsoft Scripting Engine |
15 |
CVE-2019-0609, CVE-2019-0611, CVE-2019-0639, CVE-2019-0746, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0772, CVE-2019-0773, CVE-2019-0783, CVE-2019-0592, CVE-2019-0665, CVE-2019-0666, CVE-2019-0667, CVE-2019-0680 |
Windows Kernel |
6 |
CVE-2019-0755, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782, CVE-2019-0696, CVE-2019-0702 |
Microsoft Office |
1 |
CVE-2019-0748 |
Windows Subsystem for Linux |
5 |
CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694 |
Active Directory |
1 |
CVE-2019-0683 |
Azure |
1 |
CVE-2019-0816 |
Windows Kernel-Mode Drivers |
1 |
CVE-2019-0776 |
Skype for Business |
1 |
CVE-2019-0798 |
Windows Print Spooler Components |
1 |
CVE-2019-0759 |
Windows SMB Server |
3 |
CVE-2019-0703, CVE-2019-0704, CVE-2019-0821 |
NuGet |
1 |
CVE-2019-0757 |
Windows DHCP Client |
3 |
CVE-2019-0697, CVE-2019-0698, CVE-2019-0726 |
Microsoft XML |
1 |
CVE-2019-0756 |
Other Information
In addition to the Microsoft vulnerabilities included in the March Security Guidance, an Adobe Flash bulletin is available today.March 2019 Adobe Flash Update [ADV190008]
Microsoft released an update for Adobe Flash. This corresponds with Adobe Update APSB19-12, but includes no vulnerability fixes.
