Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s March 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-821 on Wednesday, March 13th. 

In-The-Wild & Disclosed CVEs

CVE-2019-0754

This CVE describes a Denial of Service vulnerability that could cause a target system to stop responding when code is executed on the local system.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE-2019-0757

This CVE describes a vulnerability in the NuGet Package Manager on Linux and macOS. The NuGet Package Manager is the package manager for .NET. An authenticated attacker can modify a package’s folder structure allowing the modification of files and folders during the unpackaging process.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE-2019-0797

A vulnerability in Win32k could allow an attacker to execute code in kernel mode. Exploitation of this vulnerability has been detected with Windows 7, Server 2008, and Server 2008 R2.

Microsoft has rated this as a 0 (Exploitation Detected) on the Exploitability Index for older software releases and a 3 (Exploitation Unlikely) for the latest software releases.

CVE-2019-0808

A vulnerability in Win32k could allow an attacker to execute code in kernel mode. Exploitation of this vulnerability has been detected with Windows 7, Server 2008, and Server 2008 R2.

Microsoft has rated this as a 0 (Exploitation Detected) on the Exploitability Index for older software releases and a 4 (Not affected) for the latest software releases.

CVE-2019-0683

Microsoft Active Directory allows an attacker in the trust forest to request delegation of a ticket-granting ticket (TGT) from another identity within the trusted forest. Exploitation requires that an attacker has compromised a server with unconstrained Kerberos delegation. The attacker then waits for incoming service connections. The attacker can then request TGT delegation on behalf of whatever identities have accessed the compromised system. Successful exploitation allows the attacker to access resources with elevated permissions. For example, the attacker may be able to use a DCSync attack to obtain credential material from a domain controller. The issue has been resolved by disabling TGT request delegation in AD forests.

Microsoft has rated this as a 4 (Not Affected) on the Exploitability Index on the latest software release. It is also rated as a 2 (Exploitation Less Likely) on older software releases.

CVE-2019-0809

The Visual Studio C++ Redistributable Installer improperly validates DLL files before loading them. This means that a malicious DLL placed on a system could be executed when the installer is run leading to code execution in the context of the logged in user.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Windows Hyper-V
3
CVE-2019-0690, CVE-2019-0695, CVE-2019-0701
Microsoft Windows
5
CVE-2019-0754, CVE-2019-0765, CVE-2019-0766, CVE-2019-0784, CVE-2019-0603
Microsoft Edge
3
CVE-2019-0612, CVE-2019-0678, CVE-2019-0779
Visual Studio
1
CVE-2019-0809
Internet Explorer
3
CVE-2019-0761, CVE-2019-0763, CVE-2019-0768
Microsoft Browsers
2
CVE-2019-0762, CVE-2019-0780
Microsoft Office SharePoint
1
CVE-2019-0778
Team Foundation Server
1
CVE-2019-0777
Microsoft JET Database Engine
1
CVE-2019-0617
Microsoft Graphics Component
4
CVE-2019-0774, CVE-2019-0797, CVE-2019-0808, CVE-2019-0614
Microsoft Scripting Engine
15
CVE-2019-0609, CVE-2019-0611, CVE-2019-0639, CVE-2019-0746, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0772, CVE-2019-0773, CVE-2019-0783, CVE-2019-0592, CVE-2019-0665, CVE-2019-0666, CVE-2019-0667, CVE-2019-0680
Windows Kernel
6
CVE-2019-0755, CVE-2019-0767, CVE-2019-0775, CVE-2019-0782, CVE-2019-0696, CVE-2019-0702
Microsoft Office
1
CVE-2019-0748
Windows Subsystem for Linux
5
CVE-2019-0682, CVE-2019-0689, CVE-2019-0692, CVE-2019-0693, CVE-2019-0694
Active Directory
1
CVE-2019-0683
Azure
1
CVE-2019-0816
Windows Kernel-Mode Drivers
1
CVE-2019-0776
Skype for Business
1
CVE-2019-0798
Windows Print Spooler Components
1
CVE-2019-0759
Windows SMB Server
3
CVE-2019-0703, CVE-2019-0704, CVE-2019-0821
NuGet
1
CVE-2019-0757
Windows DHCP Client
3
CVE-2019-0697, CVE-2019-0698, CVE-2019-0726
Microsoft XML
1
CVE-2019-0756

 

Other Information

In addition to the Microsoft vulnerabilities included in the March Security Guidance, an Adobe Flash bulletin is available today.

March 2019 Adobe Flash Update [ADV190008]

Microsoft released an update for Adobe Flash. This corresponds with Adobe Update APSB19-12, but includes no vulnerability fixes.