Microsoft released Patch Tuesday updates for February 2019 that address 77 flaws, 20 critical vulnerabilities, 54 important and 3 moderate in severity. One of the
An attacker can exploit the flaw by tricking the victims into visiting a malicious website using a vulnerable version of Internet Explorer. The flaw could be exploited by attackers to test for the presence of files on the targeted device’s disk.
“An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.” reads the security advisory.
“An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.”
The vulnerability affects Internet Explorer 11, it was reported by Clement Lecigne from
Microsoft’s Patch Tuesday updates for February 2019 also addressed several flaws whose details were publicly disclosed before a patch was made available.
The tech giant fixed flaws in Adobe Flash Player, Internet Explorer, Edge, Windows, MS Office, and Office Services and Web Apps,
The list of patched issues includes two critical remote code execution vulnerabilities in SharePoint (CVE-2019-0594 and CVE-2019-0604) and a flaw in Windows DHCP Servers (CVE-2019-0626). The exploitation of these flaws could allow attackers to run arbitrary code and take control of the server.
(SecurityAffairs – Kunbus, hacking)