Microsoft Patch Tuesday updates for February 2019 fixes IE Zero-Day

Pierluigi Paganini February 13, 2019

Microsoft released Patch Tuesday updates for February 2019 that address 77 flaws, including an Internet Explorer issue that has been exploited in attacks.

Microsoft released Patch Tuesday updates for February 2019 that address 77 flaws, 20 critical vulnerabilities, 54 important and 3 moderate in severity. One of the issue fixed by the tech giant is a zero-day vulnerability in Internet Explorer discovered by Google that has been exploited in attacks.

This zero-day, tracked as CVE-2019-0676, is an information disclosure flaw that tied the way Internet Explorer handles objects in memory.

An attacker can exploit the flaw by tricking the victims into visiting a malicious website using a vulnerable version of Internet Explorer. The flaw could be exploited by attackers to test for the presence of files on the targeted device’s disk.

“An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.” reads the security advisory.

“An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website. The security update addresses the vulnerability by changing the way Internet Explorer handles objects in memory.”

The vulnerability affects Internet Explorer 11, it was reported by Clement Lecigne from Google’s Threat Analysis Group

Microsoft Patch Tuesday

Microsoft’s Patch Tuesday updates for February 2019 also addressed several flaws whose details were publicly disclosed before a patch was made available.
The tech giant fixed flaws in Adobe Flash Player, Internet Explorer, Edge, Windows, MS Office, and Office Services and Web Apps, ChakraCore, .NET Framework, Exchange Server, Visual Studio, Azure IoT SDK, Dynamics, Team Foundation Server, and Visual Studio Code.

The list of patched issues includes two critical remote code execution vulnerabilities in SharePoint (CVE-2019-0594 and CVE-2019-0604) and a flaw in Windows DHCP Servers (CVE-2019-0626). The exploitation of these flaws could allow attackers to run arbitrary code and take control of the server.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Kunbus, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]



you might also like

leave a comment