Microsoft and Adobe Bug Patches
74 Security vulnerabilities have patched in Microsoft, including 33 were allowing remote code execution. Whereas Adobe released its 40 security vulnerabilities in its various products including Adobe Acrobat, Reader, Shockwave Player and Flash player.
For Microsoft [Update your Windows now]
CVE-2019-0803 | Win32k Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.
CVE-2019-0856 | Windows Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could take control of an affected system.
To exploit the vulnerability, an authenticated attacker could connect via the Windows Remote Registry Service, causing Windows to execute arbitrary code.
The security update addresses the vulnerability by correcting how Windows handles objects in memory.
CVE-2019-0791 | MS XML Remote Code Execution Vulnerability
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system.
To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website.
Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the user’s system.
The update addresses the vulnerability by correcting how the MSXML parser processes user input.
The security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical and an important vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Following are the Adobe security flaws have patched to new version
- Adobe Acrobat and Reader – 11 Critical and 10 Important Flaws – Update now
- Adobe Flash Player – 2 Critical Flaws – Updated to 220.127.116.11 Version
- Adobe Shockwave Player – 7 Critical Flaws – Updated to 18.104.22.168 Version
- Adobe Dreamweaver – 1 Moderate Flaw- Updated to 19.1 Version
- Adobe XD – 2 Critical Flaws – Updated to 17.0.12
- Adobe InDesign – 1 Critical Flaw – Update to 14.0.2 Version
- Adobe Experience Manager Forms – 1 Important Flaw – Update now
- Adobe Bridge CC – 2 Critical and 3 Important Flaws – Update to 9.0.3 Version