Today, Microsoft Released March Tuesday Patch Updates
Microsoft fixes critical security vulnerabilities in its Windows operating system.
If you are running Windows 10 operating system, the build 17134.648 (KB4489868) is now available for you with the following improvements and fixes:
- Addresses an issue that may cause users to receive “Error 1309” while installing or uninstalling certain types of MSI and MSP files.
- Security updates to Internet Explorer, Microsoft Edge, Microsoft Scripting Engine, Windows Shell, Windows
- App Platform and Frameworks, Windows Input and Composition, Windows Storage and Filesystems, Windows Wireless Networking, Windows Fundamentals, Windows Hyper-V, Windows Server, Windows Linux, Window Kernel, Windows MSXML, and the Microsoft JET Database Engine.
Microsoft Patches following software’s.
- Adobe Flash Player
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office SharePoint
- ChakraCore
- Team Foundation Server
- Skype for Business
- Visual Studio
- NuGet
Following CVE’s ID have patched
CVE-2019-0614 | Windows GDI Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.
The security update addresses the vulnerability by correcting how the Windows GDI component handles objects in memory.
CVE-2019-0702 | Windows Kernel Information Disclosure Vulnerability
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system.
The update addresses the vulnerability by correcting how the Windows kernel handles objects in memory.
CVE-2019-0703 | Windows SMB Information Disclosure Vulnerability
An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server.
To exploit the vulnerability, an attacker would have to be able to authenticate and send SMB messages to an impacted Windows SMB Server
The security update addresses the vulnerability by correcting how Windows SMB Server handles authenticated requests.
CVE-2019-0776 | Win32k Information Disclosure Vulnerability
An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, an attacker would have to either log on locally to an affected system, or convince a locally authenticated user to execute a specially crafted application.
The security update addresses the vulnerability by correcting how win32k handles objects in memory.
How to update?
- Open the Control Panel.
- If you are using Small icons view, click on the Windows Update option.
- If you are using the Category view, click on the System and Security option, then click on the Windows Update option.
- Windows Update will check for any available updates for your computer.
- Turn to automatic updates for future