Including Fix for Actively Exploited IE Vulnerability
Microsoft has issued its second Patch Tuesday for this year to address a total of 77 CVE-listed security vulnerabilities in its Windows operating systems and other products. Included in this month's security updates is one for an actively exploited Internet Explorer vulnerability and another remote code execution vulnerability in DHCP.
This month's security updates come with nearly 20 critical fixes. Of these critical updates, one patch is especially important because it fixes a security loophole and this vulnerability is already actively being exploited in the wild. This actively-exploited vulnerability is rated as important and resides in the way Internet Explorer handles objects in the memory.
An attacker can trick victims into landing on a specially crafted website and exploit this vulnerability, identified as CVE-2019-0676, leading to information leaks. Almost each of the listed critical-rated vulnerabilities allows remote code execution attacks.
Though there is no public exploit, the remote code execution vulnerability in Windows DHCP Servers (CVE-2019-0626) is troubling. The successful exploitation of this flaw could allow attackers to run arbitrary code and take control of the server.
Similar to previous months, we've created a report which checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview which assets are already on the latest Windows update, and which ones still need to be patched. You can find the report on our forum.
Before you start deploying, take a moment to test for stability just to avoid compatibility issues. If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.