VERT Threat Alert: March 2019 Patch Tuesday Analysis

Image

Today’s VERT Alert addresses Microsoft’s March 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-821 on Wednesday, March 13th. 

In-The-Wild & Disclosed CVEs

CVE-2019-0754

This CVE describes a Denial of Service vulnerability that could cause a target system to stop responding when code is executed on the local system. Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE-2019-0757

This CVE describes a vulnerability in the NuGet Package Manager on Linux and macOS. The NuGet Package Manager is the package manager for .NET. An authenticated attacker can modify a package’s folder structure allowing the modification of files and folders during the unpackaging process. Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE-2019-0797

A vulnerability in Win32k could allow an attacker to execute code in kernel mode. Exploitation of this vulnerability has been detected with Windows 7, Server 2008, and Server 2008 R2. Microsoft has rated this as a 0 (Exploitation Detected) on the Exploitability Index for older software releases and a 3 (Exploitation Unlikely) for the latest software releases.

CVE-2019-0808

A vulnerability in Win32k could allow an attacker to execute code in kernel mode. Exploitation of this vulnerability has been detected with Windows 7, Server 2008, and Server 2008 R2. Microsoft has rated this as a 0 (Exploitation Detected) on the Exploitability Index for older software releases and a 4 (Not affected) for the latest software releases.

CVE-2019-0683

Microsoft Active Directory allows an attacker in the trust forest to request delegation of a ticket-granting ticket (TGT) from another identity within the trusted forest. Exploitation requires that an attacker has compromised a server with unconstrained Kerberos delegation. The attacker then waits for incoming service connections. The attacker can then request TGT delegation on behalf of whatever identities have accessed the compromised system. Successful exploitation allows the attacker to access resources with elevated permissions. For example, the attacker may be able to use a DCSync attack to obtain credential material from a domain controller. The issue has been resolved by disabling TGT request delegation in AD forests. Microsoft has rated this as a 4 (Not Affected) on the Exploitability Index on the latest software release. It is also rated as a 2 (Exploitation Less Likely) on older software releases.

CVE-2019-0809

The Visual Studio C++ Redistributable Installer improperly validates DLL files before loading them. This means that a malicious DLL placed on a system could be executed when the installer is run leading to code execution in the context of the logged in user. Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Other Information

In addition to the Microsoft vulnerabilities included in the March Security Guidance, an Adobe Flash bulletin is available today.

March 2019 Adobe Flash Update [ADV190008]

Microsoft released an update for Adobe Flash. This corresponds with Adobe Update APSB19-12, but includes no vulnerability fixes.