Patch Tuesday Roundup Includes IE Zero Day
February 13, 2019 / Phil Muncaster
Microsoft has given system admins plenty of work to do this month with patches for nearly 80 vulnerabilities, including a zero-day flaw in Internet Explorer and a publicly disclosed Exchange server bug. Top of the priority list in this month’s Patch Tuesday security round-up will probably be CVE-2019-0676, an information disclosure vulnerability in IE which Microsoft claimed has been actively exploited in the wild. The bug allows attackers to test for the presence of files on the disks of targeted machines. Also up there is CVE-2019-0686, an elevation of privilege vulnerability in Exchange Server 2010 and newer systems. Microsoft said no attacks had been spotted exploiting the flaw as yet but that this was “likely” in the future. Recorded Future senior solutions architect, Allan Liska, claimed exploitation requires both Exchange Web Service and push notifications to be enabled.