Microsoft March update contains fixes for two zero-day vulnerabilities

The March update comes with 64 cybersecurity vulnerability patches in total, 17 of which are of critical nature. All in all, two zero-day vulnerabilities were patched, so let’s delve right into it and see what the new update is all about.

Zero-day 1

If you’re a Windows 7 32-bit user, this is the reason why you might have been targeted in the recent wave of cyberattacks. Windows Server 2008 operating system users were also affected by the same vulnerability.

Google wrote more about it in last week’s public disclosure, where they also discussed the Chrome zero-day vulnerability that allowed an attacker to escape the browser’s sandbox and execute malicious code of their choosing. Luckily, with the release of Chrome 72.0.3626.121, the issue has been effectively dealt with.

Zero-day 2

The second zero-day vulnerability was discovered by the Kaspersky research team. Similarly to the first one, it also allows an attacker to execute remote code on the affected system (with admin privileges).

Microsoft explained that the problem occurred due to the Win32k component improperly handling memory-based objects. If attackers were to exploit this, they could edit and delete data on the victim’s machine, install new programs, and create new accounts with full user rights. In other words – take complete control of the system.

Other fixes

The Windows DHCP client had three cybersecurity vulnerabilities that are now patched. Abusing them allowed an attacker to take over the victim’s computer. As part of the Microsoft March update, a WDS bug patch was also corrected.