Microsoft released its March 2019 software updates to address a total of 64 security vulnerabilities in its operating systems and other products, 17 of which are rated critical, 45 important, one moderate and one low.
The update addresses flaws in Windows, Internet Explorer, Edge, MS Office, and MS Office SharePoint, ChakraCore, Skype for Business, and Visual Studio NuGet.
Two Zero-Day Flaws Under Active Attack
Microsoft has also patched two separate zero-day privilege vulnerabilities in Windows. Both of these flaws reside in Win32k component that hackers are actively exploiting in the wild.
Successful exploitation of both flaws together allows remote attackers to execute arbitrary code on targeted computers running Windows 7 or Server 2018 and take full control of them.
17 Critical and 45 Important Flaws
Almost all of the listed critical-rated vulnerabilities lead to remote code execution attacks and primarily various versions of Windows 10 and Server editions.
While some of the important-rated vulnerabilities also lead to remote code execution attacks, others allow elevation of privilege, information disclosure, and denial of service attacks.