Microsoft March Patch Tuesday Fixes 74 Security Issues
Microsoft has released its monthly security updates, and this month the company patched 74 vulnerabilities affecting products such as Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Exchange Server, ASP.NET Core, .NET Core, PowerShell Core, ChakraCore, Microsoft Office, and Microsoft Office Services and Web Apps.
There are no patches for zero-days this month, and the company patched two security bugs about which exploitation details had become public (CVE-2018-0808 and CVE-2018-0940). However, the company did not detect any threat actor trying to exploit any of these flaws before releasing today’s patches.
A few Internet Explorer, Edge, and ChakraCore vulnerabilities did receive a “critical” rating and users should make sure they apply the proper patches.
All in all, this month’s security patches are rather tame compared to last year’s March Patch Tuesday that included fixes for vulnerabilities that the Shadow Brokers would eventually release a month later, in April 2017, such as EternalBlue, EternalSynergy, DoublePulsar, and many others.
Adobe Publishes Security Fixes
But besides Microsoft, Adobe has also released its monthly security advisories, as well. This month, the company fixed two critical remote code execution flaws in Flash Player (CVE-2018-4919 and CVE-2018-4920).
These flaws were discovered by Yuki Chen of Qihoo 360 Vulcan Team working with the Chromium Vulnerability Rewards Program. After today’s patches, the most recent Flash Player version should be v184.108.40.206.
A table listing of all the security issues Microsoft fixed this month is provided here. We used PowerShell and the Microsoft API to assemble the table below, but the report is much longer. We hosted the full report on GitHub, here.
If you’re not interested in all security updates and you’d like to filter updates per product, you can use Microsoft’s official Security Update Guide portal, accessible here.
Source: Microsoft March Patch Tuesday