Microsoft released on Tuesday a series of updates to correct at least 70 of different security vulnerabilities in Windows and software. The patch this month faces some notable business threats. It also provides fixes for removing end-user threats, including critical updates for Adobe Flash Player and Microsoft Office, as well as zero-day bugs in Internet Explorer.
About 20 of the bugs encountered in the February updates are "critical" vulnerabilities, which means that Microsoft believes that attackers or malware could exploit them to completely undermine systems.
Microsoft tried to fix an error in Internet Explorer (CVE-2019-0676), which Google discovered and which attackers use to target vulnerable systems. This error could allow malicious software to control the presence of specific files on the target hard drive.
Another critical vulnerability that affects both end users and businesses is a weakness in Windows. This vulnerability is responsible for assigning Internet addresses to host computers. This error, CVE-2019-0626, could allow an attacker to run a malicious code by simply sending a specially designed DHCP request to the target.
At the top of the list of updates, which mainly concerns companies, is a matter of Microsoft Exchange services (CVE-2019-0686), which could allow an attacker, on the same network as the target, to access other users' inbox. Microsoft has said that this bug has not yet been used by attackers, but it seems likely that it will happen soon.
Security experts recommend using this month's patch to troubleshoot Windows errors. It is also important to back up your data before installing Windows updates.
Microsoft also included fixes to address a vulnerability in Adobe Flash Player. Microsoft and Adobe disagree on the severity of this vulnerability, according to security firm Qualys. Adobe points out that it is a "significant" error, while Microsoft calls it "critical". Either way, Flash vulnerabilities are a favorite target of attackers.
Fortunately, the most popular browser - Google Chrome - updates Flash automatically (Microsoft also connects Flash to IE / Edge and updates it each time Windows systems install monthly updates). Until the summer of 2019, Google will require Chrome users to enter their settings to enable Flash every time they want to use it.
Firefox also forces users to activate Flash. There are also instructions to disable or remove Flash from Firefox. Adobe will stop supporting Flash at the end of 2020.
Finally, Adobe released some updates for Adobe Acrobat and Reader.