Microsoft Patch Tuesday March 2019

As expected, and appreciated, Microsoft has released patches to their products (plus Adobe’s). The full list can be a bit daunting: looking at the Security Update portal, there are 1455 items in the patch table.

All our clients subscribed to vulnerability management - Advanced SOC - services should receive notification of the applicability of these in their environments. For the rest, I want to highlight the most critical patches and actions needed.

As always, our advice is to run well-maintained patch process. Our consultants can help companies re-engineer patch and vulnerability management processes.

Internet Explorer

Even Microsoft now claims this is not a web browser! If any organisation still allows its users to access the Internet with this insecure application, please stop and talk to us. And yes, do patch as there are various scripting execution vulnerabilities (CVE-2019-0609, CVE-2019-0667, CVE-2019-0680, CVE-2019-0763).

Edge browser

Anyone still using it? Then you should know there is a critical update to fix Edge’s way of handling JavaScript (CVE-2019-0592, CVE-2019-0609, CVE-2019-0639, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771 and CVE-2019-0773).


For those using TFTP to deploy Windows 10 - this mostly applies to very large enterprises - there is an update to fix remote execution vulnerability (CVE-2019-0603). Same applies to all Windows versions - both server and desktop.

Then there are interesting vulnerabilities (CVE-2019-0697, CVE-2019-0698 and CVE-2019-0726) in a DHCP client code. This affect ALL versions of Windows when a DHCP client is enabled, which is typically always on end-user computers and on many servers. However, this vulnerability is less critical in well-designed and managed internal networks where L2 switching is secured and protects against DHCP attacks. However, on company laptops, which may be taken to untrusted coffee shops (yes we all need coffee) this may present an elevated risk. We advise companies to prioritize the patch deployment for this vulnerability on their laptops!

A less obvious vulnerability, which I hope has no way of being successfully exploited is CVE-2019-0784 - ActiveX vulnerability. Anyone still allowing their browsers (and Internet Explorer) to run arbitrary ActiveX content from Internet?

No exploits have been detected for the above, vulnerabilities; however that can change very quickly.


Foresight Cyber

71-75 Shelton Street 

Covent Garden



United Kingdom

+44 208 159 8942


VAT: GB144735213 

Company number: 06871193 

D-U-N-S number: 211601017

UK ICO number: 00011202777

Privacy Policy


  • LinkedIn
  • Twitter
  • YouTube
  • Vimeo

Copyright © 2009 -2020 Foresight Cyber Ltd. All rights reserved. Foresight Cyber are registered trademarks. Foresight Cyber Ltd is a company registered in England and Wales. Registered No: 06871193. Registered office: 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom