Microsoft released 77 monthly security fixes across its varied product lines for February, including a Zero Day in Internet Explorer, which is already undergoing exploits.
The Zero Day has a case number of CVE-2019-0676. An attacker who successfully exploited this vulnerability could look for files on disk, Microsoft officials said.
In addition, there are two vulnerabilities in the SMB (Server Message Block) protocol that can lead to remote code execution.
These holes have case numbers of CVE-2019-0630 and CVE-2019-0633. Attackers could can gain access to weakly secured networks after basic dictionary attacks.
In addition, there’s also a remote code execution vulnerability (CVE-2019-0626) in the DHCP server component included with Windows Servers.
Microsoft also patched CVE-2019-0686, which is also called PrivExchange. Proof-of-concept code for the PrivExchange vulnerability went out in January. The code exploited a bug in Microsoft Exchange 2013 and newer versions.