Microsoft January 2019 Patch Tuesday, (Tue, Jan 8th)

This post was originally published on this site

This month we got patches for 49 vulnerabilities total. None of them have been used in the wild, and only one vulnerability has been made public before today.

Particularly interesting is the vulnerability in the DHCP client. This could likely be exploited via a malicious DHCP server, for example in a public WiFi network. Microsoft assigned this vulnerability a CVSS base score of 9.8. 

We got a good number of vulnerabilities in the Jet Database Engine. Jet Database vulnerabilities are often exploitable via Office documents. But none of the vulnerabilities are labeled as critical. Only 8 vulnerabilities are labeled as “Critical” this month. The majority of them affects web browsers. But there are also two critical code execution vulnerabilities in HyperV.

See Renato’s dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Information Disclosure Vulnerability
%%cve:2019-0545%% No No Less Likely Less Likely Important    
ASP.NET Core Denial of Service Vulnerability
%%cve:2019-0548%% No No Less Likely Less Likely Important    
%%cve:2019-0564%% No No Important    
Chakra Scripting Engine Memory Corruption Vulnerability
%%cve:2019-0539%% No No Critical 4.2 3.8
%%cve:2019-0567%% No No Critical 4.2 3.8
%%cve:2019-0568%% No No Critical 4.2 3.8
January 2019 Adobe Flash Update
ADV190001 No No      
Jet Database Engine Remote Code Execution Vulnerability
%%cve:2019-0538%% No No Unlikely Unlikely Important 7.8 7.0
%%cve:2019-0575%% No No Unlikely Unlikely Important 7.8 7.0
%%cve:2019-0576%% No No Unlikely Unlikely Important 7.8 7.0
%%cve:2019-0577%% No No Unlikely Unlikely Important 7.8 7.0
%%cve:2019-0578%% No No Unlikely Unlikely Important 7.8 7.0
%%cve:2019-0579%% Yes No Unlikely Unlikely Important 7.8 7.0
%%cve:2019-0580%% No No Unlikely Unlikely Important 7.8 7.0
%%cve:2019-0581%% No No Unlikely Unlikely Important 7.8 7.0
%%cve:2019-0582%% No No Unlikely Unlikely Important 7.8 7.0
%%cve:2019-0583%% No No Unlikely Unlikely Important 7.8 7.0
%%cve:2019-0584%% No No Unlikely Unlikely Important 7.8 7.0
Latest Servicing Stack Updates
ADV990001 No No Critical    
MSHTML Engine Remote Code Execution Vulnerability
%%cve:2019-0541%% No No More Likely More Likely Important 6.4 5.8
Microsoft Edge Elevation of Privilege Vulnerability
%%cve:2019-0566%% No No Important 4.3 3.9
Microsoft Edge Memory Corruption Vulnerability
%%cve:2019-0565%% No No Critical 4.2 3.8
Microsoft Exchange Information Disclosure Vulnerability
%%cve:2019-0588%% No No Less Likely Less Likely Important    
Microsoft Exchange Memory Corruption Vulnerability
%%cve:2019-0586%% No No More Likely More Likely Important    
Microsoft Office Information Disclosure Vulnerability
%%cve:2019-0560%% No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
%%cve:2019-0556%% No No Important    
%%cve:2019-0557%% No No Important    
%%cve:2019-0558%% No No Less Likely Less Likely Important    
Microsoft Outlook Information Disclosure Vulnerability
%%cve:2019-0559%% No No Less Likely Less Likely Important    
Microsoft SharePoint Elevation of Privilege Vulnerability
%%cve:2019-0562%% No No Less Likely Less Likely Important    
Microsoft Visual Studio Information Disclosure Vulnerability
%%cve:2019-0537%% No No Less Likely Less Likely Important    
Microsoft Windows Elevation of Privilege Vulnerability
%%cve:2019-0543%% No No More Likely More Likely Important 7.8 7.8
Microsoft Word Information Disclosure Vulnerability
%%cve:2019-0561%% No No Less Likely Less Likely Important    
Microsoft Word Remote Code Execution Vulnerability
%%cve:2019-0585%% No No Less Likely Less Likely Important    
Microsoft XmlDocument Elevation of Privilege Vulnerability
%%cve:2019-0555%% No No More Likely More Likely Important 7.0 6.3
Skype for Android Elevation of Privilege Vulnerability
%%cve:2019-0622%% No No Less Likely Less Likely Moderate    
Visual Studio Remote Code Execution Vulnerability
%%cve:2019-0546%% No No Less Likely Less Likely Moderate    
Windows COM Elevation of Privilege Vulnerability
%%cve:2019-0552%% No No More Likely More Likely Important 7.0 6.3
Windows DHCP Client Remote Code Execution Vulnerability
%%cve:2019-0547%% No No Critical 9.8 8.8
Windows Data Sharing Service Elevation of Privilege Vulnerability
%%cve:2019-0571%% No No Less Likely Less Likely Important 7.8 7.8
%%cve:2019-0572%% No No More Likely More Likely Important 7.8 7.8
%%cve:2019-0573%% No No More Likely More Likely Important 7.8 7.8
%%cve:2019-0574%% No No More Likely More Likely Important 7.8 7.8
Windows Hyper-V Remote Code Execution Vulnerability
%%cve:2019-0550%% No No Less Likely Less Likely Critical 7.6 6.8
%%cve:2019-0551%% No No Less Likely Less Likely Critical 7.6 6.8
Windows Kernel Information Disclosure Vulnerability
%%cve:2019-0536%% No No Less Likely Less Likely Important 4.7 4.2
%%cve:2019-0549%% No No Less Likely Less Likely Important 4.7 4.2
%%cve:2019-0554%% No No Less Likely Less Likely Important 4.7 4.2
%%cve:2019-0569%% No No More Likely More Likely Important 5.5 5.5
Windows Runtime Elevation of Privilege Vulnerability
%%cve:2019-0570%% No No Less Likely Less Likely Important 7.8 7.8
Windows Subsystem for Linux Information Disclosure Vulnerability
%%cve:2019-0553%% No No Less Likely Less Likely Important 4.7 4.2


Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Leave a Reply