Microsoft January 2019 Patch Tuesday updates fix 7 critical vulnerabilities
Microsoft has released the January 2019 Patch Tuesday updates that address 51 vulnerabilities in Windows OSs and other products.
Microsoft has released Microsoft January 2019 Patch Tuesday that solve 51 vulnerabilities in Windows operating system and in the following solutions:
- Adobe Flash Player
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
ChakraCore - .NET Framework
- ASP.NET
- Microsoft Exchange Server
- Microsoft Visual Studio
A close look at the list of issues addressed with the Microsoft January 2019 Patch Tuesday reveals that 7 flaws are rated critical, none was exploited in attacks in the wild.
The vulnerabilities rated as critical could be exploited by attackers for remote code execution, most of them affect Windows 10 and Server editions.
Three out of seven critical issues affect the
The CVE-2019-0547 vulnerability resides in the Mitch Adair of the Microsoft Windows Enterprise Security Team, it could be exploited by an attacker to send a specially crafted DHCP response to a client in order to perform arbitrary code execution.
“A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.” reads the security
“To exploit the vulnerability, an attacker could send
Other two Windows Hyper-V vulnerabilities (CVE-2019-0550 & CVE-2019-0551) can lead to remotely execute code on the host.
“A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.” reads the security advisory related to the
CVE-2019-055 issue. “To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.”
Only one of the issues addressed with Microsoft January 2019 Patch Tuesday that resides in the Microsoft JET Database Engine was publicly known, but it was not exploited in the wild.
The flaw tracked as CVE-2019-0579 and rated as important could be exploited to execute arbitrary code on a target’s system by tricking users into opening a specially-crafted file.
The tech giant also fixed a vulnerability in Skype for Android (CVE-2019-0622) that could have allowed a local attacker with physical access to an Android device to bypass the lock screen and potentially expose victim’s data.
Below there is the full list of vulnerabilities addressed by the Microsoft January 2019 Patch Tuesday.
| Tag | CVE ID | CVE Title |
|---|---|---|
| .NET Framework | CVE-2019-0545 | .NET Framework Information Disclosure Vulnerability |
| Adobe Flash Player | ADV190001 | January 2019 Adobe Flash Update |
| Android App | CVE-2019-0622 | Skype for Android Elevation of Privilege Vulnerability |
| ASP.NET | CVE-2019-0548 | ASP.NET Core Denial of Service Vulnerability |
| ASP.NET | CVE-2019-0564 | ASP.NET Core Denial of Service Vulnerability |
| Internet Explorer | CVE-2019-0541 | MSHTML Engine Remote Code Execution Vulnerability |
| Microsoft Edge | CVE-2019-0565 | Microsoft Edge Memory Corruption Vulnerability |
| Microsoft Edge | CVE-2019-0566 | Microsoft Edge Elevation of Privilege Vulnerability |
| Microsoft Exchange Server | CVE-2019-0586 | Microsoft Exchange Memory Corruption Vulnerability |
| Microsoft Exchange Server | CVE-2019-0588 | Microsoft Exchange Information Disclosure Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0576 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0538 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0575 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0577 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0582 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0583 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0584 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0581 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0578 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0579 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft JET Database Engine | CVE-2019-0580 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0560 | Microsoft Office Information Disclosure Vulnerability |
| Microsoft Office | CVE-2019-0561 | Microsoft Word Information Disclosure Vulnerability |
| Microsoft Office | CVE-2019-0585 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-0559 | Microsoft Outlook Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0562 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0556 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0558 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Office SharePoint | CVE-2019-0557 | Microsoft Office SharePoint XSS Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0568 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0567 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-0539 | Chakra Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows | CVE-2019-0574 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0573 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0571 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0572 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0543 | Microsoft Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-0570 | Windows Runtime Elevation of Privilege Vulnerability |
| Microsoft XML | CVE-2019-0555 | Microsoft XmlDocument Elevation of Privilege Vulnerability |
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
| Visual Studio | CVE-2019-0537 | Microsoft Visual Studio Information Disclosure Vulnerability |
| Visual Studio | CVE-2019-0546 | Visual Studio Remote Code Execution Vulnerability |
| Windows COM | CVE-2019-0552 | Windows COM Elevation of Privilege Vulnerability |
| Windows DHCP Client | CVE-2019-0547 | Windows DHCP Client Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2019-0550 | Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2019-0551 | Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Kernel | CVE-2019-0569 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2019-0536 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2019-0554 | Windows Kernel Information Disclosure Vulnerability |
| Windows Kernel | CVE-2019-0549 | Windows Kernel Information Disclosure Vulnerability |
| Windows Subsystem for Linux | CVE-2019-0553 | Windows Subsystem for Linux Information Disclosure Vulnerability |
|
|
(SecurityAffairs – Cybersecurity, Microsoft January 2019 Patch Tuesday)
The post Microsoft January 2019 Patch Tuesday updates fix 7 critical vulnerabilities appeared first on Security Affairs.
