January 17, 2021

TerabitWeb Blog

Fascinating Technology and Security Information

Microsoft January 2019 Patch Tuesday updates fix 7 critical vulnerabilities

5 min read

Original post from Security Affairs by Pierluigi Paganini

Microsoft has released the
January 2019 Patch Tuesday updates that address 51 vulnerabilities in Windows OSs and other products.

Microsoft has released Microsoft January 2019 Patch Tuesday that solve 51 vulnerabilities in Windows operating system and in the following solutions:

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Framework
  • ASP.NET
  • Microsoft Exchange Server
  • Microsoft Visual Studio
Microsoft January 2019 Patch Tuesday

A close look at the list of issues addressed with the Microsoft January 2019 Patch Tuesday reveals that 7 flaws are rated critical, none was exploited in attacks in the wild.

The vulnerabilities rated as critical could be exploited by attackers for remote code execution, most of them affect Windows 10 and Server editions.

Three out of seven critical issues affect the ChakraCore scripting engine in the Edge browser, two affect Microsoft’s Hyper-V server virtualization environment, one impacts Edge, and one affects the Windows DHCP client.

The CVE-2019-0547 vulnerability resides in the Mitch Adair of the Microsoft Windows Enterprise Security Team, it could be exploited by an attacker to send a specially crafted DHCP response to a client in order to perform arbitrary code execution.

“A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.” reads the security advisory.

“To exploit the vulnerability, an attacker could send a specially crafted DHCP responses to a client. The security update addresses the vulnerability by correcting how Windows DHCP clients handle certain DHCP responses.”

Other two Windows Hyper-V vulnerabilities (CVE-2019-0550 & CVE-2019-0551) can lead to remotely execute code on the host.

“A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system.” reads the security advisory related to the
CVE-2019-055 issue. “To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.”

Only one of the issues addressed with Microsoft January 2019 Patch Tuesday that resides in the Microsoft JET Database Engine was publicly known, but it was not exploited in the wild.
The flaw tracked as CVE-2019-0579 and rated as important could be exploited to execute arbitrary code on a target’s system by tricking users into opening a specially-crafted file.

The tech giant also fixed a vulnerability in Skype for Android (CVE-2019-0622) that could have allowed a local attacker with physical access to an Android device to bypass the lock screen and potentially expose victim’s data.

Below there is the full list of vulnerabilities addressed by the Microsoft January 2019 Patch Tuesday.

Tag CVE ID CVE Title
.NET Framework CVE-2019-0545 .NET Framework Information Disclosure Vulnerability
Adobe Flash Player ADV190001 January 2019 Adobe Flash Update
Android App CVE-2019-0622 Skype for Android Elevation of Privilege Vulnerability
ASP.NET CVE-2019-0548 ASP.NET Core Denial of Service Vulnerability
ASP.NET CVE-2019-0564 ASP.NET Core Denial of Service Vulnerability
Internet Explorer CVE-2019-0541 MSHTML Engine Remote Code Execution Vulnerability
Microsoft Edge CVE-2019-0565 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2019-0566 Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Exchange Server CVE-2019-0586 Microsoft Exchange Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2019-0588 Microsoft Exchange Information Disclosure Vulnerability
Microsoft JET Database Engine CVE-2019-0576 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0538 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0575 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0577 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0582 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0583 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0584 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0581 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0578 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0579 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0580 Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0560 Microsoft Office Information Disclosure Vulnerability
Microsoft Office CVE-2019-0561 Microsoft Word Information Disclosure Vulnerability
Microsoft Office CVE-2019-0585 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0559 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2019-0562 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2019-0556 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2019-0558 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2019-0557 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2019-0568 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0567 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0539 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2019-0574 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0573 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0571 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0572 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0543 Microsoft Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0570 Windows Runtime Elevation of Privilege Vulnerability
Microsoft XML CVE-2019-0555 Microsoft XmlDocument Elevation of Privilege Vulnerability
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Visual Studio CVE-2019-0537 Microsoft Visual Studio Information Disclosure Vulnerability
Visual Studio CVE-2019-0546 Visual Studio Remote Code Execution Vulnerability
Windows COM CVE-2019-0552 Windows COM Elevation of Privilege Vulnerability
Windows DHCP Client CVE-2019-0547 Windows DHCP Client Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-0550 Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-0551 Windows Hyper-V Remote Code Execution Vulnerability
Windows Kernel CVE-2019-0569 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0536 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0554 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0549 Windows Kernel Information Disclosure Vulnerability
Windows Subsystem for Linux CVE-2019-0553 Windows Subsystem for Linux Information Disclosure Vulnerability


Pierluigi Paganini

(SecurityAffairs –  Cybersecurity, Microsoft January 2019 Patch Tuesday)

The post Microsoft January 2019 Patch Tuesday updates fix 7 critical vulnerabilities appeared first on Security Affairs.


Go to Source
Author: Pierluigi Paganini

Copyright © All rights reserved. | Newsphere by AF themes.