Patch Tuesday


Today is Microsoft’s February 2019 Patch Tuesday, which means it is time to get those security updates installed. Included in this month’s security updates is one for an actively exploited Internet Explorer vulnerability and another remote code execution vulnerability in DHCP.

With the release of the the February security updates, Microsoft has fixed 70 vulnerabilities, with 18 being classified as Critical. These updates include fixes for zero-day vulnerabilities in Adobe Flash Player and Servicing Stack Updates (SSU).

For information about the non-security Windows updates, you can read about today’s Windows 10 Cumulative Updates.

All users should install these security updates as soon as possible to protect your computers from security risks.

Fix for Exchange PrivExchange vuln released

Microsoft has released a fix for the Microsoft Exchange ‘PrivExchange‘ vulnerability. This vulnerability exploits a bug in Exchange Web Services (EWS) push notifications to elevate privileges to administrator level on the exploited server.

To resolve this vulnerability, Microsoft has changed how push notifications are sent out via EWS.

“Microsoft has changed the notifications contract that is established between EWS clients and servers that are running Exchange Server not to allow authenticated notifications to be streamed by the server. Instead, these notifications are streamed by using anonymous authentication mechanisms.”

You can read more about this security update in our dedicated Microsoft Patches PrivExchange Vulnerability in February Quarterly Updates article.

Fix for actively exploited IE vulnerability

Microsoft has released an information disclosure vulnerability in Internet Explorer that has been discovered being actively exploited in the wild. It is not known who and how this vulnerability was being exploited.

This vulnerability could be exploited by a user browsing to a web site that hosted a maliciously crafted web page. Once exploited, an attacker could test for the existence of files on the victim’s hard drives.

This vulnerability was discovered Google Project Zero and assigned the CVE-2019-0676 ID.

Interesting vulnerabilities from the Feb 2019 updates

SMBv2 Remote Code Execution vulnerability

Microsoft released an update that fixes a remote code execution in SMBv2 (CVE-2019-0630) that could allow an authenticated user to perform remote code execution on another computer. This vulnerability can be exploited by sending a specially crafted packet to a targeted SMBv2 server.

DHCP vulnerability 

Microsoft released a security update for another Critical DHCP vulnerability (CVE-2019-0626) this month that could allow an attacker to send a specially crafted packet to a DHCP server. If successful it would allow the attacker to perform remote code execution on the exploited server.

“A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server.

To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server.

The security update addresses the vulnerability by correcting how DHCP servers handle network packets.”

The February 2019 Patch Tuesday Security Updates

Below is the full list of vulnerabilities resolved by the February 2019 Patch Tuesday updates.

CVE Title CVE ID Severity
Guidance to mitigate unconstrained delegation vulnerabilities ADV190006 None
Microsoft Office Security Feature Bypass Vulnerability CVE-2019-0540 Important
Scripting Engine Memory Corruption Vulnerability CVE-2019-0590 Critical
Scripting Engine Memory Corruption Vulnerability CVE-2019-0591 Critical
Scripting Engine Memory Corruption Vulnerability CVE-2019-0593 Critical
Microsoft SharePoint Remote Code Execution Vulnerability CVE-2019-0594 Critical
Jet Database Engine Remote Code Execution Vulnerability CVE-2019-0595 Important
Jet Database Engine Remote Code Execution Vulnerability CVE-2019-0596 Important
Jet Database Engine Remote Code Execution Vulnerability CVE-2019-0597 Important
Jet Database Engine Remote Code Execution Vulnerability CVE-2019-0598 Important
Jet Database Engine Remote Code Execution Vulnerability CVE-2019-0599 Important
HID Information Disclosure Vulnerability CVE-2019-0600 Important
HID Information Disclosure Vulnerability CVE-2019-0601 Important
Windows GDI Information Disclosure Vulnerability CVE-2019-0602 Important
Microsoft SharePoint Remote Code Execution Vulnerability CVE-2019-0604 Critical
Scripting Engine Memory Corruption Vulnerability CVE-2019-0605 Critical
Internet Explorer Memory Corruption Vulnerability CVE-2019-0606 Critical
Scripting Engine Memory Corruption Vulnerability CVE-2019-0607 Critical
Scripting Engine Memory Corruption Vulnerability CVE-2019-0610 Important
.NET Framework and Visual Studio Remote Code Execution Vulnerability CVE-2019-0613 Important
Windows GDI Information Disclosure Vulnerability CVE-2019-0615 Important
Windows GDI Information Disclosure Vulnerability CVE-2019-0616 Important
GDI+ Remote Code Execution Vulnerability CVE-2019-0618 Critical
Windows GDI Information Disclosure Vulnerability CVE-2019-0619 Important
Windows Kernel Information Disclosure Vulnerability CVE-2019-0621 Important
Win32k Elevation of Privilege Vulnerability CVE-2019-0623 Important
Jet Database Engine Remote Code Execution Vulnerability CVE-2019-0625 Important
Windows DHCP Server Remote Code Execution Vulnerability CVE-2019-0626 Critical
Windows Security Feature Bypass Vulnerability CVE-2019-0627 Important
Win32k Information Disclosure Vulnerability CVE-2019-0628 Important
Windows SMB Remote Code Execution Vulnerability CVE-2019-0630 Important
Windows Security Feature Bypass Vulnerability CVE-2019-0631 Important
Windows Security Feature Bypass Vulnerability CVE-2019-0632 Important
Windows SMB Remote Code Execution Vulnerability CVE-2019-0633 Important
Windows Hyper-V Information Disclosure Vulnerability CVE-2019-0635 Important
Scripting Engine Memory Corruption Vulnerability CVE-2019-0640 Critical
Microsoft Edge Security Feature Bypass Vulnerability CVE-2019-0641 Moderate
Scripting Engine Memory Corruption Vulnerability CVE-2019-0642 Critical
Microsoft Edge Information Disclosure Vulnerability CVE-2019-0643 Moderate
Microsoft Edge Memory Corruption Vulnerability CVE-2019-0645 Critical
Scripting Engine Information Disclosure Vulnerability CVE-2019-0648 Important
Scripting Engine Elevation of Privileged Vulnerability CVE-2019-0649 Important
Microsoft Edge Memory Corruption Vulnerability CVE-2019-0650 Critical
Scripting Engine Memory Corruption Vulnerability CVE-2019-0651 Critical
Scripting Engine Memory Corruption Vulnerability CVE-2019-0652 Critical
Microsoft Browser Spoofing Vulnerability CVE-2019-0654 Important
Scripting Engine Memory Corruption Vulnerability CVE-2019-0655 Critical
Windows Kernel Elevation of Privilege Vulnerability CVE-2019-0656 Important
.NET Framework and Visual Studio Spoofing Vulnerability CVE-2019-0657 Important
Scripting Engine Information Disclosure Vulnerability CVE-2019-0658 Important
Windows Storage Service Elevation of Privilege Vulnerability CVE-2019-0659 Important
Windows GDI Information Disclosure Vulnerability CVE-2019-0660 Important
Windows Kernel Information Disclosure Vulnerability CVE-2019-0661 Important
GDI+ Remote Code Execution Vulnerability CVE-2019-0662 Critical
Windows GDI Information Disclosure Vulnerability CVE-2019-0664 Important
Microsoft SharePoint Elevation of Privilege Vulnerability CVE-2019-0668 Important
Microsoft Excel Information Disclosure Vulnerability CVE-2019-0669 Important
Microsoft SharePoint Spoofing Vulnerability CVE-2019-0670 Moderate
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability CVE-2019-0671 Important
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability CVE-2019-0672 Important
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability CVE-2019-0673 Important
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability CVE-2019-0674 Important
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability CVE-2019-0675 Important
Internet Explorer Information Disclosure Vulnerability CVE-2019-0676 Important
Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2019-0686 Important
Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2019-0724 Important
Visual Studio Code Remote Code Execution Vulnerability CVE-2019-0728 Important
Azure IoT Java SDK Elevation of Privilege Vulnerability CVE-2019-0729 Important
Azure IoT Java SDK Information Disclosure Vulnerability CVE-2019-0741 Important
Team Foundation Server Cross-site Scripting Vulnerability CVE-2019-0742 Important
Team Foundation Server Cross-site Scripting Vulnerability CVE-2019-0743 Important



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here