Ratheesh PMSr Threat Analysis Engineer
Posted: 22 Min ReadThreat Intelligence

Microsoft Patch Tuesday – February 2019

This month the vendor has patched 74 vulnerabilities, 20 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the February 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

 

This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • ChakraCore
  • Microsoft Office
  • Microsoft Exchange
  • Microsoft Windows
  • Jet Database Engine
  • Microsoft .NET
  • Visual Studio
  • Windows Hyper-V
  • Access Connectivity Engine
  • Azure IoT Java SDK
  • Team Foundation Server

 

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for Microsoft Browsers

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0590) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0591) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0593) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0605) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Internet Explorer Memory Corruption Vulnerability (CVE-2019-0606) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0607) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0634) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0640) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0642) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0644) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0645) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0650) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0651) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0652) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0655) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0610) MS Rating: Important

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0648) MS Rating: Important

    An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object was created. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0649) MS Rating: Important

    A vulnerability exists in Microsoft Chakra JIT server. An attacker who successfully exploited this vulnerability could gain elevated privileges. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Browser Spoofing Vulnerability (CVE-2019-0654) MS Rating: Important

    A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Information Disclosure Vulnerability (CVE-2019-0658) MS Rating: Important

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user system. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Internet Explorer Information Disclosure Vulnerability (CVE-2019-0676) MS Rating: Important

    An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Security Bypass Vulnerability (CVE-2019-0641) MS Rating: Moderate

    A security bypass vulnerability exists in Microsoft Edge handles whitelisting. Edge depends on a default whitelist of sites where Adobe Flash will load without user interaction. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Information Disclosure Vulnerability (CVE-2019-0643) MS Rating: Moderate

    An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all webpages in the affected browser. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

  2. Cumulative Security Update for Microsoft Office

    Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0594) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

     

    Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604) MS Rating: Critical

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

     

    Microsoft Office Security Bypass Vulnerability (CVE-2019-0540) MS Rating: Important

    A security bypass vulnerability exists when Microsoft Office does not validate URLs. An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials.

     

    Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2019-0668) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Excel Information Disclosure Vulnerability (CVE-2019-0669) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.

     

    Microsoft SharePoint Spoofing Vulnerability (CVE-2019-0670) MS Rating: Moderate

    A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website.

     

    Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0671) MS Rating: Important

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

    Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0672) MS Rating: Important

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

    Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0673) MS Rating: Important

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

    Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0674) MS Rating: Important

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

    Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0675) MS Rating: Important

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

  3. Cumulative Security Update for Microsoft Exchange

    Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2019-0686) MS Rating: Important

    A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

     

    Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2019-0724) MS Rating: Important

    A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

     

  4. Cumulative Security Update for Microsoft Windows Kernel

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-0621) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system.

     

    Win32k Privilege Escalation Vulnerability (CVE-2019-0623) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Win32k Information Disclosure Vulnerability (CVE-2019-0628) MS Rating: Important

    An information disclosure vulnerability exists when the Win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user system.

     

    Windows Kernel Privilege Escalation Vulnerability (CVE-2019-0656) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-0661) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user system.

     

  5. Cumulative Security Update for Microsoft Windows

    GDI+ Remote Code Execution Vulnerability (CVE-2019-0618) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0626) MS Rating: Critical

    A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited this vulnerability could run arbitrary code on the DHCP server.

     

    GDI+ Remote Code Execution Vulnerability (CVE-2019-0662) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    HID Information Disclosure Vulnerability (CVE-2019-0600) MS Rating: Important

    An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victim system.

     

    HID Information Disclosure Vulnerability (CVE-2019-0601) MS Rating: Important

    An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victim system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-0602) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-0615) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-0616) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-0619) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user system.

     

    Windows Security Bypass Vulnerability (CVE-2019-0627) MS Rating: Important

    A security bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

     

    Windows SMB Remote Code Execution Vulnerability (CVE-2019-0630) MS Rating: Important

    A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests.

     

    Windows Security Bypass Vulnerability (CVE-2019-0631) MS Rating: Important

    A security bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

     

    Windows Security Bypass Vulnerability (CVE-2019-0632) MS Rating: Important

    A security bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

     

    Windows SMB Remote Code Execution Vulnerability (CVE-2019-0633) MS Rating: Important

    A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests.

     

    Windows Information Disclosure Vulnerability (CVE-2019-0636) MS Rating: Important

    An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.

     

    Windows Defender Firewall Security Bypass Vulnerability (CVE-2019-0637) MS Rating: Important

    A security bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections. This vulnerability occurs when Windows is connected to both an Ethernet network and a cellular network.

     

    Windows Storage Service Privilege Escalation Vulnerability (CVE-2019-0659) MS Rating: Important

    A privilege escalation vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-0660) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-0664) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user system.

     

  6. Security Update for Jet Database Engine

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0595) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0596) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0597) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0598) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0599) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0625) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

  7. Security Update for Microsoft .NET

    .NET Framework Remote Code Execution Vulnerability (CVE-2019-0613) MS Rating: Important

    A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.

     

    .NET Spoofing Vulnerability (CVE-2019-0657) MS Rating: Important

    A vulnerability exists in certain .NET Framework APIs and Visual Studio in the way they parse URLs.

     

  8. Security Update for Visual Studio

    Visual Studio Code Remote Code Execution Vulnerability (CVE-2019-0728) MS Rating: Important

    A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

  9. Security Update for Team Foundation Server

    Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0742) MS Rating: Important

    A Cross-site Scripting (CSS) vulnerability exists when Team Foundation Server does not properly sanitize user-provided input.

     

    Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0743) MS Rating: Important

    A Cross-site Scripting (CSS) vulnerability exists when Team Foundation Server does not properly sanitize user-provided input.

     

  10. Security Update for Microsoft Windows Hyper-V

    Windows Hyper-V Information Disclosure Vulnerability (CVE-2019-0635) MS Rating: Important

    An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

     

  11. Security Update for Azure IoT Java SDK

    Azure IoT Java SDK Privilege Escalation Vulnerability (CVE-2019-0729) MS Rating: Important

    A privilege escalation vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key.

     

    Azure IoT Java SDK Information Disclosure Vulnerability (CVE-2019-0741) MS Rating: Important

    An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information. An attacker can exploit this vulnerability if a user has exposed the logs on the internet and can use this information to compromise the device.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Ratheesh PM

Sr Threat Analysis Engineer

Ratheesh is a member of Symantec's Cyber Security Services organization which provides round-the-clock monitoring and protection services against cyber attacks.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.