Posted: 15 Min Read Threat Intelligence

Microsoft Patch Tuesday – January 2019

This month the vendor has patched 49 vulnerabilities, 7 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.


Microsoft's summary of the January 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance


This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • ChakraCore
  • Microsoft Office
  • Microsoft Exchange
  • Microsoft Windows
  • Jet Database Engine
  • Microsoft ASP.NET
  • Visual Studio
  • Skype for Android

     

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for Microsoft Browsers

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit the vulnerability to corrupt memory and execute arbitrary code in the context of the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0567) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit the vulnerability to corrupt memory and execute arbitrary code in the context of the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit the vulnerability to corrupt memory and execute arbitrary code in the context of the current user.

     

    Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0565) MS Rating: Critical

    A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. An attacker can exploit the vulnerability to corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

     

    Microsoft Edge Privilege Escalation Vulnerability (CVE-2019-0566) MS Rating: Important

    A privilege escalation vulnerability exists in the Microsoft Edge Browser Broker COM object. An attacker can exploit the vulnerability to use the Browser Broker COM object to elevate privileges on an affected system.

     

    Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541) MS Rating: Important

    A remote code execution vulnerability exists in the way that Internet Explorer (IE) improperly validates input. An attacker could execute arbitrary code in the context of the current user.

     

  2. Cumulative Security Update for Microsoft Office

    Microsoft XmlDocument Privilege Escalation Vulnerability (CVE-2019-0555) MS Rating: Important

    A privilege escalation vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker can exploit this vulnerability to gain elevated privileges and break out of the Edge AppContainer sandbox.

     

    Microsoft Office SharePoint XSS Vulnerability (CVE-2019-0556) MS Rating: Important

    A cross-site scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Office SharePoint XSS Vulnerability (CVE-2019-0557) MS Rating: Important

    A cross-site scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Office SharePoint XSS Vulnerability (CVE-2019-0558) MS Rating: Important

    A cross-site scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Outlook Information Disclosure Vulnerability (CVE-2019-0559) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages. An attacker can exploit this vulnerability to gather information about the victim.

     

    Microsoft Office Information Disclosure Vulnerability (CVE-2019-0560) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker can exploit the vulnerability to use the information to compromise the user's computer or data.

     

    Microsoft Word Information Disclosure Vulnerability (CVE-2019-0561) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly. An attacker can exploit this vulnerability to read arbitrary files from a targeted system.

     

    Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2019-0562) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Word Remote Code Execution Vulnerability (CVE-2019-0585) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker can exploit the vulnerability to use a specially crafted file to perform actions in the security context of the current user.

     

  3. Cumulative Security Update for Microsoft Exchange

    Microsoft Exchange Memory Corruption Vulnerability (CVE-2019-0586) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker can exploit the vulnerability to run arbitrary code in the context of the System user.

     

    Microsoft Exchange Information Disclosure Vulnerability (CVE-2019-0588) MS Rating: Important

    An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended. To exploit this vulnerability, an attacker would need to be granted contributor access to an Exchange Calendar by an administrator via PowerShell.

     

  4. Cumulative Security Update for Microsoft Windows Kernel

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-0536) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-0549) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-0554) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-0569) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.

     

  5. Cumulative Security Update for Microsoft Windows

    Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-0550) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

     

    Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-0551) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

     

    Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0547) MS Rating: Critical

    A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker can exploit the vulnerability to run arbitrary code on the client machine.

     

    Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-0543) MS Rating: Important

    A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker can exploit this vulnerability to run processes in an elevated context.

     

    Windows COM Privilege Escalation Vulnerability (CVE-2019-0552) MS Rating: Important

    A privilege escalation exists in Windows COM Desktop Broker. An attacker can exploit the vulnerability to run arbitrary code with elevated privileges.

     

    Windows Subsystem for Linux Information Disclosure Vulnerability (CVE-2019-0553) MS Rating: Important

    An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.

     

    Windows Runtime Privilege Escalation Vulnerability (CVE-2019-0570) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker can exploit this vulnerability to run arbitrary code in an elevated context.

     

    Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2019-0571) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker can exploit this vulnerability to run processes in an elevated context.

     

    Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2019-0572) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker can exploit this vulnerability to run processes in an elevated context.

     

    Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2019-0573) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker can exploit this vulnerability to run processes in an elevated context.

     

    Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2019-0574) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker can exploit this vulnerability to run processes in an elevated context.

     

  6. Security Update for Jet Database Engine

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0538) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0575) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0576) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0577) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0578) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0579) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0580) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0581) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0582) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0583) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0584) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.

     

  7. Security Update for Microsoft ASP.NET

    ASP.NET Information Disclosure Vulnerability (CVE-2019-0545) MS Rating: Important

    An information disclosure vulnerability exists in ASP.NET and ASP.NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker can exploit the vulnerability to retrieve content, which is normally restricted, from a web application.

     

    ASP.NET Core Denial of Service Vulnerability (CVE-2019-0548) MS Rating: Important

    A denial-of-service (DoS) vulnerability exists when ASP.NET Core improperly handles web requests. An attacker can exploit this vulnerability by issuing specially crafted requests to the .NET Core application to cause a denial of service against an ASP.NET Core web application.

     

    ASP.NET Core Denial of Service Vulnerability (CVE-2019-0564) MS Rating: Important

    A denial-of-service (DoS) vulnerability exists when ASP.NET Core improperly handles web requests. An attacker can exploit this vulnerability by issuing specially crafted requests to the .NET Core application to cause a denial of service against an ASP.NET Core web application.

     

  8. Security Update for Visual Studio

    Microsoft Visual Studio Information Disclosure Vulnerability (CVE-2019-0537) MS Rating: Important

    An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file. An attacker can exploit this vulnerability by tricking a user into opening a malicious .vscontent file using a vulnerable version of Visual Studio to view arbitrary file contents from the computer where the victim launched Visual Studio.

     

    Visual Studio Remote Code Execution Vulnerability (CVE-2019-0546) MS Rating: Moderate

    A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project. An attacker can exploit the vulnerability to run arbitrary code in the context of the current user.

     

  9. Security Update for Skype for Android

    Skype for Android Elevation of Privilege Vulnerability (CVE-2019-0622) MS Rating: Moderate

    A privilege escalation vulnerability exists when Skype for Android fails to properly handle specific authentication requests. An attacker with physical access to the phone can exploit this vulnerability to bypass Android's lockscreen and access a victim's personal information.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Himanshu Mehta

Senior Threat Analysis Engineer

Himanshu is a senior member of Symantec's Cyber Security Services organization. An active contributor to numerous security communities, he frequently provides insight on vulnerabilities and shares his knowledge by writing reports, blogs, and journals.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.