Iguatemi Business 3 andar, sala 302
22 de Janeiro de 2019 | Postagem realizada por : Pro IT Cloud Solutions

Microsoft January 2019 patch tuesday includes 51 security updates


Today is Microsoft's January 2019 Patch Tuesday, which means it is first time in 2019 that you get to update Windows!  Included in this month's security updates is a Critical update that was publicly exposed, so it is important that you install all available updates as soon as possible to protect your computer.

With the release of the the January security updates, Microsoft has fixed 51 vulnerabilities, including Adobe Flash Player and Servicing Stack Updates (SSU), with 7 of them being labeled as Critical.
For information about the non-security Windows updates, you can read about today's Windows 10 Cumulative Updates.


Interesting vulnerabilities from the Jan 2019 updates

DHCP vulnerability 

A vulnerability (CVE-2019-0547) was discovered internally by Mitch Adair of the Microsoft Windows Enterprise Security Team, that could allow an attacker to send a specially crafted DHCP response to a client in order to perform arbitrary code execution on the client.

"A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. To exploit the vulnerability, an attacker could send a specially crafted DHCP responses to a client."

Two Windows Hyper-V vulnerabilities that can execute code on the host

This Patch Tuesday included security updates that fix two vulnerabilities (CVE-2019-0550 & CVE-2019-0551) in Hyper-V that could allow malware on the guest to execute code on the host operating system.

"To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code."

This is particularly scary for researchers who use Hyper-V to analyze malware samples.

Skype for Android vuln could bypass lock screen

A vulnerability in Skype for Android (CVE-2019-0622) was fixed that could have allowed attackers who had physical access to an Android device to bypass the lock screen.

This would allow them gain access to the victim's personal information.

Jet Database Engine RCE vulnerability publicly disclosed

According to Microsoft, a Jet Database Engine RCE vulnerability (CVE-2019-0579) was publicly disclosed but is not known to be actively exploited in the wild.

According to Mitja Kolsek, CEO of ACROS Security & Co-founder of 0patch, this could be the vulnerability publicly disclosed by Zero Day Initiative, but which had a incomplete security update by Microsoft. After discovering the imperfect update, Kolsek's team released a micropatch to correct it.

Critical Vulnerabilities fixed in the January 2019 Patch Tuesday updates

This Patch Tuesday fixes 7 Critical security vulnerabilities in Microsoft products. These vulnerabilities are the most dangerous as they could allow a remote attacker to execute commands on a vulnerable computer and essentially take full control over it.

Of the 7 Critical vulnerabilities, 3 were for the Chakra Scripting Engine, which we commonly see in these write ups,  2 are for Windows Hyper-V, one and each for the Windows DHCP Client and Microsoft Edge.

CVE-2019-0539 - Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.

CVE-2019-0547 - Windows DHCP Client Remote Code Execution Vulnerability

As explained above, this vulnerability allows an attacker to send a specially crafted DHCP response back to the client to perform arbitrary code execution.

CVE-2019-0550 - Windows Hyper-V Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.

CVE-2019-0551 - Windows Hyper-V Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.

CVE-2019-0565 - Microsoft Edge Memory Corruption Vulnerability

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability.

CVE-2019-0567 - Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.

CVE-2019-0568 - Chakra Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements.

The January 2019 Patch Tuesday Security Updates

Below is the full list of vulnerabilities resolved by the January 2019 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.



TagCVE IDCVE Title
.NET FrameworkCVE-2019-0545.NET Framework Information Disclosure Vulnerability
Adobe Flash PlayerADV190001January 2019 Adobe Flash Update
Android AppCVE-2019-0622Skype for Android Elevation of Privilege Vulnerability
ASP.NETCVE-2019-0548ASP.NET Core Denial of Service Vulnerability
ASP.NETCVE-2019-0564ASP.NET Core Denial of Service Vulnerability
Internet ExplorerCVE-2019-0541MSHTML Engine Remote Code Execution Vulnerability
Microsoft EdgeCVE-2019-0565Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2019-0566Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Exchange ServerCVE-2019-0586Microsoft Exchange Memory Corruption RCE Vulnerability
Microsoft Exchange ServerCVE-2019-0588Microsoft Exchange Information Disclosure Vulnerability
Microsoft JET Database EngineCVE-2019-0576Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0538Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0575Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0577Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0582Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0583Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0584Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0581Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0578Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0579Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0580Jet Database Engine Remote Code Execution Vulnerability
Microsoft OfficeCVE-2019-0560Microsoft Office Information Disclosure Vulnerability
Microsoft OfficeCVE-2019-0561Microsoft Word Information Disclosure Vulnerability
Microsoft OfficeCVE-2019-0585Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2019-0559Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office SharePointCVE-2019-0562Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2019-0556Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2019-0558Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2019-0557Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting EngineCVE-2019-0568Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0567Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0539Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft WindowsCVE-2019-0574Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0573Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0571Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0572Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0543Microsoft Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0570Windows Runtime Elevation of Privilege Vulnerability
Microsoft XMLCVE-2019-0555Microsoft XmlDocument Elevation of Privilege Vulnerability
Servicing Stack UpdatesADV990001Latest Servicing Stack Updates
Visual StudioCVE-2019-0537Microsoft Visual Studio Information Disclosure Vulnerability
Visual StudioCVE-2019-0546Visual Studio Remote Code Execution Vulnerability
Windows COMCVE-2019-0552Windows COM Elevation of Privilege Vulnerability
Windows DHCP ClientCVE-2019-0547Windows DHCP Client Remote Code Execution Vulnerability
Windows Hyper-VCVE-2019-0550Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-VCVE-2019-0551Windows Hyper-V Remote Code Execution Vulnerability
Windows KernelCVE-2019-0569Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2019-0536Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2019-0554Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2019-0549Windows Kernel Information Disclosure Vulnerability
Windows Subsystem for LinuxCVE-2019-0553

Windows Subsystem for Linux Information Disclosure Vulnerability


Fonte: https://www.bleepingcomputer.com

Deixe o seu comentário