Microsoft released its monthly set of security updates to address the vulnerabilities in its products today. The number of vulnerabilities reported each month has come up again after the dip from last October. There are 77 vulnerabilities reported with 20 CVEs rated critical and 51 CVEs rated important. These updates have addressed the issues in Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, Microsoft Exchange Server, Microsoft Visual Studio, Azure IoT SDK, Microsoft Dynamics, etc. It is interesting to note that 37 vulnerabilities lead to remote code execution alone with 20 of them rated critical.


Have a dekko at the IE Zero Day!

CVE-2019-0676 is a zero-day bug in the Internet Explorer 11 that was reported by Clement Lecigne of Google’s Threat Analysis Group. This is an in-the-wild Information Disclosure vulnerability that allows unauthorized access to the file system. The flaw exists due to the improper handling of objects in memory. But, a user has to be persuaded to visit a malicious website for the vulnerability to be successfully exploited. There have been no reports of nation state or targeted attacks using this vulnerability. But looking at the pattern with the old bugs related to Internet Explorer, it is highly likely that this vulnerability would hit the headlines in the future.

Publicly disclosed Vulnerabilities:

  • CVE-2019-0636 : This is an information disclosure vulnerability in Windows which exists due to improper disclosure of file information. An attacker who is logged on to an affected system can read the contents of files on disk by running a specially crafted application.
  • CVE-2019-0686 : This is an elevation of privilege vulnerability in Microsoft Exchange Server. The flaw exists in the communication between Exchange Web Services clients and Exchange Severs. Microsoft explains that authentication requests can be forwarded to a Microsoft Exchange Server to impersonate another Exchange user and access the mailboxes of other users by executing a man-in-the-middle attack.
  • CVE-2019-0646 : This is a cross-site scripting vulnerability in the Team Foundation Server. The flaw exists due to improper sanitization of user input. This vulnerability can be exploited by an authenticated attacker who sends a specially crafted payload to the Team Foundation Server. This payload will execute every time the user visits the compromised page and allows an attacker to read unauthorized content, execute malicious code, modify the settings, etc.
  • CVE-2019-0647 : This is an information disclosure vulnerability in the Team Foundation Server. The flaw is due to improper handling of variables marked as ‘secret’ which allows an attacker to read the variables which are hidden. But, an authenticated attacker has to to create a task group with a task containing a secret variable to exploit this vulnerability

Don’t turn a blind eye to these vulnerabilities:

  • CVE-2019-0626 : Windows Server DHCP is affected by a critical memory corruption vulnerability which allows an attacker to run arbitrary code on the DHCP server by sending specially crafted packets to the server. This vulnerability is better checked off as it’s highly possible that your network has DHCP and needs immediate updation.
  • CVE-2019-0594 and CVE-2019-0604 : Microsoft SharePoint is affected by critical remote code execution vulnerabilities which allow an attacker to execute arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account which requires a user to upload a specially crafted SharePoint application package to affected versions of SharePoint. And, these vulnerabilities exist because the software fails to check the source markup of an application package.
  • CVE-2019-0630 and CVE-2019-0633 : Remote code execution vulnerabilities exist in Windows SMB due to improper handling of certain requests by Microsoft Server Message Block 2.0 (SMBv2). This allows an authenticated attacker to execute code on the target server. The client-server communications with weak credentials are highly susceptible to this vulnerability.

Febraury 2019 patch Tuesday release consists of security updates for the following products:

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Framework
  • Microsoft Exchange Server
  • Microsoft Visual Studio
  • Azure IoT SDK
  • Microsoft Dynamics
  • Team Foundation Server
  • Visual Studio Code

Microsoft security bulletin summary for Febraury 2019:

Product : Adobe Flash Player
CVEs/Advisory : ADV190003
Severity : Critical
Impact : Remote Code Execution
KBs : 4487038


Product : Internet Explorer
CVEs/Advisory : CVE-2019-0606, CVE-2019-0654, CVE-2019-0676
Severity : Critical
Impact : Information Disclosure, Remote Code Execution, Spoofing
KBs : 4486474, 4486563, 4486996, 4487000, 4487017, 4487018, 4487020, 4487023, 4487025, 4487026, 4487044


Product : Microsoft Edge
CVEs/Advisory : CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0634, CVE-2019-0640, CVE-2019-0641, CVE-2019-0642, CVE-2019-0643, CVE-2019-0644, CVE-2019-0645, CVE-2019-0648, CVE-2019-0649, CVE-2019-0650, CVE-2019-0651, CVE-2019-0652, CVE-2019-0654, CVE-2019-0655, CVE-2019-0658
Severity : Critical
Impact : Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
KBs : 4486996, 4487017, 4487018, 4487020, 4487026, 4487044


Product : Microsoft Windows
CVEs/Advisory : ADV190006, CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0627, CVE-2019-0628, CVE-2019-0630, CVE-2019-0631, CVE-2019-0632, CVE-2019-0633, CVE-2019-0635, CVE-2019-0636, CVE-2019-0637, CVE-2019-0656, CVE-2019-0659, CVE-2019-0660, CVE-2019-0661, CVE-2019-0662, CVE-2019-0664
Severity : Critical
Impact : Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
KBs : 4486563, 4486564, 4486993, 4486996, 4487000, 4487017, 4487018, 4487019, 4487020, 4487023, 4487025, 4487026, 4487028, 4487044


Product : Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory : CVE-2019-0540, CVE-2019-0594, CVE-2019-0604, CVE-2019-0668, CVE-2019-0669, CVE-2019-0670, CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-2019-0674, CVE-2019-0675
Severity : Critical
Impact : Elevation of Privilege, Remote Code Execution, Security Feature Bypass, Spoofing
KBs : 4018294, 4018300, 4018313, 4092465, 4461597, 4461607, 4461608, 4461630, 4462115, 4462138, 4462139, 4462143, 4462146, 4462154, 4462155, 4462171, 4462174, 4462177, 4462186


Product : ChakraCore
CVEs/Advisory : CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0649, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655, CVE-2019-0658
Severity : Critical
Impact : Elevation of Privilege, Information Disclosure, Remote Code Execution


Product : .NET Framework
CVEs/Advisory : CVE-2019-0613, CVE-2019-0657
Severity : Important
Impact : Remote Code Execution, Spoofing
KBs : 4483449, 4483450, 4483451, 4483452, 4483453, 4483454, 4483455, 4483456, 4483457, 4483458, 4483459, 4483468, 4483469, 4483470, 4483472, 4483473, 4483474, 4483481, 4483482, 4483483, 4483484, 4486996, 4487017, 4487018, 4487020, 4487026


Product : Microsoft Exchange Server
CVEs/Advisory : ADV190004, ADV190007, CVE-2019-0686, CVE-2019-0724
Severity : Important
Impact : Elevation of Privilege
KBs : 4345836, 4471391, 4471392, 4487052


Product : Microsoft Visual Studio
CVEs/Advisory : CVE-2019-0613, CVE-2019-0657
Severity : Important
Impact : Remote Code Execution, Spoofing


Product : Azure IoT SDK
CVEs/Advisory : CVE-2019-0729, CVE-2019-0741
Severity : Important
Impact : Elevation of Privilege, Information Disclosure


Product : Team Foundation Server
CVEs/Advisory : CVE-2019-0742, CVE-2019-0743
Severity : Important
Impact : Spoofing


Product : Visual Studio Code
CVEs/Advisory : CVE-2019-0728
Severity : Important
Impact : Remote Code Execution


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Summary
Patch Tuesday: Microsoft Security Bulletin Summary for Febraury 2019
Article Name
Patch Tuesday: Microsoft Security Bulletin Summary for Febraury 2019
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *