Microsoft Security Bulletin February 2019 released its monthly set of security updates to address the vulnerabilities in its products today. The number of vulnerabilities reported each month has come up again after the dip from last October. Moreover, There are 77 vulnerabilities reported with 20 CVEs rated critical and 51 CVEs rated important using a vulnerability scanning tool. Also, These updates have addressed the issues in Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, Microsoft Exchange Server, Microsoft Visual Studio, Azure IoT SDK, Microsoft Dynamics, etc. It is interesting to note that 37 vulnerabilities lead to remote code execution alone with 20 of them rated critical.
Have a dekko at the IE Zero Day!
CVE-2019-0676 is a zero-day bug in the Internet Explorer 11 that was reported by Clement Lecigne of Google’s Threat Analysis Group. This is an in-the-wild Information Disclosure vulnerability that allows unauthorized access to the file system. The flaw exists due to the improper handling of objects in memory. However, a patch management tool can patch this flaw. But, a user has to be persuaded to visit a malicious website for the vulnerability to be successfully exploited. There have been no reports of nation state or targeted attacks using this vulnerability. But looking at the pattern with the old bugs related to Internet Explorer, it is highly likely that this vulnerability would hit the headlines in the future.
Publicly disclosed Vulnerabilities:
- CVE-2019-0636 : This is an information disclosure vulnerability in Windows which exists due to improper disclosure of file information. Also, An attacker who is logged on to an affected system can read the contents of files on disk by running a specially crafted application.
- CVE-2019-0686 : This is an elevation of privilege vulnerability in Microsoft Exchange Server. The flaw exists in the communication between Exchange Web Services clients and Exchange Severs. Microsoft explains that authentication requests can be forwarded to a Microsoft Exchange Server to impersonate another Exchange user and access the mailboxes of other users by executing a man-in-the-middle attack.
- CVE-2019-0646 : This is a cross-site scripting vulnerability in the Team Foundation Server. The flaw exists due to improper sanitization of user input. However, This vulnerability can be exploited by an authenticated attacker who sends a specially crafted payload to the Team Foundation Server. Also, This payload will execute every time the user visits the compromised page and allows an attacker to read unauthorized content, execute malicious code, modify the settings, etc.
- CVE-2019-0647 : This is an information disclosure vulnerability in the Team Foundation Server. The flaw is due to improper handling of variables marked as ‘secret’ which allows an attacker to read the variables which are hidden. But, an authenticated attacker has to to create a task group with a task containing a secret variable to exploit this vulnerability
Don’t turn a blind eye to these vulnerabilities:
- CVE-2019-0626 : Windows Server DHCP is affected by a critical memory corruption vulnerability which allows an attacker to run arbitrary code on the DHCP server by sending specially crafted packets to the server. Also, This vulnerability is better checked off as it’s highly possible that your network has DHCP and needs immediate updation.
- CVE-2019-0594 and CVE-2019-0604 : Microsoft SharePoint is affected by critical remote code execution vulnerabilities which allow an attacker to execute arbitrary code in the context of the SharePoint application pool and then the SharePoint server farm account which requires a user to upload a specially crafted SharePoint application package to affected versions of SharePoint. And, these vulnerabilities exist because the software fails to check the source markup of an application package.
- CVE-2019-0630 and CVE-2019-0633 : Remote code execution vulnerabilities exist in Windows SMB due to improper handling of certain requests by Microsoft Server Message Block 2.0 (SMBv2). This allows an authenticated attacker to execute code on the target server. The client-server communications with weak credentials are highly susceptible to this vulnerability.
Microsoft Security Bulletin February 2019 patch Tuesday release consists of security updates for the following products:
- Adobe Flash Player
- Internet Explorer
- Microsoft Edge
- Microsoft Windows
- Microsoft Office and Microsoft Office Services and Web Apps
- ChakraCore
- .NET Framework
- Microsoft Exchange Server
- Microsoft Visual Studio
- Azure IoT SDK
- Microsoft Dynamics
- Team Foundation Server
- Visual Studio Code
Microsoft Security Bulletin February 2019:
- Product : Adobe Flash Player
CVEs/Advisory : ADV190003
Severity : Critical
Impact : Remote Code Execution
KBs : 4487038
2. Product : Internet Explorer
CVEs/Advisory : CVE-2019-0606, CVE-2019-0654, CVE-2019-0676
Severity : Critical
Impact : Information Disclosure, Remote Code Execution and then Spoofing
KBs : 4486474, 4486563, 4486996, 4487000, 4487017, 4487018, 4487020, 4487023, 4487025, 4487026 and then 4487044
3. Product : Microsoft Edge
CVEs/Advisory : CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0634, CVE-2019-0640, CVE-2019-0641, CVE-2019-0642, CVE-2019-0643, CVE-2019-0644, CVE-2019-0645, CVE-2019-0648, CVE-2019-0649, CVE-2019-0650, CVE-2019-0651, CVE-2019-0652, CVE-2019-0654, CVE-2019-0655 and then CVE-2019-0658
Severity : Critical
Impact : Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass and then Spoofing
KBs : 4486996, 4487017, 4487018, 4487020, 4487026 and then 4487044
4. Product : Microsoft Windows
CVEs/Advisory : ADV190006, CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599, CVE-2019-0600, CVE-2019-0601, CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0618, CVE-2019-0619, CVE-2019-0621, CVE-2019-0623, CVE-2019-0625, CVE-2019-0626, CVE-2019-0627, CVE-2019-0628, CVE-2019-0630, CVE-2019-0631, CVE-2019-0632, CVE-2019-0633, CVE-2019-0635, CVE-2019-0636, CVE-2019-0637, CVE-2019-0656, CVE-2019-0659, CVE-2019-0660, CVE-2019-0661, CVE-2019-0662 and then CVE-2019-0664
Severity : Critical
Impact : Elevation of Privilege, Information Disclosure, Remote Code Execution and then Security Feature Bypass
KBs : 4486563, 4486564, 4486993, 4486996, 4487000, 4487017, 4487018, 4487019, 4487020, 4487023, 4487025, 4487026, 4487028 and then 4487044
5. Product : Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory : CVE-2019-0540, CVE-2019-0594, CVE-2019-0604, CVE-2019-0668, CVE-2019-0669, CVE-2019-0670, CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-2019-0674 and then CVE-2019-0675
Severity : Critical
Impact : Elevation of Privilege, Remote Code Execution, Security Feature Bypass and then Spoofing
KBs : 4018294, 4018300, 4018313, 4092465, 4461597, 4461607, 4461608, 4461630, 4462115, 4462138, 4462139, 4462143, 4462146, 4462154, 4462155, 4462171, 4462174, 4462177 and then 4462186
6. Product : ChakraCore
CVEs/Advisory : CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0649, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655 and then CVE-2019-0658
Severity : Critical
Impact : Elevation of Privilege, Information Disclosure and then Remote Code Execution
7. Product : .NET Framework
CVEs/Advisory : CVE-2019-0613, CVE-2019-0657
Severity : Important
Impact : Remote Code Execution and then Spoofing
KBs : 4483449, 4483450, 4483451, 4483452, 4483453, 4483454, 4483455, 4483456, 4483457, 4483458, 4483459, 4483468, 4483469, 4483470, 4483472, 4483473, 4483474, 4483481, 4483482, 4483483, 4483484, 4486996, 4487017, 4487018, 4487020 and then 4487026
8. Product : Microsoft Exchange Server
CVEs/Advisory : ADV190004, ADV190007, CVE-2019-0686 and then CVE-2019-0724
Severity : Important
Impact : Elevation of Privilege
KBs : 4345836, 4471391, 4471392, 4487052
9. Product : Microsoft Visual Studio
CVEs/Advisory : CVE-2019-0613, CVE-2019-0657
Severity : Important
Impact : Remote Code Execution, Spoofing
10. Product : Azure IoT SDK
CVEs/Advisory : CVE-2019-0729 and then CVE-2019-0741
Severity : Important
Impact : Elevation of Privilege, Information Disclosure
11. Product : Team Foundation Server
CVEs/Advisory : CVE-2019-0742, CVE-2019-0743
Severity : Important
Impact : Spoofing
12. Product : Visual Studio Code
CVEs/Advisory : CVE-2019-0728
Severity : Important
Impact : Remote Code Execution
However, SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Also, Download Saner now and keep your systems updated and secure.