February, 2019: Patch Tuesday: 4 Publically Disclosed and 1 Exploited Vulnerability

Welcome to this February Patch Tuesday Bulletin.  There are 77 unique CVE’s, 6 critical products, 1 exploited vulnerability, and 3 public vulnerabilities.  This month pay close attention to the IE vulnerability CVE-2019-0676.  This particular vulnerability is important rated vulnerability that can disclose the presence of files on a disk when a user navigates to a malicious site.  There were 4 publicly disclosed vulnerabilities that include CVE-2019-0636, CVE-2019-0686, CVE-2019-0646, and CVE-2019-0647.  These vulnerabilities affect Windows, Exchange, and Team Foundation Servers.  At the time of this bulletin the adobe flash player advisory ADV190003 referenced a non-existent Adobe advisory but this may change in the future.  Meanwhile, review the mitigations and workarounds for Flash.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Adobe Flash Player

Adobe Flash Player

Critical

ADV190003*

*Workaround: Yes

**Exploited: No

***Public: No

 

Remote Code Execution

Internet Explorer

IE 9, 10, 11

Critical

CVE-2019-0606

CVE-2019-0654

CVE-2019-0676

*Workaround: No

Exploited: Yes

Public: No

 

Remote Code Execution

Spoofing

Information Disclosure

 

Edge

Edge

Critical

CVE-2019-0590

CVE-2019-0591

CVE-2019-0593

CVE-2019-0605

CVE-2019-0607

CVE-2019-0610

CVE-2019-0634

CVE-2019-0640

CVE-2019-0641

CVE-2019-0642

CVE-2019-0643

CVE-2019-0644

CVE-2019-0645

CVE-2019-0648

CVE-2019-0649

CVE-2019-0650

CVE-2019-0651

CVE-2019-0652

CVE-2019-0654

CVE-2019-0655

CVE-2019-0658

*Workaround: No

Exploited: No

Public: No

 

Remote Code Execution

Security Feature Bypass

Information Disclosure

Elevation of Privilege

Spoofing

 

Windows

Windows 7, 8.1, 8.1 RT, 10

Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019

Critical

CVE-2019-0619

CVE-2019-0621

CVE-2019-0623

CVE-2019-0625

ADV190006

CVE-2019-0595

CVE-2019-0596

CVE-2019-0597

CVE-2019-0598

CVE-2019-0599

CVE-2019-0600

CVE-2019-0601

CVE-2019-0602

CVE-2019-0615

CVE-2019-0616

CVE-2019-0618

CVE-2019-0626

CVE-2019-0627

CVE-2019-0628

CVE-2019-0630

CVE-2019-0631

CVE-2019-0632

CVE-2019-0633

CVE-2019-0635

CVE-2019-0636

CVE-2019-0637

CVE-2019-0656

CVE-2019-0659

CVE-2019-0660

CVE-2019-0661

CVE-2019-0662

CVE-2019-0664

*Workaround: No

Exploited: No

Public: Yes

 

Information Disclosure

Elevation of Privilege

Remote Code Execution

Security Feature Bypass

 

Office, Office Services and Web Apps

Excel 2010, 2013, 2016

Office 2010, 2013, 2016, 2016 for Mac, 2019, 2019 for Mac

SharePoint Enterprise Server 2013, 2016

SharePoint Server 2010, 2019

Office 365

Skype for Business 2015

Critical

CVE-2019-0540

CVE-2019-0594

CVE-2019-0604

CVE-2019-0668

CVE-2019-0669

CVE-2019-0670

CVE-2019-0671

CVE-2019-0672

CVE-2019-0673

CVE-2019-0674

CVE-2019-0675

CVE-2019-0624

*Workaround: No

Exploited: No

Public: No

 

Security Feature Bypass

Remote Code Execution

Elevation of Privilege

Spoofing

ChakraCore

ChakraCore

Critical

CVE-2019-0590

CVE-2019-0591

CVE-2019-0593

CVE-2019-0605

CVE-2019-0607

CVE-2019-0610

CVE-2019-0640

CVE-2019-0642

CVE-2019-0644

CVE-2019-0649

CVE-2019-0651

CVE-2019-0652

CVE-2019-0655

CVE-2019-0658

*Workaround: No

Exploited: No

Public: No

 

Remote Code Execution

Elevation of Privilege

Information Disclosure

 

.NET Framework

.NET 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2

.NET Core 1.0, 1.1, 2.1, 2.2

Important

CVE-2019-0613

CVE-2019-0657

*Workaround: No

Exploited: No

Public: No

Remote Code Execution

Spoofing

Exchange Server

Server 2010, 2013, 2016, 2019

Important

ADV190004

CVE-2019-0686

CVE-2019-0724

ADV190007

*Workaround: No

Exploited: No

Public: Yes

Elevation of Privilege

Visual Studio

Visual Studio 2017

Important

CVE-2019-0613

CVE-2019-0657

CVE-2019-0728

*Workaround: No

Exploited: No

Public: No

Remote Code Execution

Spoofing

 

Azure IoT SDK

Java SDK for Azure IoT

Important

CVE-2019-0729

CVE-2019-0741

*Workaround: No

Exploited: No

Public: No

Elevation of Privilege

Information Disclosure

 

Team Foundation Server

Server 2017 3.1, 2018 1.2, 2018 3.2

Important

CVE-2019-0742

CVE-2019-0743

CVE-2019-0646

CVE-2019-0647

*Workaround: No

Exploited: No

Public: Yes

Spoofing

Information Disclosure

 

Visual Studio Code

Visual Studio Code

Important

CVE-2019-0728

*Workaround: No

Exploited: No

Public: No

Remote Code Execution


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.