Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Understanding and Managing Organizational Units and Groups in Active Directory
5 Steps to Comprehensively Mapping Your Attack Surface
Securing Privilege Outside the IT Department: High Value Transactions, Vulnerable Applications and Access to Critical Information
Anatomy of a Hack: How TEMP.Mixmaster Attackers Use TrickBot and Ryuk To Poach Big Game

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

February, 2019: Patch Tuesday: 4 Publically Disclosed and 1 Exploited Vulnerability

Welcome to this February Patch Tuesday Bulletin. There are 77 unique CVE’s, 6 critical products, 1 exploited vulnerability, and 3 public vulnerabilities. This month pay close attention to the IE vulnerability CVE-2019-0676. This particular vulnerability is important rated vulnerability that can disclose the presence of files on a disk when a user navigates to a malicious site. There were 4 publicly disclosed vulnerabilities that include CVE-2019-0636, CVE-2019-0686, CVE-2019-0646, and CVE-2019-0647. These vulnerabilities affect Windows, Exchange, and Team Foundation Servers. At the time of this bulletin the adobe flash player advisory ADV190003 referenced a non-existent Adobe advisory but this may change in the future. Meanwhile, review the mitigations and workarounds for Flash.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited	Vulnerability Info
Adobe Flash Player	Adobe Flash Player	Critical	ADV190003*	Workaround: Yes Exploited: No **Public: No	Remote Code Execution
Internet Explorer	IE 9, 10, 11	Critical	CVE-2019-0606 CVE-2019-0654 CVE-2019-0676	Workaround: No Exploited: Yes* Public: No	Remote Code Execution Spoofing Information Disclosure
Edge	Edge	Critical	CVE-2019-0590 CVE-2019-0591 CVE-2019-0593 CVE-2019-0605 CVE-2019-0607 CVE-2019-0610 CVE-2019-0634 CVE-2019-0640 CVE-2019-0641 CVE-2019-0642 CVE-2019-0643 CVE-2019-0644 CVE-2019-0645 CVE-2019-0648 CVE-2019-0649 CVE-2019-0650 CVE-2019-0651 CVE-2019-0652 CVE-2019-0654 CVE-2019-0655 CVE-2019-0658	*Workaround: No Exploited: No Public: No	Remote Code Execution Security Feature Bypass Information Disclosure Elevation of Privilege Spoofing
Windows	Windows 7, 8.1, 8.1 RT, 10 Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019	Critical	CVE-2019-0619 CVE-2019-0621 CVE-2019-0623 CVE-2019-0625 ADV190006 CVE-2019-0595 CVE-2019-0596 CVE-2019-0597 CVE-2019-0598 CVE-2019-0599 CVE-2019-0600 CVE-2019-0601 CVE-2019-0602 CVE-2019-0615 CVE-2019-0616 CVE-2019-0618 CVE-2019-0626 CVE-2019-0627 CVE-2019-0628 CVE-2019-0630 CVE-2019-0631 CVE-2019-0632 CVE-2019-0633 CVE-2019-0635 CVE-2019-0636 CVE-2019-0637 CVE-2019-0656 CVE-2019-0659 CVE-2019-0660 CVE-2019-0661 CVE-2019-0662 CVE-2019-0664	*Workaround: No Exploited: No Public: Yes	Information Disclosure Elevation of Privilege Remote Code Execution Security Feature Bypass
Office, Office Services and Web Apps	Excel 2010, 2013, 2016 Office 2010, 2013, 2016, 2016 for Mac, 2019, 2019 for Mac SharePoint Enterprise Server 2013, 2016 SharePoint Server 2010, 2019 Office 365 Skype for Business 2015	Critical	CVE-2019-0540 CVE-2019-0594 CVE-2019-0604 CVE-2019-0668 CVE-2019-0669 CVE-2019-0670 CVE-2019-0671 CVE-2019-0672 CVE-2019-0673 CVE-2019-0674 CVE-2019-0675 CVE-2019-0624	*Workaround: No Exploited: No Public: No	Security Feature Bypass Remote Code Execution Elevation of Privilege Spoofing
ChakraCore	ChakraCore	Critical	CVE-2019-0590 CVE-2019-0591 CVE-2019-0593 CVE-2019-0605 CVE-2019-0607 CVE-2019-0610 CVE-2019-0640 CVE-2019-0642 CVE-2019-0644 CVE-2019-0649 CVE-2019-0651 CVE-2019-0652 CVE-2019-0655 CVE-2019-0658	*Workaround: No Exploited: No Public: No	Remote Code Execution Elevation of Privilege Information Disclosure
.NET Framework	.NET 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 .NET Core 1.0, 1.1, 2.1, 2.2	Important	CVE-2019-0613 CVE-2019-0657	*Workaround: No Exploited: No Public: No	Remote Code Execution Spoofing
Exchange Server	Server 2010, 2013, 2016, 2019	Important	ADV190004 CVE-2019-0686 CVE-2019-0724 ADV190007	*Workaround: No Exploited: No Public: Yes	Elevation of Privilege
Visual Studio	Visual Studio 2017	Important	CVE-2019-0613 CVE-2019-0657 CVE-2019-0728	*Workaround: No Exploited: No Public: No	Remote Code Execution Spoofing
Azure IoT SDK	Java SDK for Azure IoT	Important	CVE-2019-0729 CVE-2019-0741	*Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure
Team Foundation Server	Server 2017 3.1, 2018 1.2, 2018 3.2	Important	CVE-2019-0742 CVE-2019-0743 CVE-2019-0646 CVE-2019-0647	*Workaround: No Exploited: No Public: Yes	Spoofing Information Disclosure
Visual Studio Code	Visual Studio Code	Important	CVE-2019-0728	*Workaround: No Exploited: No Public: No	Remote Code Execution

Research security patch database

Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.

Home

User name:
Password:
	/ Forgot?
	Register

February 2019 Patch Tuesday	"Patch Tuesday: 4 Publically Disclosed and 1 Exploited Vulnerability " - sponsored by LOGbinder

Follow @randyfsmith

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2019 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.