January, 2019: Patch Tuesday: 1 Public, 1 Exploited but an Easy Start to 2019

Welcome to the first Patch Tuesday Bulletin of the year.  This month we have 46 unique MS related CVE’s, an Adobe Flash Update (non-security), 1 exploited vulnerability and 1 public. That exploited vulnerability is CVE-2019-8653.  The software affected is IE 9, 10 and 11.  Microsoft provides a workaround but you have to revert the workaround before applying the update.  So, our suggestion is to test and update as soon as possible.  Another important update to act on is CVE-2019-0579.  It’s not currently being exploited but it is publicly disclosed.  Microsoft says exploitation is unlikely but since it’s public this is another one to test and update as soon as possible. Oddly enough, ADV190001 is a non-security update for Adobe.  Although it’s not a threat/vulnerability update we did include it in the chart since Microsoft provided the data.  Besides that, 2019 is off to a good start.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches that affect Windows platforms in the past month.

Patch data provided by:

 LOGbinder.com

Technology

Products Affected

Severity

Reference

Workaround/ Exploited / Publicly Disclosed

Vulnerability Info

Adobe Flash Player

Desktop Runtime, Player for Chrome, Edge and IE 32.0.0.101 and earlier

None

ADV190001

*Workaround: No
**Exploited: No
***Public: No

None

Internet Explorer

IE 9,10,11

Critical

*CVE-2018-8653**
CVE-2019-0541

*Workaround: Yes
**Exploited: Yes
***Public: No

Remote Code Execution

Edge

All

Critical

CVE-2019-0539
CVE-2019-0565
CVE-2019-0566
CVE-2019-0567
CVE-2019-0568

*Workaround: No
**Exploited: No
***Public: No

Remote Code Execution

Elevation of Privilege

Windows

Windows 7, 8.1, 8.1 RT, 10

Server 2008/2008 R2

Sever 2012, 2012 R2

Server 2016

Server 2019

Critical

CVE-2019-0536
CVE-2019-0543
CVE-2019-0547
CVE-2019-0553
CVE-2019-0554
CVE-2019-0555
CVE-2019-0569
CVE-2019-0570
CVE-2019-0571
CVE-2019-0572
CVE-2019-0573
CVE-2019-0574
CVE-2019-0575
CVE-2019-0576
CVE-2019-0577
CVE-2019-0578
CVE-2019-0579***
CVE-2019-0580
CVE-2019-0581
CVE-2019-0582
CVE-2019-0583
CVE-2019-0584
CVE-2019-0549
CVE-2019-0550
CVE-2019-0551
CVE-2019-0552

*Workaround: No

**Exploited: No

***Public: Yes

Information Disclosure

Elevation of Privilege

Remote Code Execution

Spoofing

Office, Office Services and Web Apps

Excel Viewer 2007, Word Viewer

Excel, Outlook and Word 2010, 2013, 2013 RT, 2016

Office 2010, 2016, 2019, 2016 for Mac, 2019 for Mac

Web Apps Server 2010 SP2

SharePoint Enterprise Server 2013, 2016

Office 365 ProPlus

Important

CVE-2019-0541
CVE-2019-0556
CVE-2019-0557
CVE-2019-0558
CVE-2019-0559
CVE-2019-0560
CVE-2019-0561
CVE-2019-0562
CVE-2019-0585

*Workaround: No

**Exploited: No

***Public:  No

Information Disclosure

Remote Code Execution

Elevation of Privilege

Spoofing

 

ChakraCore

All

Critical

CVE-2019-0539
CVE-2019-0567
CVE-2019-0568

*Workaround: No
**Exploited: No
***Public: No

Remote Code Execution

.NET Framework

.NET 2SP1, 3SP1,3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2

Important

CVE-2019-0545

*Workaround: No
**Exploited: No
***Public: No

Information Disclosure

ASP.NET

Core 2.1

Important

CVE-2019-0548
CVE-2019-0564

*Workaround: No
**Exploited: No
***Public: No

Denial of Service

Exchange Server

2013 CU21, 2016 CU10

Important

CVE-2019-0586
CVE-2019-0588

*Workaround: No
**Exploited: No
***Public: No

Remote Code Execution

Information Disclosure

Visual Studio

2010 SP1, 2012 Update 5

Important

CVE-2019-0537

*Workaround: No
**Exploited: No
***Public: No

Information Disclosure


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.