Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2019-02-12 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft February 2019 Patch Tuesday

Published: 2019-02-12
Last Updated: 2019-02-12 23:06:59 UTC
by Renato Marinho (Version: 1)
2 comment(s)

This month, we got patches for 74 vulnerabilities in total. One of them has been exploited and two vulnerabilities have been made public before today. 

The known exploited vulnerability (CVE-2019-0676) may lead to information disclosure and affects Internet Explorer 10 on Windows Server 2012 and Internet Explorer 11 on Windows 7, 8.1 and 10 and Windows Server 2008, 2012, 2016 and 2019.  

From two previously known vulnerabilities, one (CVE-2019-0636) may also lead to information disclosure and the other, CVE-2019-0686, is a privilege escalation vulnerability on Microsoft Exchange 2010, 2013, 2016 and 2019. This vulnerability was well detailed by Bojan in this diary

Past month, critical vulnerabilities affected Microsoft DHCP Client. This time, a critical vulnerability was fixed on DHCP Server (2019-0626). If successfully exploited, it may allow an attacker to run arbitrary code on the DHCP server. The CVSS V3 for this vulnerability is 9.8 (out of 10).

Take a look at mine dashboard for a more detailed breakout: https://patchtuesdaydashboard.com 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework and Visual Studio Remote Code Execution Vulnerability
CVE-2019-0613 No No Less Likely Less Likely Important    
.NET Framework and Visual Studio Spoofing Vulnerability
CVE-2019-0657 No No Less Likely Less Likely Important    
Azure IoT Java SDK Elevation of Privilege Vulnerability
CVE-2019-0729 No No - - Important    
Azure IoT Java SDK Information Disclosure Vulnerability
CVE-2019-0741 No No - - Important    
February 2019 Adobe Flash Security Update
ADV190003 No No - - Critical    
February 2019 Oracle Outside In Library Security Update
ADV190004 No No - -      
GDI+ Remote Code Execution Vulnerability
CVE-2019-0662 No No Less Likely Less Likely Critical 8.8 7.9
CVE-2019-0618 No No Less Likely Less Likely Critical 8.8 7.9
Guidance for "PrivExchange" Elevation of Privilege Vulnerability
ADV190007 Yes No More Likely More Likely      
Guidance to mitigate unconstrained delegation vulnerabilities
ADV190006 No No - -      
HID Information Disclosure Vulnerability
CVE-2019-0600 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0601 No No Less Likely Less Likely Important 4.7 4.2
Internet Explorer Information Disclosure Vulnerability
CVE-2019-0676 No Yes More Likely Detected Important 2.4 2.2
Internet Explorer Memory Corruption Vulnerability
CVE-2019-0606 No No - - Critical 6.4 5.8
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-0625 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0595 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0596 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0597 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0598 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0599 No No Less Likely Less Likely Important 7.8 7.0
Latest Servicing Stack Updates
ADV990001 No No - - Critical    
Microsoft Browser Spoofing Vulnerability
CVE-2019-0654 No No More Likely More Likely Important 2.4 2.2
Microsoft Edge Information Disclosure Vulnerability
CVE-2019-0643 No No - - Moderate 4.3 3.9
Microsoft Edge Memory Corruption Vulnerability
CVE-2019-0645 No No - - Critical 4.2 3.8
CVE-2019-0650 No No - - Critical 4.2 3.8
CVE-2019-0634 No No - - Critical 4.2 3.8
Microsoft Edge Security Feature Bypass Vulnerability
CVE-2019-0641 No No - - Moderate 4.3 3.9
Microsoft Excel Information Disclosure Vulnerability
CVE-2019-0669 No No More Likely More Likely Important    
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2019-0686 Yes No More Likely More Likely Important    
CVE-2019-0724 No No - - Important    
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVE-2019-0671 No No Less Likely Less Likely Important    
CVE-2019-0672 No No Less Likely Less Likely Important    
CVE-2019-0673 No No Less Likely Less Likely Important    
CVE-2019-0674 No No Less Likely Less Likely Important    
CVE-2019-0675 No No - - Important    
Microsoft Office Security Feature Bypass Vulnerability
CVE-2019-0540 No No More Likely More Likely Important    
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2019-0668 No No - - Important    
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2019-0594 No No Less Likely Less Likely Critical    
CVE-2019-0604 No No Less Likely Less Likely Critical    
Microsoft SharePoint Spoofing Vulnerability
CVE-2019-0670 No No - - Moderate    
Scripting Engine Elevation of Privileged Vulnerability
CVE-2019-0649 No No - - Important 4.2 3.8
Scripting Engine Information Disclosure Vulnerability
CVE-2019-0648 No No - - Important 4.3 3.9
CVE-2019-0658 No No - - Important 4.3 3.9
Scripting Engine Memory Corruption Vulnerability
CVE-2019-0607 No No - - Critical 4.2 3.8
CVE-2019-0610 No No - - Important 4.2 3.8
CVE-2019-0640 No No - - Critical 4.2 3.8
CVE-2019-0642 No No - - Critical 4.2 3.8
CVE-2019-0644 No No - - Critical 4.2 3.8
CVE-2019-0651 No No - - Critical 4.2 3.8
CVE-2019-0652 No No - - Critical 4.2 3.8
CVE-2019-0655 No No - - Critical 4.2 3.8
CVE-2019-0590 No No - - Critical 4.2 3.8
CVE-2019-0591 No No - - Critical 4.2 3.8
CVE-2019-0593 No No - - Critical 4.2 3.8
CVE-2019-0605 No No - - Critical 4.2 3.8
Team Foundation Server Cross-site Scripting Vulnerability
CVE-2019-0743 No No Less Likely Less Likely Important    
CVE-2019-0742 No No Less Likely Less Likely Important    
Visual Studio Code Remote Code Execution Vulnerability
CVE-2019-0728 No No Less Likely Less Likely Important    
Win32k Elevation of Privilege Vulnerability
CVE-2019-0623 No No - - Important 7.0 6.3
Win32k Information Disclosure Vulnerability
CVE-2019-0628 No No More Likely More Likely Important 4.7 4.2
Windows DHCP Server Remote Code Execution Vulnerability
CVE-2019-0626 No No Less Likely Less Likely Critical 9.8 8.8
Windows Defender Firewall Security Feature Bypass Vulnerability
CVE-2019-0637 No No Less Likely Less Likely Important 5.3 4.8
Windows GDI Information Disclosure Vulnerability
CVE-2019-0660 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0664 No No - - Important 4.7 4.2
CVE-2019-0602 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0615 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0616 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0619 No No Less Likely Less Likely Important 4.7 4.2
Windows Hyper-V Information Disclosure Vulnerability
CVE-2019-0635 No No Less Likely Less Likely Important 5.4 4.9
Windows Information Disclosure Vulnerability
CVE-2019-0636 Yes No More Likely More Likely Important 5.5 5.1
Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-0656 No No - - Important 4.7 4.2
Windows Kernel Information Disclosure Vulnerability
CVE-2019-0661 No No - - Important 4.7 4.2
CVE-2019-0621 No No More Likely More Likely Important 5.5 5.0
Windows SMB Remote Code Execution Vulnerability
CVE-2019-0630 No No More Likely More Likely Important 7.5 6.7
CVE-2019-0633 No No More Likely More Likely Important 7.5 6.7
Windows Security Feature Bypass Vulnerability
CVE-2019-0627 No No More Likely More Likely Important 5.3 4.8
CVE-2019-0631 No No More Likely More Likely Important 5.3 4.8
CVE-2019-0632 No No More Likely More Likely Important 5.3 4.8
Windows Storage Service Elevation of Privilege Vulnerability
CVE-2019-0659 No No Less Likely Less Likely Important 7.0 6.3

 

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:
2 comment(s)
Diary Archives