Microsoft Security Bulletin for February 2019 Patches That Fix 79 Security Vulnerabilities

Microsoft Security Bulletin for February 2019 Patches That Fix 79 Security Vulnerabilities

February 21, 2019 | Adeline Zhang

Overview

Microsoft released the January 2019 security patch on Tuesday that fixes 79 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Adobe Flash Player, Azure, Internet Explorer, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Servicing Stack Updates, Team Foundation Server, Visual Studio, Windows DHCP Server, Windows Hyper-V, Windows Kernel, and Windows SMB Server.

Details can be found in the following table.

Product CVE ID CVE Title Severity Level
.NET Framework CVE-2019-0657 .NET Framework and Visual Studio Spoofing Vulnerability Important
.NET Framework CVE-2019-0613 .NET Framework and Visual Studio Remote Code Execution Vulnerability Important
Adobe Flash Player ADV190003 February 2019 Adobe Flash Security Update Critical
Azure CVE-2019-0729 Azure IoT Java SDK Privilege Escalation Vulnerability Important
Azure CVE-2019-0741 Azure IoT Java SDK Information Disclosure Vulnerbaility Important
Internet Explorer CVE-2019-0606 Internet Explorer Memory Corruption Vulnerability Critical
Internet Explorer CVE-2019-0676 Internet Explorer Information Disclosure Vulnerability Important
Microsoft Browsers CVE-2019-0654 Microsoft Browser Spoofing Vulnerability Important
Microsoft Edge CVE-2019-0641 Microsoft Edge Security Feature Bypass Vulnerability Moderate
Microsoft Edge CVE-2019-0643 Microsoft Edge Information Disclosure Vulnerability Moderate
Microsoft Edge CVE-2019-0645 Microsoft Edge Memory Corruption Vulnerability Critical
Microsoft Edge CVE-2019-0650 Microsoft Edge Memory Corruption Vulnerability Critical
Microsoft Edge CVE-2019-0634 Microsoft Edge Memory Corruption Vulnerability Moderate
Microsoft Exchange Server ADV190004 February 2019 Oracle Outside In Library Security Update Unknown
Microsoft Exchange Server CVE-2019-0686 Microsoft Exchange Server Privilege Escalation Vulnerability Important
Microsoft Exchange Server CVE-2019-0724 Microsoft Exchange Server Privilege Escalation Vulnerability Important
Microsoft Exchange Server ADV190007 Guidance for “PrivExchange” Privilege Escalation Vulnerability Unknown
Microsoft Graphics Component CVE-2019-0660 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0662 GDI+ Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2019-0664 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0602 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0615 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0616 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0618 GDI+ Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2019-0619 Windows GDI Information Disclosure Vulnerability Important
Microsoft JET Database Engine CVE-2019-0625 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0595 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0596 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0597 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0598 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0599 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0540 Microsoft Office Security Feature Bypass Vulnerability Important
Microsoft Office CVE-2019-0671 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0672 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0673 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0674 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0675 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0669 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2019-0668 Microsoft SharePoint Privilege Escalation Vulnerability Important
Microsoft Office SharePoint CVE-2019-0670 Microsoft SharePoint Spoofing Vulnerability Moderate
Microsoft Office SharePoint CVE-2019-0594 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2019-0604 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0607 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0610 Chakra Scripting Engine Memory Corruption Vulnerability Important
Microsoft Scripting Engine CVE-2019-0640 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0642 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0644 Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-0648 Scripting Engine Information Disclosure Vulnerability Important
Microsoft Scripting Engine CVE-2019-0649 Scripting Engine Elevation of Privileged Vulnerability Important
Microsoft Scripting Engine CVE-2019-0651 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0652 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0655 Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-0658 Scripting Engine Information Disclosure Vulnerability Important
Microsoft Scripting Engine CVE-2019-0590 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0591 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0593 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0605 Chakra Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Windows CVE-2019-0659 Windows Storage Service Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0600 HID Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-0601 HID Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-0627 Windows Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-0631 Windows Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-0632 Windows Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-0636 Windows Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-0637 Windows Defender Firewall Security Feature Bypass Vulnerability Important
Microsoft Windows ADV190006 Guidance to mitigate unconstrained delegation vulnerabilities Unknown
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Team Foundation Server CVE-2019-0743 Team Foundation Server Cross-site Scripting Vulnerability Important
Team Foundation Server CVE-2019-0742 Team Foundation Server Cross-site Scripting Vulnerability Important
Visual Studio CVE-2019-0728 Visual Studio Code Remote Code Execution Vulnerability Important
Windows DHCP Server CVE-2019-0626 Windows DHCP Server Remote Code Execution Vulnerability Critical
Windows Hyper-V CVE-2019-0635 Windows Hyper-V Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-0623 Win32k Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-0628 Win32k Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-0656 Windows Kernel Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-0661 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-0621 Windows Kernel Information Disclosure Vulnerability Important
Windows SMB Server CVE-2019-0630 Windows SMB Remote Code Execution Vulnerability Important
Windows SMB Server CVE-2019-0633 Windows SMB Remote Code Execution Vulnerability Important


Recommended Mitigation Measures

Microsoft has released the January 2019 security patch to fix these issues. Please install the patch as soon as possible.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-0743
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Team Foundation Server 2018 Update 3.2 Release Notes Security Update Important Spoofing Base: N/A
Temporal: N/A
Vector: N/A
Maybe

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

Download:Microsoft Security Bulletin for February 2019 Patches That Fix 79 Security Vulnerabilities