Microsoft’s January 2019 Patch Fixes 51 Security Vulnerabilities Threat Alert

Microsoft’s January 2019 Patch Fixes 51 Security Vulnerabilities Threat Alert

January 15, 2019 | Adeline Zhang

Overview

Microsoft released the January 2019 security patch on Tuesday that fixes 51 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Adobe Flash Player, Android App, ASP.NET, Internet Explorer, Microsoft Edge, Microsoft Exchange Server, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft XML, Servicing Stack Updates, Visual Studio, Windows COM, Windows DHCP Client, Windows Hyper-V, Windows Kernel, and Windows Subsystem for Linux.

Details can be found in the following table.

Product CVE ID CVE Title Severity Level
.NET Framework CVE-2019-0545 .NET Framework Information Disclosure Vulnerability Important
Adobe Flash Player ADV190001 January 2019 Adobe Flash Update Unknown
Android App CVE-2019-0622 Skype for Android Privilege Escalation Vulnerability Moderate
ASP.NET CVE-2019-0548 ASP.NET Core Denial-of-Service Vulnerability Important
ASP.NET CVE-2019-0564 ASP.NET Core Denial-of-Service Vulnerability Important
Internet Explorer CVE-2019-0541 MSHTML Engine Remote Code Execution Vulnerability Important
Microsoft Edge CVE-2019-0565 Microsoft Edge Memory Corruption Vulnerability Critical
Microsoft Edge CVE-2019-0566 Microsoft Edge Privilege Escalation Vulnerability Important
Microsoft Exchange Server CVE-2019-0586 Microsoft Exchange Memory Corruption Vulnerability Important
Microsoft Exchange Server CVE-2019-0588 Microsoft Exchange Information Disclosure Vulnerability Important
Microsoft JET Database Engine CVE-2019-0538 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0575 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0576 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0577 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0578 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0579 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0580 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0581 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0582 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0583 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0584 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0585 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0559 Microsoft Outlook Information Disclosure Vulnerability Important
Microsoft Office CVE-2019-0560 Microsoft Office Information Disclosure Vulnerability Important
Microsoft Office CVE-2019-0561 Microsoft Word Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2019-0556 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-0557 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-0558 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-0562 Microsoft SharePoint Privilege Escalation Vulnerability Important
Microsoft Scripting Engine CVE-2019-0539 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0567 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0568 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2019-0543 Microsoft Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0570 Windows Runtime Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0571 Windows Data Sharing Service Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0572 Windows Data Sharing Service Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0573 Windows Data Sharing Service Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0574 Windows Data Sharing Service Privilege Escalation Vulnerability Important
Microsoft XML CVE-2019-0555 Microsoft XmlDocument Privilege Escalation Vulnerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Visual Studio CVE-2019-0537 Microsoft Visual Studio Information Disclosure Vulnerability Important
Visual Studio CVE-2019-0546 Visual Studio Remote Code Execution Vulnerability Moderate
Windows COM CVE-2019-0552 Windows COM Privilege Escalation Vulnerability Important
Windows DHCP Client CVE-2019-0547 Windows DHCP Client Remote Code Execution Vulnerability Critical
Windows Hyper-V CVE-2019-0550 Windows Hyper-V Remote Code Execution Vulnerability Critical
Windows Hyper-V CVE-2019-0551 Windows Hyper-V Remote Code Execution Vulnerability Critical
Windows Kernel CVE-2019-0536 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-0549 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-0554 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-0569 Windows Kernel Information Disclosure Vulnerability Important
Windows Subsystem for Linux CVE-2019-0553 Windows Subsystem for Linux Information Disclosure Vulnerability Important

 

Recommended Mitigation Measure

Microsoft has released the January 2019 security patch to fix these issues. Please install the patch as soon as possible.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

https://www.nsfocusglobal.com.

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

Download: ‘s January 2019 Patch Fixes 51 Security Vulnerabilities