January 2019 Patch Tuesday has seen 51 flaws rectified in Microsoft products. There are four updates to rectify mistakes in the Microsoft Edge Browser. Seven of the 51 updates have been shown as crucial.
January 2019 Patch Tuesday Crucial Vulnerability in Microsoft Products
The 51 updates are broken down as: Microsoft JET Database Engine (11), Microsoft Windows (6), Microsoft Office (4), Microsoft Office SharePoint (4), Windows Kernel (4), Microsoft Scripting Engine (3), ASP.NET (2), Microsoft Edge (2), Microsoft Exchange Server (2), Visual Studio (2), Windows Hyper-V (2), .NET Framework (1), Adobe Flash Player (1), Android App (1), Internet Explorer (1), Microsoft XML (1), Servicing Stack Updates (1), Windows COM (1), Windows DHCP Client (1), and Windows Subsystem for Linux (1).
The vulnerabilities shown as crucial are:
CVE-2019-0547 – Windows DHCP Customer
The top-rated vulnerability in this month’s round of updates is a distant code execution vulnerability in the Windows DHCP Customer which would permit an attacker to perform arbitrary code on a weak appliance by sending a specifically created DHCP reaction to a target. The mistake has a CVSS v3 base record of 9.8 out of 10 and affects Windows 10 (v1803) and Windows Server (v1803).
CVE-2019-0539, CVE-2019-0567, CVE-2019-0568 – Chakra Scripting Engine
Three crucial distant code execution vulnerabilities have been rectified in the Chakra Scripting Engine of Microsoft Edge. All three are memory corruption vulnerabilities that might be abused through a specially created webpage or advertisement.
CVE-2019-0565 – Microsoft Edge
An additional flaw affecting Microsoft Edge might result in remote code execution on a weak appliance if the user is persuaded to visit a malevolent website. This is also a memory corruption flaw that would let arbitrary code to be implemented in the context of the present user. If the vulnerability is abused when a user with administrative privileges is logged on, the attacker might take complete control of the user’s appliance.
CVE-2019-0550, CVE-2019-0551 – Windows Hyper-V
Two crucial vulnerabilities in Windows Hyper-V have been repaired. The updates rectify mistakes in how a host server validates input from an authentic user on a guest operating system. Both might result in distant code implementation and might be abused by running a specifically created application on a vulnerable guest operating system.
Although only marked as important, the Jet Database Engine weakness (CVE-2019-0579) has been openly disclosed, even though it is not thought to be actively exploited in the wild at this stage.
Adobe January 2019 Patch Tuesday Updates
Adobe has released January 2019 Patch Tuesday updates, nevertheless astonishingly, no safety vulnerabilities have been tackled in Adobe Flash Player. One update for Flash Player has been released (APB19-01) even though this only rectifies performance problems and updates Flash Player to version 18.104.22.168.
One safety update has been issued for Adobe Digital editions which tackles the out of bounds read vulnerability (CVE-2018-12817) which might result in information disclosure. The vulnerability has been ranked as important. Users must upgrade to Adobe Digital editions v. 4.5.1 to rectify the vulnerability.
An update has also been issued for Adobe Connect to rectify a session token exposure vulnerability (CVE-2018-19718) which is also marked as important. Users must upgrade to Adobe Connect 10.1 to rectify the fault.