Microsoft 09 stycznia 2019 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 51 poprawki bezpieczeństwa, w tym 7 poprawek oznaczonych jako krytyczne.

Aktualizacje naprawiają luki m.in. w:

  • .NET Framework
  • Internet Explorer
  • Microsoft Edge
  • Microsoft JET Database Engine
  • Microsoft Exchange Server
  • Microsoft Office
  • Microsoft Scripting Engine
  • Microsoft Windows
  • Microsoft XML
  • Visual Studio
  • Windows Authentication Methods
  • Windows DHCP Client
  • Windows Hyper-V
  • Windows Kernel

Najistotniejszymi podatnościami, które zostały naprawione to:

CVE-2019-0547 – DHCP vulnerability – umożliwia atakującemu wykonanie dowolnego kodu poprzez wysłanie spreparowanych odpowiedzi DHCP do klienta.

CVE-2019-0550, CVE-2019-0551 – Hyper-V vulnerabilities that can execute code on the host – pozwala uwierzytelnionemu atakującemu w maszynie wirtualnej na wykonanie dowolnego kodu na gospodarzu.

CVE-2019-0622 – Skype for Android vuln could bypass lock screen –  atakujący z fizycznym dostępem do urządzenia z systemem Android miał możliwość ominięcia ekranu blokady.

Poniżej przedstawiamy szczegółowe zestawienie aktualizacji:

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Information Disclosure Vulnerability
CVE-2019-0545 No No Less Likely Less Likely Important
ASP.NET Core Denial of Service Vulnerability
CVE-2019-0548 No No Less Likely Less Likely Important
CVE-2019-0564 No No Important
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-0539 No No Critical 4.2 3.8
CVE-2019-0567 No No Critical 4.2 3.8
CVE-2019-0568 No No Critical 4.2 3.8
January 2019 Adobe Flash Update
ADV190001 No No
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-0538 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0575 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0576 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0577 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0578 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0579 Yes No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0580 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0581 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0582 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0583 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0584 No No Unlikely Unlikely Important 7.8 7.0
Latest Servicing Stack Updates
ADV990001 No No Critical
MSHTML Engine Remote Code Execution Vulnerability
CVE-2019-0541 No No More Likely More Likely Important 6.4 5.8
Microsoft Edge Elevation of Privilege Vulnerability
CVE-2019-0566 No No Important 4.3 3.8
Microsoft Edge Memory Corruption Vulnerability
CVE-2019-0565 No No Critical 4.2 3.8
Microsoft Exchange Information Disclosure Vulnerability
CVE-2019-0588 No No Less Likely Less Likely Important
Microsoft Exchange Memory Corruption Vulnerability
CVE-2019-0586 No No More Likely More Likely Important
Microsoft Office Information Disclosure Vulnerability
CVE-2019-0560 No No Less Likely Less Likely Important
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-0556 No No Important
CVE-2019-0557 No No Important
CVE-2019-0558 No No Less Likely Less Likely Important
Microsoft Outlook Information Disclosure Vulnerability
CVE-2019-0559 No No Less Likely Less Likely Important
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2019-0562 No No Less Likely Less Likely Important
Microsoft Visual Studio Information Disclosure Vulnerability
CVE-2019-0537 No No Less Likely Less Likely Important
Microsoft Windows Elevation of Privilege Vulnerability
CVE-2019-0543 No No More Likely More Likely Important 7.8 7.8
Microsoft Word Information Disclosure Vulnerability
CVE-2019-0561 No No Less Likely Less Likely Important
Microsoft Word Remote Code Execution Vulnerability
CVE-2019-0585 No No Less Likely Less Likely Important
Microsoft XmlDocument Elevation of Privilege Vulnerability
CVE-2019-0555 No No More Likely More Likely Important 7.0 6.3
Skype for Android Elevation of Privilege Vulnerability
CVE-2019-0622 No No Less Likely Less Likely Moderate
Visual Studio Remote Code Execution Vulnerability
CVE-2019-0546 No No Less Likely Less Likely Moderate
Windows COM Elevation of Privilege Vulnerability
CVE-2019-0552 No No More Likely More Likely Important 7.0 6.3
Windows DHCP Client Remote Code Execution Vulnerability
CVE-2019-0547 No No Critical 9.8 8.8
Windows Data Sharing Service Elevation of Pcrivilege Vulnerability
CVE-2019-0571 No No Less Likely Less Likely Important 7.8 7.8
CVE-2019-0572 No No More Likely More Likely Important 7.8 7.8
CVE-2019-0573 No No More Likely More Likely Important 7.8 7.8
CVE-2019-0574 No No More Likely More Likely Important 7.8 7.8
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-0550 No No Less Likely Less Likely Critical 7.6 6.8
CVE-2019-0551 No No Less Likely Less Likely Critical 7.6 6.8
Windows Kernel Information Disclosure Vulnerability
CVE-2019-0536 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0549 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0554 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0569 No No More Likely More Likely Important 5.5 5.3
Windows Runtime Elevation of Privilege Vulnerability
CVE-2019-0570 No No Less Likely Less Likely Important 7.8 7.8
Windows Subsystem for Linux Information Disclosure Vulnerability
CVE-2019-0553 No No Less Likely Less Likely Important 4.7 4.2