Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft January 2019 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft January 2019 Patch Tuesday

This month we got patches for 49 vulnerabilities total. None of them have been used in the wild, and only one vulnerability has been made public before today.

Particularly interesting is the vulnerability in the DHCP client. This could likely be exploited via a malicious DHCP server, for example in a public WiFi network. Microsoft assigned this vulnerability a CVSS base score of 9.8. 

We got a good number of vulnerabilities in the Jet Database Engine. Jet Database vulnerabilities are often exploitable via Office documents. But none of the vulnerabilities are labeled as critical. Only 8 vulnerabilities are labeled as "Critical" this month. The majority of them affects web browsers. But there are also two critical code execution vulnerabilities in HyperV.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Information Disclosure Vulnerability
CVE-2019-0545 No No Less Likely Less Likely Important    
ASP.NET Core Denial of Service Vulnerability
CVE-2019-0548 No No Less Likely Less Likely Important    
CVE-2019-0564 No No - - Important    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-0539 No No - - Critical 4.2 3.8
CVE-2019-0567 No No - - Critical 4.2 3.8
CVE-2019-0568 No No - - Critical 4.2 3.8
January 2019 Adobe Flash Update
ADV190001 No No - -      
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-0538 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0575 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0576 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0577 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0578 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0579 Yes No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0580 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0581 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0582 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0583 No No Unlikely Unlikely Important 7.8 7.0
CVE-2019-0584 No No Unlikely Unlikely Important 7.8 7.0
Latest Servicing Stack Updates
ADV990001 No No - - Critical    
MSHTML Engine Remote Code Execution Vulnerability
CVE-2019-0541 No No More Likely More Likely Important 6.4 5.8
Microsoft Edge Elevation of Privilege Vulnerability
CVE-2019-0566 No No - - Important 4.3 3.9
Microsoft Edge Memory Corruption Vulnerability
CVE-2019-0565 No No - - Critical 4.2 3.8
Microsoft Exchange Information Disclosure Vulnerability
CVE-2019-0588 No No Less Likely Less Likely Important    
Microsoft Exchange Memory Corruption Vulnerability
CVE-2019-0586 No No More Likely More Likely Important    
Microsoft Office Information Disclosure Vulnerability
CVE-2019-0560 No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-0556 No No - - Important    
CVE-2019-0557 No No - - Important    
CVE-2019-0558 No No Less Likely Less Likely Important    
Microsoft Outlook Information Disclosure Vulnerability
CVE-2019-0559 No No Less Likely Less Likely Important    
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2019-0562 No No Less Likely Less Likely Important    
Microsoft Visual Studio Information Disclosure Vulnerability
CVE-2019-0537 No No Less Likely Less Likely Important    
Microsoft Windows Elevation of Privilege Vulnerability
CVE-2019-0543 No No More Likely More Likely Important 7.8 7.8
Microsoft Word Information Disclosure Vulnerability
CVE-2019-0561 No No Less Likely Less Likely Important    
Microsoft Word Remote Code Execution Vulnerability
CVE-2019-0585 No No Less Likely Less Likely Important    
Microsoft XmlDocument Elevation of Privilege Vulnerability
CVE-2019-0555 No No More Likely More Likely Important 7.0 6.3
Skype for Android Elevation of Privilege Vulnerability
CVE-2019-0622 No No Less Likely Less Likely Moderate    
Visual Studio Remote Code Execution Vulnerability
CVE-2019-0546 No No Less Likely Less Likely Moderate    
Windows COM Elevation of Privilege Vulnerability
CVE-2019-0552 No No More Likely More Likely Important 7.0 6.3
Windows DHCP Client Remote Code Execution Vulnerability
CVE-2019-0547 No No - - Critical 9.8 8.8
Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2019-0571 No No Less Likely Less Likely Important 7.8 7.8
CVE-2019-0572 No No More Likely More Likely Important 7.8 7.8
CVE-2019-0573 No No More Likely More Likely Important 7.8 7.8
CVE-2019-0574 No No More Likely More Likely Important 7.8 7.8
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-0550 No No Less Likely Less Likely Critical 7.6 6.8
CVE-2019-0551 No No Less Likely Less Likely Critical 7.6 6.8
Windows Kernel Information Disclosure Vulnerability
CVE-2019-0536 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0549 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0554 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0569 No No More Likely More Likely Important 5.5 5.5
Windows Runtime Elevation of Privilege Vulnerability
CVE-2019-0570 No No Less Likely Less Likely Important 7.8 7.8
Windows Subsystem for Linux Information Disclosure Vulnerability
CVE-2019-0553 No No Less Likely Less Likely Important 4.7 4.2

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

I will be teaching next: Defending Web Applications Security Essentials - SANS Cyber Defense Initiative 2020

 Johannes

4003 Posts
ISC Handler
Jan 8th 2019
Thread locked Subscribe Jan 8th 2019
1 year ago
Whoops! Windows-7 users, listen up:

https://www.zdnet.com/article/microsofts-killer-windows-7-patch-breaks-networking-bricks-legit-not-genuine-pcs/
"Microsoft's killer Windows 7 patch: Breaks networking, flags legit PCs as 'Not genuine'"

Known issues in this update

After installing this update, some users are reporting the KMS Activation error, “Not Genuine”, 0xc004f200 on Windows 7 devices. We are aware of this incident and are presently investigating it. We will provide an update when available.

Local users who are part of the local “Administrators“ group may not be able to remotely access shares on Windows Server 2008 R2 and Windows 7 machines after installing the January 8th, 2019 security updates. This does not affect domain accounts in the local "Administrators" group.
 Anonymous
Quote Jan 10th 2019
1 year ago
Please see this detailed article at BleepingComputer, "Windows KB4480960 & KB4480970 Updates Causing Network and License Problems" —
https://www.bleepingcomputer.com/news/microsoft/windows-kb4480960-and-kb4480970-updates-causing-network-and-license-problems/ .
 AJNorth

1 Posts
Quote Jan 11th 2019
1 year ago
There are some workarounds now:

https://support.microsoft.com/en-us/help/4480960/windows-server-2008-kb4480960

https://support.microsoft.com/en-us/help/4480970/windows-7-update-kb4480970

https://support.microsoft.com/en-us/help/4487266/activation-failures-and-not-genuine-notifications-on-vl-win-7-kms-clie

https://support.microsoft.com/en-us/help/4487345/update-for-windows-7-sp1-and-windows-server-2008-r2
 Anonymous
Quote Jan 14th 2019
1 year ago

Sign Up for Free or Log In to start participating in the conversation!