Microsoft Security Bulletin for February 2019 Patches That Fix 79 Security Vulnerabilities
Total Page:16
File Type:pdf, Size:1020Kb
Microsoft Security Bulletin for February 2019 Patches That Fix 79 Security Vulnerabilities Date of Release: Feburary 13, 2019 Overview Microsoft released the January 2019 security patch on Tuesday that fixes 79 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Framework, Adobe Flash Player, Azure, Internet Explorer, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Servicing Stack Updates, Team Foundation Server, Visual Studio, Windows DHCP Server, Windows Hyper-V, Windows Kernel, and Windows SMB Server. Details can be found in the following table. Product CVE ID CVE Title Severity Level .NET Framework and Visual .NET Framework CVE-2019-0657 Important Studio Spoofing Vulnerability @绿盟科技 2019 http://www.nsfocus.com .NET Framework and Visual .NET Framework CVE-2019-0613 Studio Remote Code Execution Important Vulnerability February 2019 Adobe Flash Adobe Flash Player ADV190003 Critical Security Update Azure IoT Java SDK Privilege Azure CVE-2019-0729 Important Escalation Vulnerability Azure IoT Java SDK Information Azure CVE-2019-0741 Important Disclosure Vulnerbaility Internet Explorer Memory Internet Explorer CVE-2019-0606 Critical Corruption Vulnerability Internet Explorer Information Internet Explorer CVE-2019-0676 Important Disclosure Vulnerability Microsoft Browser Spoofing Microsoft Browsers CVE-2019-0654 Important Vulnerability @绿盟科技 2019 http://www.nsfocus.com Microsoft Edge Security Feature Microsoft Edge CVE-2019-0641 Moderate Bypass Vulnerability Microsoft Edge Information Microsoft Edge CVE-2019-0643 Moderate Disclosure Vulnerability Microsoft Edge Memory Microsoft Edge CVE-2019-0645 Critical Corruption Vulnerability Microsoft Edge Memory Microsoft Edge CVE-2019-0650 Critical Corruption Vulnerability Microsoft Edge Memory Microsoft Edge CVE-2019-0634 Moderate Corruption Vulnerability February 2019 Oracle Outside In Microsoft Exchange Server ADV190004 Unknown Library Security Update Microsoft Exchange Server Microsoft Exchange Server CVE-2019-0686 Important Privilege Escalation Vulnerability @绿盟科技 2019 http://www.nsfocus.com Microsoft Exchange Server Microsoft Exchange Server CVE-2019-0724 Important Privilege Escalation Vulnerability Guidance for "PrivExchange" Microsoft Exchange Server ADV190007 Unknown Privilege Escalation Vulnerability Windows GDI Information Microsoft Graphics Component CVE-2019-0660 Important Disclosure Vulnerability GDI+ Remote Code Execution Microsoft Graphics Component CVE-2019-0662 Critical Vulnerability Windows GDI Information Microsoft Graphics Component CVE-2019-0664 Important Disclosure Vulnerability Windows GDI Information Microsoft Graphics Component CVE-2019-0602 Important Disclosure Vulnerability Microsoft Graphics Component CVE-2019-0615 Windows GDI Information Important Disclosure Vulnerability Microsoft Graphics Component CVE-2019-0616 Windows GDI Information Important Disclosure Vulnerability @绿盟科技 2019 http://www.nsfocus.com GDI+ Remote Code Execution Microsoft Graphics Component CVE-2019-0618 Critical Vulnerability Windows GDI Information Microsoft Graphics Component CVE-2019-0619 Important Disclosure Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0625 Important Execution Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0595 Important Execution Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0596 Important Execution Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0597 Important Execution Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0598 Important Execution Vulnerability @绿盟科技 2019 http://www.nsfocus.com Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-0599 Important Execution Vulnerability Microsoft Office Security Feature Microsoft Office CVE-2019-0540 Important Bypass Vulnerability Microsoft Office Access Microsoft Office CVE-2019-0671 Connectivity Engine Remote Code Important Execution Vulnerability Microsoft Office Access Microsoft Office CVE-2019-0672 Connectivity Engine Remote Code Important Execution Vulnerability Microsoft Office Access Microsoft Office CVE-2019-0673 Connectivity Engine Remote Code Important Execution Vulnerability Microsoft Office Access Microsoft Office CVE-2019-0674 Connectivity Engine Remote Code Important Execution Vulnerability Microsoft Office Access Microsoft Office CVE-2019-0675 Connectivity Engine Remote Code Important Execution Vulnerability @绿盟科技 2019 http://www.nsfocus.com Microsoft Excel Information Microsoft Office CVE-2019-0669 Important Disclosure Vulnerability Microsoft SharePoint Privilege Microsoft Office SharePoint CVE-2019-0668 Important Escalation Vulnerability Microsoft SharePoint Spoofing Microsoft Office SharePoint CVE-2019-0670 Moderate Vulnerability Microsoft SharePoint Remote Code Microsoft Office SharePoint CVE-2019-0594 Critical Execution Vulnerability Microsoft SharePoint Remote Code Microsoft Office SharePoint CVE-2019-0604 Critical Execution Vulnerability Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-0607 Critical Corruption Vulnerability Microsoft Scripting Engine CVE-2019-0610 Chakra Scripting Engine Memory Important Corruption Vulnerability Microsoft Scripting Engine CVE-2019-0640 Chakra Scripting Engine Memory Critical Corruption Vulnerability @绿盟科技 2019 http://www.nsfocus.com Microsoft Scripting Engine CVE-2019-0642 Chakra Scripting Engine Memory Critical Corruption Vulnerability Microsoft Scripting Engine CVE-2019-0644 Scripting Engine Memory Moderate Corruption Vulnerability Scripting Engine Information Microsoft Scripting Engine CVE-2019-0648 Important Disclosure Vulnerability Scripting Engine Elevation of Microsoft Scripting Engine CVE-2019-0649 Important Privileged Vulnerability Scripting Engine Memory Microsoft Scripting Engine CVE-2019-0651 Critical Corruption Vulnerability Microsoft Scripting Engine CVE-2019-0652 Scripting Engine Memory Critical Corruption Vulnerability Microsoft Scripting Engine CVE-2019-0655 Scripting Engine Memory Moderate Corruption Vulnerability Scripting Engine Information Microsoft Scripting Engine CVE-2019-0658 Important Disclosure Vulnerability Microsoft Scripting Engine CVE-2019-0590 Chakra Scripting Engine Memory Critical Corruption Vulnerability @绿盟科技 2019 http://www.nsfocus.com Microsoft Scripting Engine CVE-2019-0591 Chakra Scripting Engine Memory Critical Corruption Vulnerability Microsoft Scripting Engine CVE-2019-0593 Chakra Scripting Engine Memory Critical Corruption Vulnerability Microsoft Scripting Engine CVE-2019-0605 Chakra Scripting Engine Memory Moderate Corruption Vulnerability Windows Storage Service Privilege Microsoft Windows CVE-2019-0659 Important Escalation Vulnerability HID Information Disclosure Microsoft Windows CVE-2019-0600 Important Vulnerability HID Information Disclosure Microsoft Windows CVE-2019-0601 Important Vulnerability Windows Security Feature Bypass Microsoft Windows CVE-2019-0627 Important Vulnerability Windows Security Feature Bypass Microsoft Windows CVE-2019-0631 Important Vulnerability @绿盟科技 2019 http://www.nsfocus.com Windows Security Feature Bypass Microsoft Windows CVE-2019-0632 Important Vulnerability Windows Information Disclosure Microsoft Windows CVE-2019-0636 Important Vulnerability Windows Defender Firewall Microsoft Windows CVE-2019-0637 Security Feature Bypass Important Vulnerability Guidance to mitigate unconstrained Microsoft Windows ADV190006 Unknown delegation vulnerabilities Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical Team Foundation Server Cross-site Team Foundation Server CVE-2019-0743 Important Scripting Vulnerability Team Foundation Server Cross-site Team Foundation Server CVE-2019-0742 Important Scripting Vulnerability @绿盟科技 2019 http://www.nsfocus.com Visual Studio Code Remote Code Visual Studio CVE-2019-0728 Important Execution Vulnerability Windows DHCP Server Remote Windows DHCP Server CVE-2019-0626 Critical Code Execution Vulnerability Windows Hyper-V Information Windows Hyper-V CVE-2019-0635 Important Disclosure Vulnerability Win32k Privilege Escalation Windows Kernel CVE-2019-0623 Important Vulnerability Win32k Information Disclosure Windows Kernel CVE-2019-0628 Important Vulnerability Windows Kernel Privilege Windows Kernel CVE-2019-0656 Important Escalation Vulnerability Windows Kernel Information Windows Kernel CVE-2019-0661 Important Disclosure Vulnerability @绿盟科技 2019 http://www.nsfocus.com Windows Kernel Information Windows Kernel CVE-2019-0621 Important Disclosure Vulnerability Windows SMB Remote Code Windows SMB Server CVE-2019-0630 Important Execution Vulnerability Windows SMB Remote Code Windows SMB Server CVE-2019-0633 Important Execution Vulnerability Recommended Mitigation Measures Microsoft has released the January 2019 security patch to fix these issues. Please install the patch as soon as possible. @绿盟科技 2019 http://www.nsfocus.com Appendix ADV190003 - February 2019 Adobe Flash Security Update Maximu m Vulnerabilit CVE ID Vulnerability Description Severity y Impact Rating CVE Title: February 2019 Adobe Flash Security Update Description: This security update addresses the following vulnerability, which is described in Adobe Security Bulletin APSB19-06: CVE-2019-7090. ADV19000 Remote 3 FAQ: Critical Code MITRE