Microsoft Patch Tuesday — January 2019 Security Updates Released
Microsoft has issued its first Patch Tuesday for this year to address 49 CVE-listed security vulnerabilities in its Windows operating systems and other products, 7 of which are rated critical, 40 important and 2 moderate in severity.
Just one of the security vulnerabilities patched by the tech giant this month has been reported as being publicly known at the time of release, and none are being actively exploited in the wild.
All the seven critical-rated vulnerabilities lead to remote code execution and primarily impact various versions of Windows 10 and Server editions.
Two of the 7 critical flaws affect Microsoft's Hyper-V host OS that fails to properly validate input from an authenticated user on a guest operating system, three affect the ChakraCore scripting engine that fails to properly handle objects in memory in Edge, one affects Edge directly that occurs when the browser improperly handles objects in memory, and one impacts the Windows DHCP client that fails to properly handle certain DHCP responses.
The publicly disclosed flaw but not exploited in the wild, identified as CVE-2019-0579 and rated as important, concerns a remote code execution (RCE) vulnerability in the Windows Jet Database engine that could be exploited to execute arbitrary code on a victim's system by tricking him into opening a specially-crafted file.
Other "Important" vulnerabilities are addressed in the .NET framework, MS Exchange Server, Edge, Internet Explorer, SharePoint, the Office suite, Windows Data Sharing Service, Visual Studio, Outlook, and Windows Subsystem for Linux.
One of the MS Office flaws patched this month is an information disclosure bug (CVE-2019-0560) which exists when Microsoft Office improperly discloses the contents of its memory.
Attackers can exploit this vulnerability by tricking a user into opening a specially crafted Office document. Successful exploitation could allow an attacker to obtain information from the Office memory that can later be used to compromise a victim's computer or data.
Microsoft credited Tal Dery and Menahem Breuer of Mimecast Research Labs for this vulnerability. To know more details about their findings, you can head on to an advisory and a blog post published by Mimecast.
Another notable bug patched by Microsoft this month is a privilege vulnerability (CVE-2019-0622) vulnerability in Skype for Android that could have allowed hackers to bypass the lock screen and access personal data on an Android device—by merely answering a Skype call to that device.
The Skype flaw has been rated as 'moderate' and requires an attacker to have physical access to your device. A patch for this vulnerability was included in the December 23 release of Skype, but Skype for Android users need to manually update the app from Google Play.
Although Microsoft does not list this as publicly known, the researcher posted a YouTube video demonstrating the vulnerability back on December 31.
Though not part of this months patch update, users are also recommended to download the latest update to patch a memory corruption vulnerability (CVE-2018-8653) in Internet Explorer that Microsoft addressed by releasing an out of band patch in December, as the flaw continues to be exploited in the wild.
Users and system administrators are strongly recommended to apply the latest security patches as soon as possible to keep hackers and cybercriminals away from taking control of their systems.
For installing the latest security patch updates, head on to Settings → Update & Security → Windows Update → Check for updates, on your computer system or you can install the updates manually.
Red Securium Pvt Limited Company
Red securium company provide best ethical hacking and cyber security training in noida.
Address: Block A, A-25, Second Floor, Sector 3, Noida, Uttar Pradesh 201301
Just one of the security vulnerabilities patched by the tech giant this month has been reported as being publicly known at the time of release, and none are being actively exploited in the wild.
All the seven critical-rated vulnerabilities lead to remote code execution and primarily impact various versions of Windows 10 and Server editions.
Two of the 7 critical flaws affect Microsoft's Hyper-V host OS that fails to properly validate input from an authenticated user on a guest operating system, three affect the ChakraCore scripting engine that fails to properly handle objects in memory in Edge, one affects Edge directly that occurs when the browser improperly handles objects in memory, and one impacts the Windows DHCP client that fails to properly handle certain DHCP responses.
The publicly disclosed flaw but not exploited in the wild, identified as CVE-2019-0579 and rated as important, concerns a remote code execution (RCE) vulnerability in the Windows Jet Database engine that could be exploited to execute arbitrary code on a victim's system by tricking him into opening a specially-crafted file.
Other "Important" vulnerabilities are addressed in the .NET framework, MS Exchange Server, Edge, Internet Explorer, SharePoint, the Office suite, Windows Data Sharing Service, Visual Studio, Outlook, and Windows Subsystem for Linux.
One of the MS Office flaws patched this month is an information disclosure bug (CVE-2019-0560) which exists when Microsoft Office improperly discloses the contents of its memory.
Attackers can exploit this vulnerability by tricking a user into opening a specially crafted Office document. Successful exploitation could allow an attacker to obtain information from the Office memory that can later be used to compromise a victim's computer or data.
Microsoft credited Tal Dery and Menahem Breuer of Mimecast Research Labs for this vulnerability. To know more details about their findings, you can head on to an advisory and a blog post published by Mimecast.
Lock Screen Bypass Flaw in Skype for Android Also Patched
Another notable bug patched by Microsoft this month is a privilege vulnerability (CVE-2019-0622) vulnerability in Skype for Android that could have allowed hackers to bypass the lock screen and access personal data on an Android device—by merely answering a Skype call to that device.
The Skype flaw has been rated as 'moderate' and requires an attacker to have physical access to your device. A patch for this vulnerability was included in the December 23 release of Skype, but Skype for Android users need to manually update the app from Google Play.
Although Microsoft does not list this as publicly known, the researcher posted a YouTube video demonstrating the vulnerability back on December 31.
Though not part of this months patch update, users are also recommended to download the latest update to patch a memory corruption vulnerability (CVE-2018-8653) in Internet Explorer that Microsoft addressed by releasing an out of band patch in December, as the flaw continues to be exploited in the wild.
Users and system administrators are strongly recommended to apply the latest security patches as soon as possible to keep hackers and cybercriminals away from taking control of their systems.
For installing the latest security patch updates, head on to Settings → Update & Security → Windows Update → Check for updates, on your computer system or you can install the updates manually.
CEEH - (Certified Expert Ethical Hacker) Certification. This Is Advance Ethical Hacking Course You Will Learn In This Course
Chapter 1- Introduction Of Ethical Hacking
Chapter 2- Cyber Crime
Chapter 3- Foot-Printing
Chapter 4- Foot-Printing Pen-Testing
Chapter 5- Scanning
Chapter 6- Proxy Server
Chapter 7- Enumeration
Chapter 8- Banner Garbing
Chapter 9- Password Hacking
Chapter 10- Windows Hacking And Securing
Chapter 11- System Hacking
Chapter 12- Virus And Worm
Chapter 13- Physical Security
Chapter 14 - Ransomware
Chapter 15 -Sniffing
Chapter 16 -Social Engineering
Chapter 17 -Session Hijacking
Chapter 18 -Dos Attack
Chapter 19 -Stenography
Chapter 20 -Cryptography
Chapter 21 -Sql Injection
Chapter 22 -Web Server & Application Hacking
Chapter 23 -Buffer Overflow
Chapter 24 -Wireless Network Hacking
Chapter 26 -Sim Card Cloning
Chapter 27 -Android Hacking
Chapter 28 -Honey Port
Chapter 29 - Batch File Programing
And So On ...
Challenge EC-Council Course CEHv10 0r Update Version
.
Contact us:
Red Securium Pvt Limited Company
Red securium company provide best ethical hacking and cyber security training in noida.
Address: Block A, A-25, Second Floor, Sector 3, Noida, Uttar Pradesh 201301
Telephone number: +91-120 429 1672
Website : redsecurium.org
Email: info@redsecurium.org
Mobile number: +91-7455923827
Google+ Profile: Red Securium
Facebook profile: Red Securium
Twitter Profile: Red Securium
Instagram Profile: Red Securium
- Get link
- X
- Other Apps
Labels:
49 CVE-listed security vulnerabilities
ChakraCore scripting engine
CVE-2019-0579
Lock Screen Bypass Flaw in Skype for Android
Tal Dery and Menahem Breuer of Mimecast Research Labs
Location:
Noida, Uttar Pradesh, India
- Get link
- X
- Other Apps
Comments
Post a Comment