Security Alert (A19-01-02): Multiple Vulnerabilities in Microsoft Products (January 2019)


 

Published on: 09 January 2019

  
  

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:

https://support.microsoft.com/en-us/help/20190108/security-update-deployment-information

 

Affected Systems:

  • Adobe Flash Player
  • Microsoft Internet Explorer 9, 10, 11
  • Microsoft Edge
  • Microsoft Windows 7, 8.1, RT 8.1, 10
  • Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
  • Microsoft Windows Server, version 1709, version 1803
  • Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 for Mac, 2019, 2019 for Mac
  • Microsoft Office Online Server
  • Microsoft Office Web Apps Server 2010
  • Microsoft Office Word Viewer
  • Office 365 ProPlus
  • Microsoft Word 2010, 2013, 2013 RT, 2016
  • Word Automation Services
  • Microsoft Excel Viewer 2007
  • Microsoft SharePoint Enterprise Server 2013, 2016
  • Microsoft SharePoint Server 2019
  • Microsoft Exchange Server 2010, 2013, 2016, 2019
  • Microsoft Outlook 2010, 2013, 2013 RT, 2016
  • Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 3.5.2, 4.6. 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2,
  • Microsoft Business Productivity Servers 2010
  • Microsoft Visual Studio 2010, 2012, 2017
  • .NET Core 2.1, 2.2
  • ASP.NET Core 2.1, 2.2
  • ChakraCore
  • Skype 8.35 when installed on Android Devices

A complete list of the affected products can be found at:
https://portal.msrc.microsoft.com/en-us/security-guidance

 

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, elevation of privilege, information disclosure, denial of service and spoofing.

 

Recommendation:

Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/b4384b95-e6d2-e811-a983-000d3a33c573
https://support.microsoft.com/en-us/help/20190108/security-update-deployment-information
https://www.hkcert.org/my_url/en/alert/19010901
https://www.us-cert.gov/ncas/current-activity/2019/01/08/Microsoft-Releases-January-2019-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190001
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0536 (to CVE-2019-0539)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0543
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0545 (to CVE-2019-0562)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0564 (to CVE-2019-0586)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0588
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0622

 



Tag: Adobe , Flash Player , Microsoft , Internet Explorer , Edge , Windows , Windows Server , Microsoft Office , Microsoft Office Web Apps Server , Microsoft Office Online Server , Word , Excel , SharePoint , Exchange Server , Outlook , .NET Framework , Business Productivity Servers , Visual Studio , .NET Core , ASP.NET Core , ChakraCore , Skype
Tags