Patch Tuesday Release: The Latest News
Microsoft has released 49 security patches today. There are seven Critical severity patches in this release however almost half resolve a remote code execution issue.
Eleven of the others are important remote code execution patches, and one of these patches is listed as publicly known which we are highly recommend be prioritized this month.
Adobe Flash, Connect and Digital Editions
Adobe has released updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address feature and performance bugs, but do not include security fixes.
The Adobe Connect update resolves an important session token exposure vulnerability and the update for Adobe Digital resolved a vulnerability which if successful exploitation could lead to information disclosure in the context of the current user.
All of these updates are Priority 3, which means Exploitation is not known or likely.
CVE-2019-0579
Although this update has a Severity rating of Important, is publicly disclosed, and although there is no evidence that this is being actively exploited in the wild, these types of updates are commonly used to expose customer environments – as demonstrated by the independent CVSS score of 7.8 out of 10.
Robert Brown, Director of Services for Verismic said, “You should not leave Windows Update in its automatic mode as updates like this would typically be lower priority and therefore not deployed automatically. You should have enough information to make informed choices in your selection of patches, and that includes being able to see independent CVSS scores and whether the vulnerability has been made Public or known to be Actively Exploited.”
Syxsense provides that information so you do not need to reply on default Windows Update patching.
7GB of Storage – ‘Reserve Storage’
Windows doesn’t check if a device has enough space before installing an update. The current solution is for users to manually delete unnecessary temporary files and temporarily move those files like photos and films to external storage to make enough space.
Microsoft have announced that a future “Quality Update” could automatically earmark 7GB of storage on your local hard drive to future proof any download of large updates going forward.
What is concerning is this space cannot be retrieved or paid back to Windows – so any device with the older generation SDD drives or smaller hard drive are likely to run out of space.
Patch Tuesday Release
| CVE ID | Description | Severity | Publicly Discovered | Actively Exploited | Recommended |
| CVE-2019-0579 | Jet Database Engine Remote Code Execution Vulnerability | Important | Yes | No | Yes |
| CVE-2019-0539 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2019-0568 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2019-0567 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2019-0565 | Microsoft Edge Memory Corruption Vulnerability | Critical | No | No | Yes |
| CVE-2019-0547 | Windows DHCP Client Remote Code Execution Vulnerability | Critical | No | No | Yes |
| CVE-2019-0550 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | No | No | Yes |
| CVE-2019-0551 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | No | No | Yes |
| CVE-2019-0564 | ASP.NET Core Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-0548 | ASP.NET Core Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-0566 | Microsoft Edge Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0562 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0543 | Microsoft Windows Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0555 | Microsoft Xml Document Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0552 | Windows COM Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0571 | Windows Data Sharing Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0572 | Windows Data Sharing Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0573 | Windows Data Sharing Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0574 | Windows Data Sharing Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0570 | Windows Runtime Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0545 | ASP.NET Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0560 | Microsoft Office Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0559 | Microsoft Outlook Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0537 | Microsoft Visual Studio Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0561 | Microsoft Word Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0536 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0549 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0554 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0569 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0553 | Windows Subsystem for Linux Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0541 | Internet Explorer Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0538 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0575 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0576 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0577 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0578 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0580 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0581 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0582 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0583 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0584 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0588 | Microsoft Exchange Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0586 | Microsoft Exchange Memory Corruption Vulnerability | Important | No | No | |
| CVE-2019-0585 | Microsoft Word Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0556 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | |
| CVE-2019-0557 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | |
| CVE-2019-0558 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | |
| CVE-2019-0622 | Skype for Android Elevation of Privilege Vulnerability | Moderate | No | No | |
| CVE-2019-0546 | Visual Studio Remote Code Execution Vulnerability | Moderate | No | No |
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
