Patch Tuesday: January Updates

Patch Tuesday Release: The Latest News

Microsoft has released 49 security patches today. There are seven Critical severity patches in this release however almost half resolve a remote code execution issue.
Eleven of the others are important remote code execution patches, and one of these patches is listed as publicly known which we are highly recommend be prioritized this month.

Adobe Flash, Connect and Digital Editions

Adobe has released updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS.  These updates address feature and performance bugs, but do not include security fixes.The Adobe Connect update resolves an important session token exposure vulnerability and the update for Adobe Digital resolved a vulnerability which if successful exploitation could lead to information disclosure in the context of the current user.
All of these updates are Priority 3, which means Exploitation is not known or likely.

CVE-2019-0579

Although this update has a Severity rating of Important, is publicly disclosed, and although there is no evidence that this is being actively exploited in the wild, these types of updates are commonly used to expose customer environments – as demonstrated by the independent CVSS score of 7.8 out of 10.
Robert Brown, Director of Services for Verismic said, “You should not leave Windows Update in its automatic mode as updates like this would typically be lower priority and therefore not deployed automatically. You should have enough information to make informed choices in your selection of patches, and that includes being able to see independent CVSS scores and whether the vulnerability has been made Public or known to be Actively Exploited.”
Syxsense provides that information so you do not need to reply on default Windows Update patching.

7GB of Storage – ‘Reserve Storage’

Windows doesn’t check if a device has enough space before installing an update. The current solution is for users to manually delete unnecessary temporary files and temporarily move those files like photos and films to external storage to make enough space.Microsoft have announced that a future “Quality Update” could automatically earmark 7GB of storage on your local hard drive to future proof any download of large updates going forward.
What is concerning is this space cannot be retrieved or paid back to Windows – so any device with the older generation SDD drives or smaller hard drive are likely to run out of space.

Patch Tuesday Release

CVE ID Description Severity Publicly Discovered Actively Exploited Recommended
CVE-2019-0579 Jet Database Engine Remote Code Execution Vulnerability Important Yes No Yes
CVE-2019-0539 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0568 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0567 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0565 Microsoft Edge Memory Corruption Vulnerability Critical No No Yes
CVE-2019-0547 Windows DHCP Client Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0550 Windows Hyper-V Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0551 Windows Hyper-V Remote Code Execution Vulnerability Critical No No Yes
CVE-2019-0564 ASP.NET Core Denial of Service Vulnerability Important No No
CVE-2019-0548 ASP.NET Core Denial of Service Vulnerability Important No No
CVE-2019-0566 Microsoft Edge Elevation of Privilege Vulnerability Important No No
CVE-2019-0562 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No
CVE-2019-0543 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-0555 Microsoft Xml Document Elevation of Privilege Vulnerability Important No No
CVE-2019-0552 Windows COM Elevation of Privilege Vulnerability Important No No
CVE-2019-0571 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0572 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0573 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0574 Windows Data Sharing Service Elevation of Privilege Vulnerability Important No No
CVE-2019-0570 Windows Runtime Elevation of Privilege Vulnerability Important No No
CVE-2019-0545 ASP.NET Information Disclosure Vulnerability Important No No
CVE-2019-0560 Microsoft Office Information Disclosure Vulnerability Important No No
CVE-2019-0559 Microsoft Outlook Information Disclosure Vulnerability Important No No
CVE-2019-0537 Microsoft Visual Studio Information Disclosure Vulnerability Important No No
CVE-2019-0561 Microsoft Word Information Disclosure Vulnerability Important No No
CVE-2019-0536 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0549 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0554 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0569 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-0553 Windows Subsystem for Linux Information Disclosure Vulnerability Important No No
CVE-2019-0541 Internet Explorer Remote Code Execution Vulnerability Important No No
CVE-2019-0538 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0575 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0576 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0577 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0578 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0580 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0581 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0582 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0583 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0584 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-0588 Microsoft Exchange Information Disclosure Vulnerability Important No No
CVE-2019-0586 Microsoft Exchange Memory Corruption Vulnerability Important No No
CVE-2019-0585 Microsoft Word Remote Code Execution Vulnerability Important No No
CVE-2019-0556 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0557 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0558 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-0622 Skype for Android Elevation of Privilege Vulnerability Moderate No No
CVE-2019-0546 Visual Studio Remote Code Execution Vulnerability Moderate No No