VERT Threat Alert: February 2019 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-817 on Wednesday, February 13th. 

In-The-Wild & Disclosed CVEs 

CVE-2019-0676

The first vulnerability in the list today is an Internet Explorer vulnerability that is already seeing active exploitation. A flaw in how IE handles objects in memory can disclose the presence of files on disk when targets visit a malicious website. In order to exploit this, the attacker would have to convince the target to visit the malicious website. Microsoft has rated this as a 0 on the Exploitability Index (Exploitation Detected).

CVE-2019-0636

A vulnerability exists within Windows that could allow code executed on a system to read the contents of files on the disk that it should not be able to access. This vulnerability has been publicly disclosed but has not seen active exploitation. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE-2019-0686

A vulnerability exists in the communication between Exchange Web Services clients and Exchange Severs that could allow a man-in-the-middle attacker to forward authentication requests to the Exchange Server and access the mailbox of other users. This vulnerability has been publicly disclosed but has not seen active exploitation. Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.  

Tag	CVE Count	CVEs
Team Foundation Server	2	CVE-2019-0743, CVE-2019-0742
.NET Framework	2	CVE-2019-0657, CVE-2019-0613
Windows Hyper-V	1	CVE-2019-0635
Microsoft JET Database Engine	6	CVE-2019-0625, CVE-2019-0595, CVE-2019-0596, CVE-2019-0597, CVE-2019-0598, CVE-2019-0599
Windows SMB Server	2	CVE-2019-0630, CVE-2019-0633
Microsoft Windows	8	CVE-2019-0659, CVE-2019-0600, CVE-2019-0601, CVE-2019-0627, CVE-2019-0631, CVE-2019-0632, CVE-2019-0636, CVE-2019-0637
Microsoft Edge	5	CVE-2019-0641, CVE-2019-0643, CVE-2019-0645, CVE-2019-0650, CVE-2019-0634
Microsoft Graphics Component	8	CVE-2019-0660, CVE-2019-0662, CVE-2019-0664, CVE-2019-0602, CVE-2019-0615, CVE-2019-0616, CVE-2019-0618, CVE-2019-0619
Microsoft Browsers	1	CVE-2019-0654
Visual Studio	1	CVE-2019-0728
Windows Kernel	5	CVE-2019-0623, CVE-2019-0628, CVE-2019-0656, CVE-2019-0661, CVE-2019-0621
Microsoft Exchange Server	2	CVE-2019-0686, CVE-2019-0724
Azure	2	CVE-2019-0729, CVE-2019-0741
Internet Explorer	2	CVE-2019-0606, CVE-2019-0676
Windows DHCP Server	1	CVE-2019-0626
Microsoft Office	7	CVE-2019-0540, CVE-2019-0671, CVE-2019-0672, CVE-2019-0673, CVE-2019-0674, CVE-2019-0675, CVE-2019-0669
Microsoft Scripting Engine	15	CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0648, CVE-2019-0649, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655, CVE-2019-0658, CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605
Microsoft Office SharePoint	4	CVE-2019-0668, CVE-2019-0670, CVE-2019-0594, CVE-2019-0604

 

Other Information

In addition to the Microsoft vulnerabilities included in the January Security Guidance, a pair of Adobe bulletins are available today.

February 2019 Adobe Flash Update [ADV190003]

Microsoft released an update for Adobe Flash. This corresponds with Adobe Update APSB19-08 and includes CVE-2019-7090.

Security Bulletin for Adobe Acrobat and Reader [APSB19-07]

Adobe has released security updates for Adobe Acrobat and Reader. This includes fixes for 70 CVEs.