Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s January 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-812 on Wednesday, January 9th. 

In-The-Wild & Disclosed CVEs

CVE-2019-0579

The Windows Jet Database Engine improperly handles objects in memory and, if an attacker can convince a victim to open a malicious file, exploitation of this vulnerability could lead to code execution.

Microsoft has rated this as a 3 on the Exploitability Index (Exploitation Unlikely).

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

 

Tag
CVE Count
CVEs
Windows Hyper-V
2
CVE-2019-0550, CVE-2019-0551
Microsoft Edge
2
CVE-2019-0565, CVE-2019-0566
Windows Subsystem for Linux
11
CVE-2019-0538, CVE-2019-0575, CVE-2019-0576, CVE-2019-0577, CVE-2019-0578, CVE-2019-0579, CVE-2019-0580, CVE-2019-0581, CVE-2019-0582, CVE-2019-0583, CVE-2019-0584
ASP.NET
2
CVE-2019-0548, CVE-2019-0564
Microsoft Windows
6
CVE-2019-0543, CVE-2019-0570, CVE-2019-0571, CVE-2019-0572, CVE-2019-0573, CVE-2019-0574
.NET Framework
1
CVE-2019-0545
Windows COM
1
CVE-2019-0552
Visual Studio
2
CVE-2019-0537, CVE-2019-0546
Windows Kernel
4
CVE-2019-0536, CVE-2019-0549, CVE-2019-0554, CVE-2019-0569
Windows DHCP Client
1
CVE-2019-0547
Microsoft Exchange Server
2
CVE-2019-0586, CVE-2019-0588
Internet Explorer
1
CVE-2019-0541
Microsoft XML
1
CVE-2019-0555
Android App
1
CVE-2019-0622
Microsoft Office
4
CVE-2019-0585, CVE-2019-0559, CVE-2019-0560, CVE-2019-0561
Microsoft Scripting Engine
3
CVE-2019-0539, CVE-2019-0567, CVE-2019-0568
Microsoft Office SharePoint
4
CVE-2019-0556, CVE-2019-0557, CVE-2019-0558, CVE-2019-0562

 

Other Information

In addition to the Microsoft vulnerabilities included in the January Security Guidance, a pair of Adobe bulletins are available today.

January 2019 Adobe Flash Update [ADV190001]

Microsoft released an update for Adobe Flash. This corresponds with Adobe Update APSB19-01. This is a non-security update and includes no new CVEs.

Security Bulletin for Adobe Acrobat and Reader [APSB19-02]

Adobe has released security updates for Adobe Acrobat and Reader. This includes fixes for 2 CVEs: CVE-2018-16011 and CVE-2018-16-18.

The Executive's Guide to the Top 20 Critical Security Controls