Exploits & Vulnerabilities
January Patch Tuesday Contains Fixes for DHCP
Microsoft starts off 2019 relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited. Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable of these vulnerabilities is in the Windows DHCP Client (CVE-2019-0547), which could allow an attacker to execute code arbitrarily on a machine by issuing specially crafted DHCP responses. Since the Windows DHCP client is enabled in all Windows operating systems, this is a particularly important patch to implement. The security bulletin also includes a fix for a critical vulnerability in Microsoft Exchange software (CVE-2019-0586) that, if exploited successfully, could allow an attacker to run code as the System user and potentially view, change, or delete data and even create new accounts.
Also, as a reminder, users of Windows 7 should begin planning for an upgrade since these are the last 12 months before Microsoft ends support in January 2020.
On the Adobe front, 2019 started off with an unscheduled update for Adobe Acrobat and Reader. The update, released on January 3rd, fixed two Critical CVEs that were both reported through the ZDI program. They also updated Adobe Flash, Connect, and Adobe Digital Editions in their regular January release.
Trend Micro™ Deep Security protects user systems from any threats that may target the vulnerabilities addressed in this month’s round of updates via the following DPI rules:
- 1009452-Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2018-8550)
- 1009462-Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2019-0566)
- 1009463-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539)
- 1009464-Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541)
- 1009465-Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0565)
- 1009466-Microsoft Windows Multiple Security Vulnerabilities (Jan-2019) - 2
- 1009468-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0567)
- 1009469-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)
Trend Micro™ TippingPoint™ customers are protected from threats that may exploit this month’s list of vulnerabilities via these MainlineDV filters:
- 33921: ZDI-CAN-7385: Zero Day Initiative Vulnerability (Microsoft Windows)
- 33927: HTTP: Microsoft Edge Type Confusion Vulnerability
- 33928: HTTP: Microsoft Edge Session Boundary Memory Corruption Vulnerability
- 33929: HTTP: Microsoft Edge Type Confusion Vulnerability
- 33930: HTTP: Microsoft Edge Use-After-Free Vulnerability
- 33931: HTTP: Microsoft Windows Kernel Information Disclosure Vulnerability
- 33948: HTTP: Microsoft Edge Type Confusion Vulnerability
- 33949: HTTP: Microsoft Internet Explorer ProgId Code Execution Vulnerability