Microsoft has patched about fifty flaws as mentioned in its Patch Tuesday updates for January 2019, The patches includes some harmful vulnerabilities impacting Hyper-V, Edge and DHCP. None of the flaws fixed running month seem to have been victimized, however one of them has been openly exposed.
The flaw tracked publicly was revealed as CVE-2019-0579 and rated as crucial, impacts the Windows Jet database engine. It can be victimized by a distant hacker to function code on a marked system by acquiring a user to public a particularly crafted file. Microsoft has praised analysts from Palo Alto Networks, ACROS’s Zeropatch, and Flexera for news reporting the flaw.
It is probable that the vulnerability is associated to CVE-2018-8423, a Jet database engine problem which Microsoft fixed last year in October, after the information of the security flaw were exposed in the last month by Trend Micro’s ZDI. Zeropatch rendered two micro-fixes for the flaw, the one when there was no patch from Microsoft, and one a couple of weeks later soon after it was ascertained that the patch of the tech giant was unfinished.
The Patch of Tuesday updates of the month also state four harmful flaws impacting Edge. They are all memory fraudulence vulnerabilities, mostly associate to the Chakra scripting engine, and they entirely permit arbitrary code implementation in the context of the user.
Another harmful vulnerability, CVE-2019-0547, permits a hacker to function arbitrary code on a Windows DHCP customer machine by sending it particularly crafted DHCP outcomes. The previous two harmful flaws patched this running month are CVE-2019-0550 and CVE-2019-0551, which permit distant code implementation on Hyper-V host operating systems.
One of the current month’s advisories information details revelation and privilege escalation flaw impacting Skype for Android. Information of the flaw were revealed recently by an analyst who displayed how the defect can be exploited to view images and contacts, and even open links in a web browser of the phone. Microsoft has rated this flaw merely as moderate, due to the concept such as exploitation needs physical access to the marked device.
One of the Office flaws fixed current month is CVE-2019-0560, which permits a hacker to acquire details from the memory that can be used later to settle a device or data record. Exploitation demands the referred user to open a particularly crafted written document. The flaw was stated to Microsoft by Mimecast, which has announced a blog post and an advisory detailing its discoveries. The firm observed that Office data files with ActiveX controls were systematically reasoning memory flaws.
“In fact, this memory leak leads to the permanent writing of memory content into different Microsoft Office files and thus, the potential for the unintended leakage of sensitive information and local machine information. If known, this is the type of data could be useful to cybercriminals for executing a malware-enabled, remote execution attack and at least as important—to steal sensitive information,” Mimecast said. “The Mimecast team has evidence of this leak in documents dating years back. Some documents were even found online containing sensitive user information.”
Adobe has also announced security updates on Tuesday, merely to sort out two significant bugs in Connect and Digital Editions.