January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities

Spy Wrist Watch 32GB Mini Hidden Camera Record Video Audio DVR DV Camcorder US

$26.29
End Date: Tuesday Aug-27-2019 15:18:16 PDT
Buy It Now for only: $26.29
Buy It Now | Add to watch list

For Samsung Galaxy Note 10 Plus Anti-Spy Privacy Tempered Glass Screen Protector

$7.95
End Date: Wednesday Aug-28-2019 1:07:57 PDT
Buy It Now for only: $7.95
Buy It Now | Add to watch list

In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited. Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.

The most notable of these vulnerabilities is in the Windows DHCP Client (CVE-2019-0547), which could allow an attacker to execute code arbitrarily on a machine by issuing specially crafted DHCP responses. Since the Windows DHCP client is enabled in all Windows operating systems, this is a particularly important patch to implement. The security bulletin also includes a fix for a critical vulnerability in Microsoft Exchange software (CVE-2019-0586) that, if exploited successfully, could allow an attacker to run code as the System user and potentially view, change, or delete data and even create new accounts.

Also, as a reminder, users of Windows 7 should begin planning for an upgrade since these are the last 12 months before Microsoft ends support in January 2020.

On the Adobe front, 2019 started off with an unscheduled update for Adobe Acrobat and Reader. The update, released on January 3rd, fixed two Critical CVEs that were both reported through the ZDI program. They also updated Adobe Flash, Connect, and Adobe Digital Editions in their regular January release.

Trend Micro™ Deep Security and Vulnerability Protection protect user systems from any threats that may target the vulnerabilities addressed in this month’s round of updates via the following DPI rules:

  • 1009452-Microsoft Windows COM Elevation Of Privilege Vulnerability (CVE-2018-8550)
  • 1009462-Microsoft Edge Elevation Of Privilege Vulnerability (CVE-2019-0566)
  • 1009463-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539)
  • 1009464-Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541)
  • 1009465-Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0565)
  • 1009466-Microsoft Windows Multiple Security Vulnerabilities (Jan-2019) – 2
  • 1009468-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0567)
  • 1009469-Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568)

Trend Micro™ TippingPoint™ customers are protected from threats that may exploit this month’s list of vulnerabilities via these MainlineDV filters:

  • 33921: ZDI-CAN-7385: Zero Day Initiative Vulnerability (Microsoft Windows)
  • 33927: HTTP: Microsoft Edge Type Confusion Vulnerability
  • 33928: HTTP: Microsoft Edge Session Boundary Memory Corruption Vulnerability
  • 33929: HTTP: Microsoft Edge Type Confusion Vulnerability
  • 33930: HTTP: Microsoft Edge Use-After-Free Vulnerability
  • 33931: HTTP: Microsoft Windows Kernel Information Disclosure Vulnerability
  • 33948: HTTP: Microsoft Edge Type Confusion Vulnerability
  • 33949: HTTP: Microsoft Internet Explorer ProgId Code Execution Vulnerability

The post January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities appeared first on .

2019 ESET NOD32 Antivirus 2019 -3 Computers 3 years - Instant Delivery via Email

$5.99
End Date: Tuesday Aug-27-2019 21:56:53 PDT
Buy It Now for only: $5.99
Buy It Now | Add to watch list

ESET NOD32 Antivirus / Internet Security / Smart Security Premium 2019 2 YEAR!

$3.90
End Date: Thursday Sep-12-2019 1:45:22 PDT
Buy It Now for only: $3.90
Buy It Now | Add to watch list