Microsoft kicked off 2019 with a light Patch Tuesday listing 47 vulnerabilities with seven rated as critical.
The seven critical issues all could lead to remote code execution and primarily impact Microsoft Edge, various versions of Windows 10 and Server and Chakra Core. The other overriding vulnerability, CVE-2018-8653, was patched by Microsoft in December, but industry analysts all reiterated the need for users to download the update.
“The Jscript vulnerability allows an attacker to leverage the scripting engine within IE by simply viewing a malicious website. Once successful, the attacker can gain control of the system with the user’s rights. So if you did the December Patch Tuesday updates, but did not catch the out of band, you will want to ensure all of your Windows systems get either the January Cumulative Update or the IE update as quickly as possible,” said Chris Goettl, Ivanti’s director of product management, security.
Despite the notoriety CVE-2018-8653 gained by being patched out of band, Satnam Narang, senior research engineer at Tenable, does not want IT admins to miss the critical-rated CVE-2019-0547 which impacted Windows 10 Version 1803.
"The most noteworthy vulnerability in today’s Microsoft Patch Tuesday release is a remote code execution flaw, CVE-2019-0547, in the Windows DHCP client, which is the highest rated CVE this month. In order to exploit the vulnerability, an attacker would need to be able to send a specially crafted DHCP response to its target, allowing them to run arbitrary code on the client machine.
The large number of work-station browser and scripting engine vulnerabilities contained in this month’s release grabbed the attention of Qualys researcher Jimmy Graham who recommended they be prioritized.
Chakra Core’s scripting engine memory corruption vulnerabilities, CVE-2019-0539, CVE-2019-0567, CVE-2019-0568, also piqued the interest of several industry watchers with Graham saying these should also be prioritized.
Although only rated important and not critical, vulnerability CVE-2018-0579 popped up on Tripwire’s Patch Tuesday alert as it is currently in the wild. “The Windows Jet Database Engine improperly handles objects in memory and, if an attacker can convince a victim to open a malicious file, exploitation of this vulnerability could lead to code execution,” the company reported.
Narang did point out these vulnerabilities can only be exploited if, “an attacker would need to convince a user to open a specially crafted file via social engineering in order to execute arbitrary code on a victim’s machine."