Thursday, March 28, 2024

Microsoft Released Security Updates that Fixed 51 Vulnerabilities that Affected its Products

Microsoft Released first security updates in 2019 under Patch Tuesday and fixed 51 vulnerabilities that affected its products.

In this updates, Microsoft patches some of most critical vulnerabilities for Edge, Skype for Android, Windows Hyper-V, Microsoft Office etc.

 Skype for Android elevation of privilege vulnerability (CVE-2019-0622) that could have allowed hackers to bypass authentication methods and access personal data on an Android device.

A remote code execution vulnerability exists in Microsoft Edge improperly accesses objects in memory that allows to corrupt memory in such a way that enables an attacker to execute arbitrary code

2019 first Patch Tuesday fixed several vulnerabilities for the following Microsoft products.

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • .NET Framework
  • ASP.NET
  • Microsoft Exchange Server
  • Microsoft Visual Studio

Microsoft issued patchs for 7 critical vulnerabilities that allow attacks to write an arbitary code in following vulnerable products.

  •  Chakra Scripting Engine Memory Corruption Vulnerability –
  • CVE-2019-0568
  • Microsoft Edge Memory Corruption Vulnerability –
  • CVE-2019-0565 
  • Chakra Scripting Engine Memory Corruption Vulnerability –
  • CVE-2019-0567
  • Windows DHCP Client Remote Code Execution Vulnerability
  • CVE-2019-0547
  • Chakra Scripting Engine Memory Corruption Vulnerability –
  • CVE-2019-0539
  • Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-0551 
  • Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-0550

Microsoft Security Updates

Microsoft JET Database Engine


Microsoft JET Database Engine
CVE-2019-0576Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0538Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0575Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0577Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0582Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0583Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0584Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0581Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0578Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0579Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database EngineCVE-2019-0580Jet Database Engine Remote Code Execution Vulnerability

Microsoft Office

Microsoft OfficeCVE-2019-0560Microsoft Office Information Disclosure Vulnerability
Microsoft OfficeCVE-2019-0561Microsoft Word Information Disclosure Vulnerability
Microsoft OfficeCVE-2019-0585Microsoft Word Remote Code Execution Vulnerability
Microsoft OfficeCVE-2019-0559Microsoft Outlook Information Disclosure Vulnerability

Microsoft Scripting Engine

Microsoft Scripting EngineCVE-2019-0568Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0567Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting EngineCVE-2019-0539Chakra Scripting Engine Memory Corruption Vulnerability

Microsoft Windows

Microsoft WindowsCVE-2019-0574Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0573Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0571Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0572Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0543Microsoft Windows Elevation of Privilege Vulnerability
Microsoft WindowsCVE-2019-0570Windows Runtime Elevation of Privilege Vulnerability

Microsoft Office SharePoint

Microsoft Office SharePointCVE-2019-0562Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePointCVE-2019-0556Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2019-0558Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePointCVE-2019-0557Microsoft Office SharePoint XSS Vulnerability

Microsoft Edge

Microsoft EdgeCVE-2019-0565Microsoft Edge Memory Corruption Vulnerability
Microsoft EdgeCVE-2019-0566Microsoft Edge Elevation of Privilege Vulnerability

Windows Kernel

Windows KernelCVE-2019-0569Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2019-0536Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2019-0554Windows Kernel Information Disclosure Vulnerability
Windows KernelCVE-2019-0549Windows Kernel Information Disclosure Vulnerability

Other Products

Microsoft XMLCVE-2019-0555Microsoft XmlDocument Elevation of Privilege Vulnerability
Servicing Stack UpdatesADV990001Latest Servicing Stack Updates
Visual StudioCVE-2019-0537Microsoft Visual Studio Information Disclosure Vulnerability
Visual StudioCVE-2019-0546Visual Studio Remote Code Execution Vulnerability
Windows COMCVE-2019-0552Windows COM Elevation of Privilege Vulnerability
Windows DHCP ClientCVE-2019-0547Windows DHCP Client Remote Code Execution Vulnerability
Windows Hyper-VCVE-2019-0550Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-VCVE-2019-0551Windows Hyper-V Remote Code Execution Vulnerability
Windows Subsystem for LinuxCVE-2019-0553Windows Subsystem for Linux Information Disclosure Vulnerability
.NET FrameworkCVE-2019-0545.NET Framework Information Disclosure Vulnerability
Adobe Flash PlayerCVE-2019-0622January 2019 Adobe Flash Update
Android AppCVE-2019-0622Skype for Android Elevation of Privilege Vulnerability
ASP.NETCVE-2019-0548ASP.NET Core Denial of Service Vulnerability
ASP.NETCVE-2019-0564ASP.NET Core Denial of Service Vulnerability
Internet ExplorerCVE-2019-0541MSHTML Engine Remote Code Execution Vulnerability

Also Read : Adobe Released Security Patches for Digital Editions and Connect

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles