Microsoft January 2019 Patch Tuesday fixes 50 vulnerabilities

[steven36]

Microsoft has released today its monthly roll-up of security updates known as Patch Tuesday. In this month's update train, the Redmond-based OS maker has patched 50 vulnerabilities across nine products, including the Windows OS, Internet Explorer, Microsoft Edge, ChakraCore, the .NET Framework, ASP.NET, Microsoft Visual Studio, Microsoft Exchange Server, and Microsoft Office and Microsoft Office Services and Web Apps.

 

While in the previous four months the company has patched four zero-days in a row, this month's Patch Tuesday did not include security updates for actively-exploited vulnerabilities.

 

However, there are quite a few bugs that users need to be aware of, as they could grant attackers control over a Windows system, if they would ever be exploited, either by malware running on a PC, or after users access malicious websites.

 

To be more precise, there are 17 bugs in this month's Patch Tuesday marked as "remote code execution" issues, which are vulnerabilities that allow attackers a direct avenue to execute code inside various Microsoft products or Windows components without needing a foothold on a system beforehand.

 

Seven of these RCEs are also marked "Critical," which is also the highest severity level that Microsoft assigns to security bugs. Of the seven, three affect the ChakraCore scripting engine included in Edge, two affect Microsoft's Hyper-V server virtualization environment, one impacts Edge directly, and one affects the unbiquitous Windows DHCP client.

 

Since the Windows DHCP client is enabled on all Windows operating systems, and the vulnerability can be exploited remotely, users should make sure they don't miss this month's update.

 

This table compiled by Trend Micro's Zero Day Initiative lists vulnerabilities patched this month, based on their severity.

 

 

 

ZDNet has also put together a different table, available online here, which lists in-depth details about each vulnerability on one single page. More information is also available on Microsoft's official Security Update Guide portal, which also includes interactive filtering options so users can find the updates and patches for only the products that are of interest.

 

Earlier today, Adobe released its own security updates, but only for Adobe Connect (web conferencing software) and Adobe Digital Editions (e-book reader). There were no Flash Player security updates today, but only feature and performance bugs, which were also automatically deployed to Windows users via security advisory ADV190001, included in today's Patch Tuesday updates.

 

 

Also See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

 

Source

[steven36]

Microsoft has just released new cumulative updates for supported Windows 10 versions with security fixes and improvements. The January 2019 update is also available for users with Windows 7 or Windows 8.1 device.

 

The new monthly rollups for Windows 7 and Windows 8.1 comes with typical security fixes. In the changelog, Microsoft notes that the company has addressed a security vulnerability in session isolation that affects PowerShell remote endpoints. Microsoft also says that you can no longer configure PowerShell remote endpoints to work with non-administrator accounts.

 

You can download and install the latest patches by checking for updates in Control Panel. Alternatively,  you can also install them manually by downloading the package from the Microsoft Update website.

 

KB4480970 for Windows 7 comes with the following fixes:

• Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639) for AMD-based computers. These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use these guidance documents to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).

• Addresses a security vulnerability in session isolation that affects PowerShell remote endpoints. By default, PowerShell remoting only works with administrator accounts, but can be configured to work with non-administrator accounts. Starting with this release, you cannot configure PowerShell remote endpoints to work with non-administrator accounts. When attempting to use a non-administrator account, the following error will appear:

  “New-PSSession: [computerName] Connecting to remote server localhost failed with the following error message: The WSMan service could not launch a host process to process the given request. Make sure the WSMan provider host server and proxy are properly registered. For more information, see the about_Remote_Troubleshooting Help topic.”

• Security updates to Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.

 

Microsoft is aware of the following issue in this release:

Known issues in this update

---

Symptom

Workaround

After you apply this update, the network interface controller may stop working on some client software configurations. This occurs because of an issue related to a missing file, oem.inf. The exact problematic configurations are currently unknown.

To locate the network device, launch devmgmt.msc. It may appear under Other Devices. To automatically rediscover the NIC and install drivers, select Scan for Hardware Changes from the Actionmenu. Alternatively, install the drivers for the network device by right-clicking the device and choosing Update. Then choose Search automatically for updated driver software or Browse my computer for driver software.

 

 

KB4480963 for Windows 8.1 has addressed the following problems:

• Provides protections against an additional subclass of speculative execution side-channel vulnerability known as Speculative Store Bypass (CVE-2018-3639) for AMD-based computers. These protections aren't enabled by default. For Windows client (IT pro) guidance, follow the instructions in KB4073119. For Windows Server guidance, follow the instructions in KB4072698. Use these guidance documents to enable mitigations for Speculative Store Bypass (CVE-2018-3639). Additionally, use the mitigations that have already been released for Spectre Variant 2 (CVE-2017-5715) and Meltdown (CVE-2017-5754).

• Addresses a security vulnerability in session isolation that affects PowerShell remote endpoints. By default, PowerShell remoting only works with administrator accounts, but can be configured to work with non-administrator accounts. Starting with this release, you cannot configure PowerShell remote endpoints to work with non-administrator accounts. When attempting to use a non-administrator account, the following error will appear:

  “New-PSSession: [computerName] Connecting to remote server localhost failed with the following error message: The WSMan service could not launch a host process to process the given request. Make sure the WSMan provider host server and proxy are properly registered. For more information, see the about_Remote_Troubleshooting Help topic.”

• Security updates to Windows App Platform and Frameworks, Windows MSXML, Windows Kernel, Windows Storage and Filesystems, Windows Wireless Networking, and the Microsoft JET Database Engine.

Microsoft is not currently aware of any issues with this update.

 

Source