Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0009.2 Microsoft Development Tools 10 January 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: .NET Core ASP.NET Core ChakraCore Microsoft .NET Framework Microsoft Visual Studio Operating System: Windows Mac OS Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-0568 CVE-2019-0567 CVE-2019-0564 CVE-2019-0548 CVE-2019-0546 CVE-2019-0545 CVE-2019-0539 CVE-2019-0537 Member content until: Friday, February 8 2019 Reference: ESB-2019.0076 Revision History: January 10 2019: Update for Jan 2019 January 9 2019: Initial Release OVERVIEW Microsoft has released its monthly security patch update for the month of January 2019. This update resolves 8 vulnerabilities across the following products: [1] .NET Core 2.1 .NET Core 2.2 ASP.NET Core 2.1 ASP.NET Core 2.2 ChakraCore Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 4.6/4.6.1/4.6.2 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 4.7.1/4.7.2 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.7/4.7.1/4.7.2 Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Studio 2012 Update 5 Microsoft Visual Studio 2017 version 15.9 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2019-0537 Information Disclosure Important CVE-2019-0539 Remote Code Execution Critical CVE-2019-0545 Information Disclosure Important CVE-2019-0546 Remote Code Execution Moderate CVE-2019-0548 Denial of Service Important CVE-2019-0564 Denial of Service Important CVE-2019-0567 Remote Code Execution Critical CVE-2019-0568 Remote Code Execution Critical MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB4480961, KB4480962, KB4480966, KB4476698, KB4476755 KB4480072, KB4480070, KB4480071, KB4480076, KB4480074 KB4480075, KB4480058, KB4480059, KB4480051, KB4480054 KB4480055, KB4480056, KB4480057, KB4480973, KB4480978 KB4480064, KB4480061, KB4480063, KB4480062, KB4480086 KB4480085, KB4480084, KB4480083 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXDaSRmaOgq3Tt24GAQjEMxAAy6Z1bTjPg+ef4pnyokYNxq3KF3T01KSD wxQdbqxNHYd/vFfRk7otHmk3c2d4XaTP1E1Ijm2t+EvIalDSGrSfuvzfFEB25Fpv RZxl1T/0zOq5o+tVNDyOvgINCM2agvDEXI+M7znGYkM+9c3HAAd5IPuSowimfTvB Ffp5WtZQ7HAIRKURFPwE2KP31XZHxZ759DAXY8HRoGSW93UNMebJfHXL48DCWUr+ FH/UVaeyyd/hicsp1C3OJAgJRpCmCg5PxguPRjCu2HskB7XWg13GYH9PQ7UpfLSH Uv9tutPlBXvqTF1Pk4Fq1iDcxggdcBIK/BjV3lMEv7LgsGL1N1UY2780pvUsMCMD XetWnCzVedzhKV+oXgtdtMd0rbTfF47AwlYrgXlZUokRlepRYpFgc4IL0HdgxlDy lqrOIwmENbictyqC+rX+l+rqfLiM2fMP8Nfurp+H/OzpaSSF4lEvVN/7lvU15g/u xhzFC0Oc9mZprgWZWRbgJKlFA4sKw2+JNU4cY9LABvwmx7qcRr3WVmqEiI420Gop NjYSSiANBXi1g88AoQFmrowylU4fvnKfC2DnFCak+DdCw+NLxAg8p1/jA9WUIGbB IzWVkzlq9q8c+ohIj1IIEly3Z4P4V9V4v6OwgrEjPqLPNM18qB0WLIHg9bMneV3r Smmuy793lPA= =k7N1 -----END PGP SIGNATURE-----