Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0049 Microsoft multiple product updates 13 February 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft .NET Framework Visual Studio Code ChakraCore Java SDK for Azure IoT Microsoft Visual Studio Team Foundation Server .Net Core Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Administrator Compromise -- Existing Account Access Privileged Data -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-0676 CVE-2019-0662 CVE-2019-0660 CVE-2019-0659 CVE-2019-0658 CVE-2019-0657 CVE-2019-0656 CVE-2019-0655 CVE-2019-0654 CVE-2019-0652 CVE-2019-0651 CVE-2019-0650 CVE-2019-0649 CVE-2019-0645 CVE-2019-0644 CVE-2019-0642 CVE-2019-0641 CVE-2019-0640 CVE-2019-0637 CVE-2019-0636 CVE-2019-0635 CVE-2019-0634 CVE-2019-0633 CVE-2019-0632 CVE-2019-0631 CVE-2019-0630 CVE-2019-0628 CVE-2019-0627 CVE-2019-0626 CVE-2019-0625 CVE-2019-0623 CVE-2019-0621 CVE-2019-0619 CVE-2019-0618 CVE-2019-0616 CVE-2019-0615 CVE-2019-0613 CVE-2019-0610 CVE-2019-0607 CVE-2019-0606 CVE-2019-0605 CVE-2019-0602 CVE-2019-0601 CVE-2019-0600 CVE-2019-0599 CVE-2019-0598 CVE-2019-0597 CVE-2019-0596 CVE-2019-0595 CVE-2019-0593 CVE-2019-0591 CVE-2019-0590 Member content until: Friday, March 15 2019 OVERVIEW Microsoft has released its monthly security patch update for the month of February 2019. This update resolves 21 vulnerabilities across the following products: [1] .NET Core 1.0 .NET Core 1.1 .NET Core 2.1 .NET Core 2.2 ChakraCore Java SDK for Azure IoT Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 4.6/4.6.1/4.6.2 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 4.7.1/4.7.2 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.7/4.7.1/4.7.2 Microsoft Visual Studio 2017 Microsoft Visual Studio 2017 version 15.9 Team Foundation Server 2018 Update 3.2 Visual Studio Code IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity Remote Code Execution Critical Remote Code Execution Critical Remote Code Execution Critical Remote Code Execution Critical Remote Code Execution Critical Remote Code Execution Important Remote Code Execution Important Remote Code Execution Critical Remote Code Execution Critical Remote Code Execution Critical Elevation of Privilege Important Remote Code Execution Critical Remote Code Execution Critical Remote Code Execution Critical Spoofing Important Information Disclosure Important Remote Code Execution Important Elevation of Privilege Important Information Disclosure Important Spoofing Important Spoofing Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1]. KB4483482, KB4486996, KB4483481, KB4483484, KB4487020 KB4487026, KB4483449, KB4483468, KB4483469, KB4483483 KB4483474, KB4487018, KB4483473, KB4487017, KB4483454 KB4483451, KB4483450, KB4483453, KB4483452, KB4483455 KB4483472, KB4483457, KB4483456, KB4483459, KB4483458 KB4483470 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXGN9GmaOgq3Tt24GAQg9aw/5AVHi0So59R0VsvK3tYzxAACJTjDxGAGR fQcJkZWWDyk2sEP/eV2OtUgV7HKiXM3x7RYgZ/nsBKAnzfPlQ4JAK2db3eyDMwyj x34JAIG4NvXhJU+UteywW4zZCA8meoLllTxOFGm3Scq+HaUmmJs9aECmnzdmreZh 5O4AmMsSWoBToNOzJGW+0Q57fR4qTenrPVqZ4DpSbvodF5JszubladWJnBALMyor Chfj/XeevVkfgUNOU3y7oE6kmF+cReb5SVmWPRw5SNwZ5y8bdzwElIGPQKfxoiuU Jf0jJPuyWuCFYBWDKaUQOG+fkYpay/m3JhiryjckQYv+FNPHV+irV4ngfvSSnZW8 bqUl1KcX8Qh+IAnC3o/3nNkmqQSLLaICnj3WtV2UZC4WwlZ7dWsbkaE/gi2yI8q+ dOuk9JAPhYIGyn83P/JjY4OrFO0K5rlTqyHI8d4cmZtfhl7hHUlE5KSDxJYcJhak X+oUB2wZd0sny+8wgZs9Zj/INGrIAwpg61LRYpMvd57siGvIIumjVjLimVWYS4UK HnATdSJGIFdGaB33Ic6gkiz5a2V3in9Frk3KQCjumlL/UAArOCTxu/xj24zo2YF9 Le6UkK2Es7RXA9kTMu0QQ5S9kamiCdGM4umbggQC5zvmW1vAJUANk2czzGRZDE36 a0FWTgCl+rk= =Y/8J -----END PGP SIGNATURE-----