Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0051 Microsoft Edge multiple vulnerabilities patched 13 February 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Edge Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Administrator Compromise -- Existing Account Access Privileged Data -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-0676 CVE-2019-0674 CVE-2019-0673 CVE-2019-0672 CVE-2019-0671 CVE-2019-0662 CVE-2019-0660 CVE-2019-0659 CVE-2019-0658 CVE-2019-0657 CVE-2019-0656 CVE-2019-0655 CVE-2019-0654 CVE-2019-0652 CVE-2019-0651 CVE-2019-0650 CVE-2019-0649 CVE-2019-0648 CVE-2019-0645 CVE-2019-0644 CVE-2019-0643 CVE-2019-0642 CVE-2019-0641 CVE-2019-0640 CVE-2019-0637 CVE-2019-0636 CVE-2019-0635 CVE-2019-0634 CVE-2019-0633 CVE-2019-0632 CVE-2019-0631 CVE-2019-0630 CVE-2019-0628 CVE-2019-0627 CVE-2019-0626 CVE-2019-0625 CVE-2019-0623 CVE-2019-0621 CVE-2019-0619 CVE-2019-0618 CVE-2019-0616 CVE-2019-0615 CVE-2019-0613 CVE-2019-0610 CVE-2019-0607 CVE-2019-0606 CVE-2019-0605 CVE-2019-0602 CVE-2019-0601 CVE-2019-0600 CVE-2019-0599 CVE-2019-0598 CVE-2019-0597 CVE-2019-0596 CVE-2019-0595 CVE-2019-0593 CVE-2019-0591 CVE-2019-0590 Member content until: Friday, March 15 2019 Reference: ASB-2019.0049 OVERVIEW Microsoft has released its monthly security patch update for the month of February 2019. This update resolves 21 vulnerabilities across the following products: [1] Microsoft Edge IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity Remote Code Execution Critical Remote Code Execution Critical Remote Code Execution Critical Remote Code Execution Critical Remote Code Execution Critical Remote Code Execution Important Remote Code Execution Critical Remote Code Execution Critical Security Feature Bypass Moderate Remote Code Execution Critical Information Disclosure Moderate Remote Code Execution Critical Remote Code Execution Critical Information Disclosure Important Elevation of Privilege Important Remote Code Execution Critical Remote Code Execution Critical Remote Code Execution Critical Spoofing Important Remote Code Execution Critical Information Disclosure Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1]. KB4486996, KB4487020, KB4487044, KB4487018, KB4487026 KB4487017 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXGOYk2aOgq3Tt24GAQipdg//VD8ilqtm93wT2iKVH31dcEF1B0n0/owq ccuzfwSMrCElIDHBf0RlNkBl5BBNYYW/bPXuSoGE7Anh/fXOB0C6hstRNufGK8kO i2bP7na7AlM7Qny6c1/tsTNuo/yHUhR34FECc7kNmdPNxJ8hLjCjIrBJUrI7IW+x cW/VoCn0cBIFKBEZLhnDSQjEEDl6Z8wvjPgNjILEhhsLbfXIugm6FqZk2PCwog8H vBAOjywmLAe/X2D7sdmwXSNmE4qTJgT+tsXJ9r68piAVaZe0yqc9GiJkK+sMKn02 ByleBJc8JE/168s2FxRtPbDm0RTs7EIoAtKNj259kHy0mYFUBTvAqKo+irRLeHsJ 9Bw7AbmP9nYX6pv051oNL9dWv3+f3iN6VAr2NM3JIwMu6U5V3FRI4ZroWuemtJny 4OL2IGoHFQSAVZiLYOfP8MtPLZUOySps2BDQ7RzGq4dPh5Z/yHrgfi76qGTq+E2k 2TlPgbpGx738GmltgNeYWlHOuCI2cD5bUEvUGq1KBId1uG5rTVjyd2MtVrbbDrCx gQgBenaDNcG+2PzurMPJjLlSyZlA+anUmNUlnI1Z5CtocH61Cvx/eQsjqhxpSm2V Zw2GqKLyYqVb4QCWGXCn9Ei4K3FP4bTRWbjg8FQfT005e6Qx7R3b8vZz1FbhvqN8 CCT2MFHNDpE= =KC94 -----END PGP SIGNATURE-----