Microsoft Edge: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0051
              Microsoft Edge multiple vulnerabilities patched
                             13 February 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Edge
Operating System:     Windows
Impact/Access:        Execute Arbitrary Code/Commands -- Remote/Unauthenticated      
                      Administrator Compromise        -- Existing Account            
                      Access Privileged Data          -- Remote with User Interaction
                      Provide Misleading Information  -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-0676 CVE-2019-0674 CVE-2019-0673
                      CVE-2019-0672 CVE-2019-0671 CVE-2019-0662
                      CVE-2019-0660 CVE-2019-0659 CVE-2019-0658
                      CVE-2019-0657 CVE-2019-0656 CVE-2019-0655
                      CVE-2019-0654 CVE-2019-0652 CVE-2019-0651
                      CVE-2019-0650 CVE-2019-0649 CVE-2019-0648
                      CVE-2019-0645 CVE-2019-0644 CVE-2019-0643
                      CVE-2019-0642 CVE-2019-0641 CVE-2019-0640
                      CVE-2019-0637 CVE-2019-0636 CVE-2019-0635
                      CVE-2019-0634 CVE-2019-0633 CVE-2019-0632
                      CVE-2019-0631 CVE-2019-0630 CVE-2019-0628
                      CVE-2019-0627 CVE-2019-0626 CVE-2019-0625
                      CVE-2019-0623 CVE-2019-0621 CVE-2019-0619
                      CVE-2019-0618 CVE-2019-0616 CVE-2019-0615
                      CVE-2019-0613 CVE-2019-0610 CVE-2019-0607
                      CVE-2019-0606 CVE-2019-0605 CVE-2019-0602
                      CVE-2019-0601 CVE-2019-0600 CVE-2019-0599
                      CVE-2019-0598 CVE-2019-0597 CVE-2019-0596
                      CVE-2019-0595 CVE-2019-0593 CVE-2019-0591
                      CVE-2019-0590  
Member content until: Friday, March 15 2019
Reference:            ASB-2019.0049

OVERVIEW

        Microsoft has released its monthly security patch update for the month of February 2019.
        
        This update resolves 21 vulnerabilities across the following products: [1]
        
         Microsoft Edge


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
          Remote Code Execution    Critical
          Remote Code Execution    Critical
          Remote Code Execution    Critical
          Remote Code Execution    Critical
          Remote Code Execution    Critical
          Remote Code Execution    Important
          Remote Code Execution    Critical
          Remote Code Execution    Critical
          Security Feature Bypass  Moderate
          Remote Code Execution    Critical
          Information Disclosure   Moderate
          Remote Code Execution    Critical
          Remote Code Execution    Critical
          Information Disclosure   Important
          Elevation of Privilege   Important
          Remote Code Execution    Critical
          Remote Code Execution    Critical
          Remote Code Execution    Critical
          Spoofing                 Important
          Remote Code Execution    Critical
          Information Disclosure   Important


MITIGATION

        Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1].
        
        
         KB4486996, KB4487020, KB4487044, KB4487018, KB4487026
         KB4487017


REFERENCES

        [1] Security Update Guide
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXGOYk2aOgq3Tt24GAQipdg//VD8ilqtm93wT2iKVH31dcEF1B0n0/owq
ccuzfwSMrCElIDHBf0RlNkBl5BBNYYW/bPXuSoGE7Anh/fXOB0C6hstRNufGK8kO
i2bP7na7AlM7Qny6c1/tsTNuo/yHUhR34FECc7kNmdPNxJ8hLjCjIrBJUrI7IW+x
cW/VoCn0cBIFKBEZLhnDSQjEEDl6Z8wvjPgNjILEhhsLbfXIugm6FqZk2PCwog8H
vBAOjywmLAe/X2D7sdmwXSNmE4qTJgT+tsXJ9r68piAVaZe0yqc9GiJkK+sMKn02
ByleBJc8JE/168s2FxRtPbDm0RTs7EIoAtKNj259kHy0mYFUBTvAqKo+irRLeHsJ
9Bw7AbmP9nYX6pv051oNL9dWv3+f3iN6VAr2NM3JIwMu6U5V3FRI4ZroWuemtJny
4OL2IGoHFQSAVZiLYOfP8MtPLZUOySps2BDQ7RzGq4dPh5Z/yHrgfi76qGTq+E2k
2TlPgbpGx738GmltgNeYWlHOuCI2cD5bUEvUGq1KBId1uG5rTVjyd2MtVrbbDrCx
gQgBenaDNcG+2PzurMPJjLlSyZlA+anUmNUlnI1Z5CtocH61Cvx/eQsjqhxpSm2V
Zw2GqKLyYqVb4QCWGXCn9Ei4K3FP4bTRWbjg8FQfT005e6Qx7R3b8vZz1FbhvqN8
CCT2MFHNDpE=
=KC94
-----END PGP SIGNATURE-----