Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0003.3 Microsoft Windows 10 January 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows 10 Windows 7 Windows 8.1 Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-0584 CVE-2019-0583 CVE-2019-0582 CVE-2019-0581 CVE-2019-0580 CVE-2019-0579 CVE-2019-0578 CVE-2019-0577 CVE-2019-0576 CVE-2019-0575 CVE-2019-0574 CVE-2019-0573 CVE-2019-0572 CVE-2019-0571 CVE-2019-0570 CVE-2019-0569 CVE-2019-0555 CVE-2019-0554 CVE-2019-0553 CVE-2019-0552 CVE-2019-0551 CVE-2019-0550 CVE-2019-0549 CVE-2019-0547 CVE-2019-0543 CVE-2019-0538 CVE-2019-0536 Member content until: Friday, February 8 2019 Revision History: January 10 2019: Update for Jan 2019 January 9 2019: Fixed typo January 9 2019: Initial Release OVERVIEW Microsoft has released its monthly security patch update for the month of January 2019. This update resolves 27 vulnerabilities across the following products: [1] Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for 64-based Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2019-0536 Information Disclosure Important CVE-2019-0538 Remote Code Execution Important CVE-2019-0543 Elevation of Privilege Important CVE-2019-0547 Remote Code Execution Critical CVE-2019-0549 Information Disclosure Important CVE-2019-0550 Remote Code Execution Critical CVE-2019-0551 Remote Code Execution Critical CVE-2019-0552 Elevation of Privilege Important CVE-2019-0553 Information Disclosure Important CVE-2019-0554 Information Disclosure Important CVE-2019-0555 Elevation of Privilege Important CVE-2019-0569 Information Disclosure Important CVE-2019-0570 Elevation of Privilege Important CVE-2019-0571 Elevation of Privilege Important CVE-2019-0572 Elevation of Privilege Important CVE-2019-0573 Elevation of Privilege Important CVE-2019-0574 Elevation of Privilege Important CVE-2019-0575 Remote Code Execution Important CVE-2019-0576 Remote Code Execution Important CVE-2019-0577 Remote Code Execution Important CVE-2019-0578 Remote Code Execution Important CVE-2019-0579 Remote Code Execution Important CVE-2019-0580 Remote Code Execution Important CVE-2019-0581 Remote Code Execution Important CVE-2019-0582 Remote Code Execution Important CVE-2019-0583 Remote Code Execution Important CVE-2019-0584 Remote Code Execution Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB4480963, KB4480973, KB4480975, KB4480961, KB4480116 KB4480960, KB4480972, KB4480962, KB4480970, KB4480964 KB4480966, KB4480968, KB4480957, KB4480978 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXDaSDmaOgq3Tt24GAQjSEQ//epn75WLE5NmmQuVl6TAgT1qbuEXAtiI7 v6BjjvAxiH18b2kgQEEw6Qu1QkMg6MxG5iiTArNGxQTZhzRMSbWnkKHZIIem3iRZ YMchmsFZ8yCvXmZBsqvgKVDvUzl6rqR/9FKsJWa8BPGCoBoauE7QDB/mLc7uVVhB 4b9b1Q78J/WbQiAablDJsrj1KH1VJF9nZSYKe/BTjcfJZLFkoB+qW5hCd2es8Epg TP3Lrz0vK8uKIyQLpzVo5dSk2ogT2qKyJtzJ1MZ7DkTpjbywItdj3tU84i17z2hW ch6YLOEIAvbHXmot6yYAfim6vNnZ9Em0HNpXEhByALoaYX4I6w22D3z4Y65K9MZU LBdM5c0EMHZiiEi1LQlKBsT5AdjGaLAZK3KDKrvOxcbB5FzRxt22ShrR0I6S44Ij zxZg3Vn75STVVSVPTBJ25+TjGM31EXoxwj0/I6aVxJjn2KtXKqu2GtrPbz+26TF4 3wTHocy1UI3etKng6+ZbpKnODFqFDHh7wfdFf8jqdgqv/BfvZtEvrvb7SUuwRTaE +kELvS0mMfkwwe1xELeLnZoQrzMZL8/52fth8uI6B0oCdv5Xu36IPxHapl2Y6w/F ToS46H71RA+LDz02gR3PynnM8dexVx1neQAPqn0qpuVtoY0bztRcJFuqqm0XV1b0 6UfgMIIoTrM= =7gYs -----END PGP SIGNATURE-----