Microsoft has released 74 security patches to address vulnerabilities affecting its Operating System (OS) and other related products.
The following 12 vulnerabilities were rated critical and require immediate attention:
CVE-2019-1373 - This vulnerability exists in Microsoft Exchange, when metadata is deserialised via PowerShell. If the vulnerability is successfully exploited, an attacker can gain the same user rights as the current user and take control of the affected system.
CVE-2019-1441 - This vulnerability exists when the Windows font library improperly handles special embedded fonts. If the vulnerability is successfully exploited, an attacker can gain the same user rights as the current user and take control of the affected system.
CVE-2019-1419 - This vulnerability exists in Microsoft Windows, when the Windows Adobe Type Manager improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker can run malicious code remotely and take control of the user’s system if the vulnerability is successfully exploited. For systems running Windows 10, an attacker can execute code in the sandbox context, with limited privileges and capabilities, if the vulnerability is successfully exploited.
CVE-2019-1426, CVE-2019-1429, CVE-2019-1427 - These vulnerabilities exist in the way the scripting engine handles objects in memory in Internet Explorer and Microsoft Edge. The vulnerabilities can corrupt memory in such a way that an attacker will be able to execute arbitrary code in the context of the current user. If the vulnerability is successfully exploited, an attacker can gain the same user rights as the current user and take control of the affected system.
CVE-2019-1398, CVE-2019-0719, CVE-2019-1397, CVE-2019-0721, CVE-2019-1389 - These vulnerabilities exist when Windows Hyper-V and Windows Hyper-V Network Switch on a host server fail to properly validate inputs from an authenticated user on a guest OS. An attacker will be able to run a specially crafted application on a guest OS that can cause the host OS to execute arbitrary code and take control of the affected system.
CVE-2019-1430 - This vulnerability exists when Microsoft Windows Media Foundation handles specially crafted QuickTime media files. If the vulnerability is successfully exploited, an attacker can gain the same user rights as the current user and take control of the affected system.
ADV990001 - This is a list of the latest servicing stack updates for each OS. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001
For the full list of security patches released by Microsoft, please visit https://portal.msrc.microsoft.com/en-us/security-guidance
Microsoft’s release contains updates for the following:
- Microsoft Windows
- Microsoft Exchange Server
- Internet Explorer
- Microsoft Edge
- Microsoft Office and Microsoft Office Services and Web Apps
- Open Source Software
- Visual Studio
- Azure Stack
Successful exploitation of these critical vulnerabilities can allow attackers to perform remote code execution and take control of the affected systems to perform malicious activities, including unauthorised installation of programs, creating rogue administrator accounts and ability to view, change, or delete data.
Users and system administrators of affected products are strongly encouraged to install the security updates immediately.