In the last few months of 2018, Microsoft’s regular security releases included patches for vulnerabilities that were actively being exploited. Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program.
The most notable of these vulnerabilities is in the Windows DHCP Client (CVE-2019-0547), which could allow an attacker to execute code arbitrarily on a machine by issuing specially crafted DHCP responses. Since the Windows DHCP client is enabled in all Windows operating systems, this is a particularly important patch to implement. The security bulletin also includes a fix for a critical vulnerability in Microsoft Exchange software (CVE-2019-0586) that, if exploited successfully, could allow an attacker to run code as the System user and potentially view, change, or delete data and even create new accounts.
Also, as a reminder, users of Windows 7 should begin planning for an upgrade since these are the last 12 months before Microsoft ends support in January 2020.
On the Adobe front, 2019 started off with an unscheduled update for Adobe Acrobat and Reader. The update, released on January 3rd, fixed two Critical CVEs that were both reported through the ZDI program. They also updated Adobe Flash, Connect, and Adobe Digital Editions in their regular January release.
Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may target the vulnerabilities addressed in this month’s round of updates via the following DPI rules:
The post January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities appeared first on .