January Patch Tuesday: First Bulletin of 2019 has Fixes for DHCP and Microsoft Exchange Vulnerabilities | Cell Phone Spy and Mobile Tracking Software
In the last few months of 2018, Microsoft's regular security releases included patches for vulnerabilities that were actively being exploited. Thankfully, 2019 started off relatively smoothly with 49 security patches and two advisories — seven of these vulnerabilities were rated Critical and 40 were Important. Ten of these were disclosed through the Zero Day Initiative (ZDI) program. The most notable of these vulnerabilities is in the Windows DHCP Client (CVE-2019-0547), which could allow an attacker to execute code arbitrarily on a machine by issuing specially crafted DHCP responses. Since the Windows DHCP client is enabled in all Windows operating systems, this is a particularly important patch to implement. The security bulletin also includes a fix for a critical vulnerability in Microsoft Exchange software (CVE-2019-0586) that, if exploited successfully, could allow an attacker to run code as the System user and potentially view, change, or delete data and even create new accounts.
Post to Tumblr