BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    Use Cases and Industries
    See All Products
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

February 2019 Patch Tuesday

February 13, 2019

  • Blog
  • Archive

Welcome back to this month’s Patch Tuesday. Microsoft has patched 76 vulnerabilities this month, including four that had details disclosed prior to patching. One “zero-day” vulnerability in Internet Explorer that was actively being exploited was also patched. The bulk of the patched vulnerabilities this month focus on web browsers.

Internet Explorer and Edge

Microsoft’s browsers received a host of fixes this month. One particularly notable vulnerability was the “zero-day” vulnerability in Internet Explorer that was actively being exploited. Google is credited for discovering that attackers were using the exploit to check for the existence of certain files on victims’ hard drives. This leak of information could further be used to compromise affected systems.

Windows DHCP Server

One of the vulnerabilities patched this month was for the Windows DHCP Server. The vulnerability would allow a remote attacker to execute code with elevated privileges against the vulnerable system. All an attacker would have to do to exploit this vulnerability is to send a maliciously crafted packet to the Windows DHCP Server over the network. Microsoft rates this vulnerability as Critical.

Office

While Office was host to its usual round of fixes, none of its vulnerabilities were rated as Critical this month. However, attackers would be able to bypass security features, gain access to sensitive information, and execute code remotely by convincing users to open maliciously crafted files. As usual, the remote code execution would have privileges equal to the security context of the vulnerable application, encouraging users to exercise the principal of least privilege.

Adobe Flash Player

Adobe released a patch for Flash Player that, in typical fashion, Microsoft also distributes to all Windows users. Microsoft and Adobe disagree on the severity of a vulnerability this month, with Microsoft rating the vulnerability as Critical, while Adobe rates it as Important. The vulnerability would allow cyber attackers to read memory that is out of bounds.

Exchange

Exchange was targeted by a previously disclosed vulnerability with proof of concept code released to the public. The flaw, CVE-2019-0686, could allow the attacker on the network of the Exchange server to access the inbox of other users. Microsoft claims that exploitation has not yet happened in the wild, but that it is likely that exploits will happen very soon. Microsoft rates this vulnerability as Critical.

Author, BeyondTrust Research Team

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Mapping BeyondTrust Solutions to the Identity, Credential, and Access Management (ICAM) Architecture

Whitepapers

Four Key Ways Governments Can Prepare for the Growing Ransomware Threat

Whitepapers

The Operational Technology (OT) Remote Access Challenge

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.