Microsoft Patch Tuesday — February 2019: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 69 vulnerabilities, 20 of which are rated “critical,” 46 that are considered “important” and three that are “moderate.” This release also includes a critical security advisory regarding a security update to Adobe Flash Player

This month’s security update covers security issues in a variety of Microsoft’s products, including the Chakra Scripting Engine and the Internet Explorer and Exchange web browsers. For coverage of these vulnerabilities, read the SNORTⓇ blog post here.

Critical vulnerabilities

Microsoft disclosed 20 critical vulnerabilities this month, 12 of which we will highlight below.

CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652 and CVE-2019-0655 are all memory corruption vulnerabilities in Microsoft scripting engine. The bugs all lie in the way the engine processes objects in memory in the Microsoft Edge web browser. An attacker could exploit this vulnerability to corrupt the machine’s memory, eventually allowing them to execute code remotely in the context of the current users. A user could trigger this bug by either visiting a malicious web page while using Edge, or by accessing specially crafted content created by the attacker.

CVE-2019-0606 is a memory corruption vulnerability in Microsoft Internet Explorer. The problem lies in the way the web browser accesses objects in memory. An attacker could exploit this vulnerability by tricking a user into visiting a specially crafted website or user-created content in Internet Explorer. Once triggered, the attacker could gain the ability to execute code remotely in the context of the current user.

CVE-2019-0645 and CVE-2019-0650 are memory corruption vulnerabilities that exist in Microsoft Edge when the web browser fails to properly handle objects in memory. An attacker could exploit this vulnerability by tricking a user into visiting a maliciously crafted website in Edge, or clicking on specially crafted content. An attacker could use this bug to gain the ability to execute arbitrary code in the context of the current user.

These are the other critical vulnerabilities:

• CVE-2019-0594
• CVE-2019-0604
• CVE-2019-0605
• CVE-2019-0607
• CVE-2019-0618
• CVE-2019-0626
• CVE-2019-0634
• CVE-2019-0662

Important vulnerabilities

This release also contains 46 important vulnerabilities:

• CVE-2019-0540
• CVE-2019-0595
• CVE-2019-0596
• CVE-2019-0597
• CVE-2019-0598
• CVE-2019-0599
• CVE-2019-0600
• CVE-2019-0601
• CVE-2019-0602
• CVE-2019-0610
• CVE-2019-0613
• CVE-2019-0615
• CVE-2019-0616
• CVE-2019-0619
• CVE-2019-0623
• CVE-2019-0625
• CVE-2019-0627
• CVE-2019-0628
• CVE-2019-0630
• CVE-2019-0631
• CVE-2019-0632
• CVE-2019-0633
• CVE-2019-0635
• CVE-2019-0636
• CVE-2019-0637
• CVE-2019-0648
• CVE-2019-0649
• CVE-2019-0654
• CVE-2019-0656
• CVE-2019-0657
• CVE-2019-0658
• CVE-2019-0659
• CVE-2019-0660
• CVE-2019-0661
• CVE-2019-0664
• CVE-2019-0668
• CVE-2019-0671
• CVE-2019-0672
• CVE-2019-0673
• CVE-2019-0674
• CVE-2019-0675
• CVE-2019-0676
• CVE-2019-0686
• CVE-2019-0728

Moderate

There were also three moderate vulnerabilities in this release: CVE-2019-0641, CVE-2019-0643 and CVE-2019-0670.

Coverage

In response to these vulnerability disclosures, Talos is releasing the following SNORTⓇ rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.

Snort rules: 49128 - 49170