VERT Threat Alert: February 2019 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s February 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-817 on Wednesday, February 13th. In-The-Wild & Disclosed CVEs CVE-2019-0676The first vulnerability in the list today is an Internet Explorer vulnerability that is already seeing active exploitation. A flaw in how IE handles objects in memory can disclose the presence of files on disk when targets visit a malicious website. In order to exploit this, the attacker would have to convince the target to visit the malicious website.Microsoft has rated this as a 0 on the Exploitability Index (Exploitation Detected).CVE-2019-0636A vulnerability exists within Windows that could allow code executed on a system to read the contents of files on the disk that it should not be able to access. This vulnerability has been publicly disclosed but has not seen active exploitation.Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).CVE-2019-0686A vulnerability exists in the communication between Exchange Web Services clients and Exchange Severs that could allow a man-in-the-middle attacker to forward authentication requests to the Exchange Server and access the mailbox of other users. This vulnerability has been publicly disclosed but has not seen active exploitation.Microsoft has rated this as a 1 on the Exploitability Index (Exploitation More Likely).CVE Breakdown by TagWhile historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.  Other InformationIn addition to the Microsoft vulnerabilities included in the January Security Guidance, a pair of Adobe bulletins are available today.February 2019 Adobe Flash Update [ADV190003]Microsoft released an update for Adobe Flash. This corresponds with Adobe Update APSB19-08 and includes CVE-2019-7090.Security Bulletin for Adobe Acrobat and Reader [APSB19-07]Adobe has released security updates for Adobe Acrobat and Reader. This includes fixes for 70 CVEs.