Introduction to Patch Tuesday
In an effort to simplify the OS update/fix process, Microsoft introduced what is known as “Patch Tuesday”. This first came out in October 2003. The primary goal of this is to reduce the cost of software upgrade/patch distribution by accumulating software vulnerability fixes over the period of a month and then releasing it to the public in one package on the second Tuesday of each month. Tuesday was chosen for this so that there would be plenty of time available before the upcoming weekend to resolve any issues that may have come about. These software patches/upgrades become available at 17:00 UTC, and appear in the “Download Center” of the computer or server. It is important to note that Patch Tuesday tends to have more software upgrades/patches bundled in even-numbered months and lesser in odd number months.
In this blog, we review some of the software patches/upgrades for this month’s Patch Tuesday.
The Patch Tuesday for February 2019
For this month, here are some of the vulnerabilities that have been deemed to be critical by Microsoft:
CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652 & CVE-2019-0655:
All of these vulnerabilities have to deal with the scripting engine found in Windows 10, especially when it comes to processing any related objects that are found in the Edge web browser memory. Through this particular vulnerability, a Cyber attacker could easily corrupt the memory and execute malicious code. This malware can be very easily triggered if the end user just happens to browse to a website that contains malicious source code behind it.
This is the same type of vulnerability just described above, but instead, it impacts the Internet Explorer web browser.
CVE-2019-0645 & CVE-2019-0650:
This is also the same type of vulnerability just described, but rather than tricking the end user to visit a malicious website, the Malware is spread by a Phishing Email or a spoofed Instant Message, and also enticing them to open up an attachment via or both mechanisms. This has a specific impact on the Edge web browser.
This particular vulnerability deals with Microsoft SharePoint. This is considered to be a Remote Code Execution weakness when this software package fails to complete a check process on the Source Code markup for any application related files that are uploaded to SharePoint. From this point, the malware will impact not only that specific SharePoint portal where the files were uploaded to, but it could carry grave consequences to the other SharePoint servers in that particular server farm.
This is another type of Remote Code Execution weakness, but this particular one impacts the Windows Graphics Device Interface (GDI). A Cyber attacker can gain full control of an impacted GDI system, and from there, they can edit, modify, revise or even delete any kind of information and data. They can also create phony accounts and give them full administrative rights and privileges.
There are two ways in which the Cyber attacker can further exploit this security weakness:
This is also another type of Remote Code Execution weakness, but this one impacts the Windows Server DHCP Services. In this scenario, the Cyber attacker transmits malformed Data Packets to a DHCP Server, and from there, once the memory and the processes of that particular server have greatly slowed down, malicious Source Code can then be injected into the DHCP Server.
This vulnerability deals specifically with the Edge web browser, especially in the way that it can access the various objects that are found in the computer’s memory. If a Cyber attacker takes advantage of this weakness, the malicious Source Code can be injected into it, and they can also gain full administrative rights and privileges. At this point, they can then modify, edit, revise or even delete any information and data; and even create other phony user accounts and assign them administrative rights as well.
Conclusions
Overall, this blog has provided an insight as to how the Microsoft software upgrade/patching process came into existence, as well as a detailed examination of the critical vulnerabilities for this month. It is important to keep in mind that this list is not comprehensive by any means, there are also plenty of vulnerabilities that are assigned as “Important” and “Moderate” by Microsoft. Further details on this can be found by clicking on this link.
It is also important to keep in mind that the next Patch Tuesday will come out on March 12th.