Patch Tuesday Archive
Patch Tuesday February 2019
Total CVEs
81
Critical
21
Important
52
Exploited
1
Publicly Disclosed
5
All CVEs this month 81
| CVE | Title | Severity | CVSS | Product | Exploited | Disclosed |
|---|---|---|---|---|---|---|
| CVE-2018-8654 | Microsoft Dynamics 365 Elevation of Privilege Vulnerability | Critical | - | Microsoft Dynamics | - | - |
| CVE-2019-0590 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0591 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0593 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0594 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0604 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0605 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0606 | Internet Explorer Memory Corruption Vulnerability | Critical | 7.5 |
Internet Explorer | - | - |
| CVE-2019-0607 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0618 | GDI+ Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Graphics Component | - | - |
| CVE-2019-0626 | Windows DHCP Server Remote Code Execution Vulnerability | Critical | 9.8 |
Windows DHCP Server | - | - |
| CVE-2019-0634 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Edge | - | - |
| CVE-2019-0640 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0642 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0644 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0645 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Edge | - | - |
| CVE-2019-0650 | Microsoft Edge Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Edge | - | - |
| CVE-2019-0651 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0652 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0655 | Scripting Engine Memory Corruption Vulnerability | Critical | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0662 | GDI+ Remote Code Execution Vulnerability | Critical | 8.8 |
Microsoft Graphics Component | - | - |
| ADV190003 | February 2019 Adobe Flash Security Update | Important | - | Adobe Flash Player | - | - |
| CVE-2019-0540 | Microsoft Office Security Feature Bypass Vulnerability | Important | - | Microsoft Office | - | - |
| CVE-2019-0595 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0596 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0597 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0598 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0599 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0600 | HID Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Windows | - | - |
| CVE-2019-0601 | HID Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Windows | - | - |
| CVE-2019-0602 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - |
| CVE-2019-0610 | Scripting Engine Memory Corruption Vulnerability | Important | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0613 | .NET Framework and Visual Studio Remote Code Execution Vulnerability | Important | - | .NET Framework | - | - |
| CVE-2019-0615 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - |
| CVE-2019-0616 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - |
| CVE-2019-0619 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - |
| CVE-2019-0621 | Windows Kernel Information Disclosure Vulnerability | Important | 5.5 |
Windows Kernel | - | - |
| CVE-2019-0623 | Win32k Elevation of Privilege Vulnerability | Important | 7 |
Windows Kernel | - | - |
| CVE-2019-0625 | Jet Database Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft JET Database Engine | - | - |
| CVE-2019-0627 | Windows Security Feature Bypass Vulnerability | Important | 5.3 |
Microsoft Windows | - | - |
| CVE-2019-0628 | Win32k Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - |
| CVE-2019-0630 | Windows SMB Remote Code Execution Vulnerability | Important | 7.5 |
Windows SMB Server | - | - |
| CVE-2019-0631 | Windows Security Feature Bypass Vulnerability | Important | 5.3 |
Microsoft Windows | - | - |
| CVE-2019-0632 | Windows Security Feature Bypass Vulnerability | Important | 5.3 |
Microsoft Windows | - | - |
| CVE-2019-0633 | Windows SMB Remote Code Execution Vulnerability | Important | 7.5 |
Windows SMB Server | - | - |
| CVE-2019-0635 | Windows Hyper-V Information Disclosure Vulnerability | Important | 5.4 |
Windows Hyper-V | - | - |
| CVE-2019-0636 | Windows Information Disclosure Vulnerability | Important | 5.5 |
Microsoft Windows | - | Yes |
| CVE-2019-0637 | Windows Defender Firewall Security Feature Bypass Vulnerability | Important | 5.3 |
Microsoft Windows | - | Yes |
| CVE-2019-0648 | Scripting Engine Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0649 | Scripting Engine Elevation of Privileged Vulnerability | Important | 4.2 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0654 | Microsoft Browser Spoofing Vulnerability | Important | 4.3 |
Microsoft Browsers | - | - |
| CVE-2019-0656 | Windows Kernel Elevation of Privilege Vulnerability | Important | 4.7 |
Windows Kernel | - | - |
| CVE-2019-0657 | .NET Framework and Visual Studio Spoofing Vulnerability | Important | - | .NET Framework | - | - |
| CVE-2019-0658 | Scripting Engine Information Disclosure Vulnerability | Important | 4.3 |
Microsoft Scripting Engine | - | - |
| CVE-2019-0659 | Windows Storage Service Elevation of Privilege Vulnerability | Important | 7 |
Microsoft Windows | - | - |
| CVE-2019-0660 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - |
| CVE-2019-0661 | Windows Kernel Information Disclosure Vulnerability | Important | 4.7 |
Windows Kernel | - | - |
| CVE-2019-0663 | Windows Kernel Information Disclosure Vulnerability | Important | 4.3 |
Windows Kernel | - | - |
| CVE-2019-0664 | Windows GDI Information Disclosure Vulnerability | Important | 4.7 |
Microsoft Graphics Component | - | - |
| CVE-2019-0668 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0669 | Microsoft Excel Information Disclosure Vulnerability | Important | - | Microsoft Office | - | - |
| CVE-2019-0671 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office | - | - |
| CVE-2019-0672 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - |
| CVE-2019-0673 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office | - | - |
| CVE-2019-0674 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | 7.8 |
Microsoft Office | - | - |
| CVE-2019-0675 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Important | - | Microsoft Office | - | - |
| CVE-2019-0686 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | - | Microsoft Exchange Server | - | Yes |
| CVE-2019-0724 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | - | Microsoft Exchange Server | - | Yes |
| CVE-2019-0728 | Visual Studio Code Remote Code Execution Vulnerability | Important | - | Visual Studio | - | - |
| CVE-2019-0729 | Azure IoT Java SDK Elevation of Privilege Vulnerability | Important | - | Azure | - | - |
| CVE-2019-0741 | Azure IoT Java SDK Information Disclosure Vulnerability | Important | - | Azure | - | - |
| CVE-2019-0742 | Team Foundation Server Cross-site Scripting Vulnerability | Important | - | Team Foundation Server | - | - |
| CVE-2019-0743 | Team Foundation Server Cross-site Scripting Vulnerability | Important | - | Team Foundation Server | - | - |
| CVE-2019-0641 | Microsoft Edge Security Feature Bypass Vulnerability | Moderate | 4.3 |
Microsoft Edge | - | - |
| CVE-2019-0643 | Microsoft Edge Information Disclosure Vulnerability | Moderate | 4.3 |
Microsoft Edge | - | - |
| CVE-2019-0670 | Microsoft SharePoint Spoofing Vulnerability | Moderate | - | Microsoft Office SharePoint | - | - |
| CVE-2019-0676 | Internet Explorer Information Disclosure Vulnerability | Low | 4.3 |
Internet Explorer | Yes | - |
| ADV190004 | February 2019 Oracle Outside In Library Security Update | Unknown | - | Microsoft Exchange Server | - | - |
| ADV190005 | Guidance to adjust HTTP/2 SETTINGS frames | Unknown | - | - | - | |
| ADV190006 | Guidance to mitigate unconstrained delegation vulnerabilities | Unknown | - | Microsoft Windows | - | - |
| ADV190007 | Guidance for "PrivExchange" Elevation of Privilege Vulnerability | Unknown | - | Microsoft Exchange Server | - | Yes |
Threat Categories 7
| Threat Category | CVEs | Critical |
|---|---|---|
| Remote Code Execution | 36 | 20 |
| Information Disclosure | 20 | - |
| Elevation of Privilege | 10 | 1 |
| Security Feature Bypass | 7 | - |
| Spoofing | 5 | - |
| Unknown | 2 | - |
| Defense in Depth | 1 | - |
Affected Products 21
| Product | CVEs | Exploited |
|---|---|---|
| Microsoft Scripting Engine | 15 | - |
| Microsoft Windows | 9 | - |
| Microsoft Graphics Component | 8 | - |
| Microsoft Office | 7 | - |
| Microsoft JET Database Engine | 6 | - |
| Windows Kernel | 6 | - |
| Microsoft Edge | 5 | - |
| Microsoft Office SharePoint | 4 | - |
| Microsoft Exchange Server | 4 | - |
| Internet Explorer | 2 | 1 |
| .NET Framework | 2 | - |
| Windows SMB Server | 2 | - |
| Azure | 2 | - |
| Team Foundation Server | 2 | - |
| Microsoft Dynamics | 1 | - |
| Windows DHCP Server | 1 | - |
| Adobe Flash Player | 1 | - |
| Windows Hyper-V | 1 | - |
| Microsoft Browsers | 1 | - |
| Visual Studio | 1 | - |
| Other | 1 | - |