This week, Microsoft has released its very first patch Tuesday update bundle for the year 2019. The January Patch Tuesday bundle seems a massive update as it addresses around 50 different vulnerabilities. These vulnerabilities include seven critical flaws and seventeen remote code execution flaws too.
Microsoft January Patch Tuesday Updates Fixed 7 Critical Flaws
The latest Microsoft January Patch Tuesday Update bundle has released this Tuesday carrying fixes for numerous bugs. This time, the update bundle fixed 50 different vulnerabilities, seven of which are critical in severity. Microsoft has been patching a huge number of security flaws with each Patch Tuesday update bundle for quite some time now.
The recent Patch Tuesday Updates allegedly fixed seven critical vulnerabilities as well. These bugs include two remote code execution flaws (CVE-2019-0550 and CVE-2019-0551) that existed in Windows Hyper-V; and five memory corruption vulnerabilities. Of these, three memory corruption flaws (CVE-2019-0539, CVE-2019-0567, and CVE-2019-0568) affected the Chakra Scripting Engine. Whereas one such flaw (CVE-2019-0547) existed in the Windows DHCP client, and the other one (CVE-2019-0565) existed in the Microsoft Edge web browser.
Microsoft confirmed no active exploitation of these critical bugs in the wild.
Other Vulnerabilities Also Fixed – No Zero-Days Spotted!
Apart from the seven critical flaws discussed above, Microsoft also fixed numerous other security flaws as well. These include 40 important vulnerabilities and one moderate vulnerability. The latter (CVE-2019-0546) existed in the Microsoft Visual Studio. Among the important vulnerabilities is also included a Microsoft Office information disclosure vulnerability (CVE-2019-0560). Exploiting this vulnerability could allow an attacker to access sensitive information from the leaked Office files.
Besides, this month, Microsoft has also patched the vulnerability in Skype for Android (CVE-2019-0622), that could trigger authentication bypass.
The past few months, Microsoft Patch Tuesday Update bundles have included fixes for some zero-day bugs as well. However, this time, no zero-day or actively exploited bugs were reported. The other software receiving fixes with this update include Microsoft Windows, Internet Explorer, .NET Framework, Microsoft Exchange Server, and ASP.NET.
Note that the update bundle comes right after Microsoft pulled back a non-security January update for Microsoft Excel 2010 due to a stability issues.