Microsoft Kicks Off 2019 With Medium Patch Load

Microsoft started the new year yesterday by issuing fixes for a near half century of vulnerabilities, although only seven were rated critical. Many of these were remote code execution (RCE) bugs, with experts agreeing that CVE-2019-0547 should be top of the priority list. This RCE vulnerability in the Windows DHCP Client was given Microsoft’s highest exploit index rating. “DHCP is a network management protocol often used to dynamically configure things like IP addresses for systems when they connect to a router,” explained Rapid7 senior security researcher, Greg Wiseman. “Any untrusted network, such as a random Wi-Fi hotspot in a coffee shop, is a potential vector for this attack.” Other critical flaws to look at first include three Chakra scripting engine memory corruption vulnerabilities (CVE-2019-0539, CVE-2019-0567, CVE-2019-0568); two Hyper-V RCEs (CVE-2019-0550, CVE-2019-0551); and CVE-2019-0565, a Microsoft Edge memory corruption vulnerability.