Microsoft Security Bulletin Coverage for February 2019

By

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of February 2019. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2019-0540 Microsoft Office Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-0590 Scripting Engine Memory Corruption Vulnerability
IPS 14016:Scripting Engine Memory Corruption Vulnerability (FEB 19) 4
CVE-2019-0591 Scripting Engine Memory Corruption Vulnerability
IPS 14017:Scripting Engine Memory Corruption Vulnerability (FEB 19) 5
CVE-2019-0593 Scripting Engine Memory Corruption Vulnerability
IPS 13938:HTTP Client Shellcode Exploit 111
CVE-2019-0594 Microsoft SharePoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0595 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0596 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0597 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0598 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0599 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0600 HID Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0601 HID Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0602 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0604 Microsoft SharePoint Remote Code Execution Vulnerability
IPS 14201:Microsoft SharePoint Remote Code Execution 4
CVE-2019-0605 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0606 Internet Explorer Memory Corruption Vulnerability
IPS 14018:Internet Explorer Memory Corruption Vulnerability (FEB 19) 1
CVE-2019-0607 Scripting Engine Memory Corruption Vulnerability
IPS 14019:Scripting Engine Memory Corruption Vulnerability (FEB 19) 6
CVE-2019-0610 Scripting Engine Memory Corruption Vulnerability
IPS 14020:Scripting Engine Memory Corruption Vulnerability (FEB 19) 7
CVE-2019-0613 .NET Framework and Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0615 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0616 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0618 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0619 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0621 Windows Kernel Information Disclosure Vulnerability
ASPY5385:Malformed-File exe.MP.56
CVE-2019-0623 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0625 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0626 Windows DHCP Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0627 Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-0628 Win32k Information Disclosure Vulnerability
ASPY5386:Malformed-File exe.MP.57
CVE-2019-0630 Windows SMB Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0631 Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-0632 Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-0633 Windows SMB Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0634 Microsoft Edge Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0635 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0636 Windows Information Disclosure Vulnerability
ASPY5387:Malformed-File exe.MP.58
CVE-2019-0637 Windows Defender Firewall Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-0640 Scripting Engine Memory Corruption Vulnerability
IPS 14023:Scripting Engine Memory Corruption Vulnerability (FEB 19) 8
CVE-2019-0641 Microsoft Edge Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-0642 Scripting Engine Memory Corruption Vulnerability
IPS 14024:Scripting Engine Memory Corruption Vulnerability (FEB 19) 9
CVE-2019-0643 Microsoft Edge Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0644 Scripting Engine Memory Corruption Vulnerability
IPS 14025:Scripting Engine Memory Corruption Vulnerability (FEB 19) 10
CVE-2019-0645 Microsoft Edge Memory Corruption Vulnerability
IPS 14027:Microsoft Edge Memory Corruption Vulnerability (FEB 19) 1
CVE-2019-0648 Scripting Engine Information Disclosure Vulnerability
IPS 14026:Scripting Engine Memory Corruption Vulnerability (FEB 19) 11
CVE-2019-0649 Scripting Engine Elevation of Privileged Vulnerability
There are no known exploits in the wild.
CVE-2019-0650 Microsoft Edge Memory Corruption Vulnerability
IPS 14028:Microsoft Edge Memory Corruption Vulnerability (FEB 19) 2
CVE-2019-0651 Scripting Engine Memory Corruption Vulnerability
IPS 14012:Scripting Engine Memory Corruption Vulnerability (FEB 19) 1
CVE-2019-0652 Scripting Engine Memory Corruption Vulnerability
IPS 14013:Scripting Engine Memory Corruption Vulnerability (FEB 19) 2
CVE-2019-0654 Microsoft Browser Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0655 Scripting Engine Memory Corruption Vulnerability
IPS 14014:Scripting Engine Memory Corruption Vulnerability (FEB 19) 3
CVE-2019-0656 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0657 .NET Framework and Visual Studio Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0658 Scripting Engine Information Disclosure Vulnerability
IPS 14015:Scripting Engine Information Disclosure Vulnerability (FEB 19) 1
CVE-2019-0659 Windows Storage Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0660 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0661 Windows Kernel Information Disclosure Vulnerability
ASPY5383:Malformed-File exe.MP.55
CVE-2019-0662 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0664 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0668 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0669 Microsoft Excel Information Disclosure Vulnerability
ASPY5384:Malformed-File xls.MP.65
CVE-2019-0670 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-0671 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0672 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0673 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0674 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0675 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0676 Internet Explorer Information Disclosure Vulnerability
IPS 14021:Internet Explorer Information Disclosure Vulnerability (FEB 19) 1
CVE-2019-0686 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0724 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0728 Visual Studio Code Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0729 Azure IoT Java SDK Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0741 Azure IoT Java SDK Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0742 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-0743 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.

Adobe Coverage

CVE-2019-7089
ASPY 5381 : Malformed-File pdf.MP.326
CVE-2019-7090
ASPY 5382 : Malformed-File swf.MP.599

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.