Critical Exchange Memory Corruption Vulnerability Fixed
Microsoft starts the new year with a bang: January's Patch Tuesday includes a list of 49 security fixes. None of the vulnerabilities have been reported as being actively exploited at the time of writing. However, the 7 critical vulnerabilities which are patched with this monthly update should provide anyone with more than enough motivation to update their environment.
In addition to the 7 critical vulnerabilities, Microsoft lists 40 important fixes and two advisories regarding Internet Explorer, Edge, ChakraCore, Microsoft Windows, Microsoft Office, Microsoft Office Services and Web Apps, Visual Studio, and .NET Framework.
The Exchange vulnerability (CVE-2019-0586) allows attackers to run arbitrary code in the context of the System user. This is a special case because of the method that can be used to successfully exploit the vulnerability. Attackers can exploit the vulnerability just by sending the Exchange server a specially crafted email. Since a big part of what an Exchange server does is receiving emails, it is obvious this should be at the top of your test and deploy list.
Similar to previous months, we've created a report which checks if the assets in your network are on the latest Microsoft roll-up update. Additionally, it's color-coded to give you an easy and quick overview which assets are already on the latest Windows update, and which ones still need to be patched.
Before you start deploying, take a moment to test for stability just to avoid compatibility issues. If you haven't already, download a free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.