-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
********************************************************************
Title: Microsoft Security Update Releases
Issued: January 15, 2019
********************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2018-8416
* CVE-2019-0545
* CVE-2019-0546
* CVE-2019-0624
* CVE-2019-0646
* CVE-2019-0647
Revision Information:
=====================
- CVE-2018-8416 | .NET Core Tampering
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Revised the Security Updates table to
include PowerShell Core 6.1 and 6.2 because they are affected
by CVE-2018-8416. See
https://github.com/PowerShell/Announcements/issues/11 for more
information.
- Originally posted: November 13, 2018
- Updated: January 15, 2019
- Aggregate CVE Severity Rating: Moderate
- Version: 2.0
- CVE-2019-0545 | .NET Framework Information Disclosure
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Revised the Security Updates table to
include PowerShell Core 6.1 and 6.2 because they are affected
by CVE-2019-0545. See
https://github.com/PowerShell/Announcements/issues/10 for more
information.
- Originally posted: January 8, 2018
- Updated: January 15, 2019
- Aggregate CVE Severity Rating: Important
- Version: 2.0
- CVE-2019-0564 | ASP.NET Core Denial of Service Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Revised the Security Updates table to
include PowerShell Core 6.1 and 6.2 because they are affected
by CVE-2019-0564. See
https://github.com/PowerShell/Announcements/issues/12 for more
information.
- Originally posted: January 8, 2018
- Updated: January 15, 2019
- Aggregate CVE Severity Rating: Important
- Version: 2.0
- CVE-2019-0624 | Skype for Business 2015 Spoofing Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Information published.
- Originally posted: January 15, 2018
- Updated: N/A
- Aggregate CVE Severity Rating: Important
- Version: 1.0
- CVE-2019-0646 | Team Foundation Server Cross-site Scripting
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Information published.
- Originally posted: January 15, 2018
- Updated: N/A
- Aggregate CVE Severity Rating: Important
- Version: 1.0
- CVE-2019-0647 | Team Foundation Server Information Disclosure
Vulnerability
- https://portal.msrc.microsoft.com/en-us/security-guidance
- Reason for Revision: Information published.
- Originally posted: January 15, 2018
- Updated: N/A
- Aggregate CVE Severity Rating: Moderate
- Version: 1.0
********************************************************************
Other Information
=================
Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious websites. Microsoft does
not distribute security updates via email.
The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, PGP is not required for
reading security notifications, reading security bulletins, or
installing security updates. You can obtain the MSRC public PGP key
at <https://technet.microsoft.com/security/dn753714>.
********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************
Microsoft respects your privacy. Please read our online Privacy
Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>.
These settings will not affect any newsletters you've requested or
any mandatory service communications that are considered part of
certain Microsoft services.
For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.
This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEELieOGq60dXLTFHFj30/5BMNBVX8FAlw+GIUACgkQ30/5BMNB
VX8Mdg/+PAzJAzvff1j8ATFlyTVsSeMDmnYNQyxMaD5PEFRTZKVLBVKSCZfEWdBw
mLTIA9OKsPs235QsQm9UpiR3AroMItw7ayJl5SvRFpQtt3V/DBkfb1h4wDh+MKGc
A2ALMWvd1GSMp2p6RDtsUM99s0GRv9BRdp0DAnZe+2ZP++oZ0GUCOBqMhoVAKBR8
qcyhRG6VgNqndU6i7uVdh8U0hmgreDC4F432yOS3LcILqgy3Qvr+k7NdfgZYJ4p6
NoVTOSTMEsAYey/PchvlDXMKpUYCx2pEdMGSQTdSZfUAIllbmbwry6tVRbFEE3YJ
b6IryTZJK5A09PjUV6qZD6ezWycFEeU23OVEPhP/FZ/zn6y01ZzdgJFlD7a8xWmu
Qizxown0Ca6zjYP/LjIlpGhNnWUONTVv/5KmIizvYsBCw3O59DzgFq87eXK1GYRy
7V2DFiTgC4cx5J1WAHHpmd/xjDmKZbtd4ZpDqKj4ued5L8pp18A24W62fliXMQ9X
p03uS/oU5At1l0ZaMlRZ9f8o1Rq+2ltqBddPSpBHwJ0dWHbJOnAHl7U/GPA8YqKR
oPaMEPwSNLyxq7EnnyWPSUEqkUNZ7fT3xpXp3ioMecjpF4ETrbUt/UVHM0cwMdVX
lxBhDb+EsJDCzI82mLqQTjNDva+WLHIPFnODGjbe3dIY54fBckk=
=q7K0
-----END PGP SIGNATURE-----
If you would prefer not to receive future technical security
notification alerts by email from Microsoft and its family of
companies please visit the following website to unsubscribe: https://account.m
icrosoft.com/profile/unsubscribe?CTID=0&ECID=LW8cXn8dU%2F2SnEBh0jrrOfHs%2FBJ73I
9wcTjpGCrjNMw%3D&K=8c6be687-2644-4a95-9157-d0315ab96709&CMID=null&D=63683115536
5840904&PID=18000&TID=adfd46f4-992a-45ec-935c-4c9bc4baf506
---
■ Synchronet ■ Net 340
|
