09
Jan 19

Patch Tuesday, January 2019 Edition

Microsoft on Tuesday released updates to fix roughly four dozen security issues with its Windows operating systems and related software. All things considered, this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates or zero-day exploits. But there are a few spicy bits to keep in mind. Read on for the gory details.

The updates released Tuesday affect Windows, Internet Explorer and Edge, Office, Sharepoint, .NET Framework and Exchange. Patches are available for all client and server versions of Windows, but none of the “critical” flaws — those that can lead to a remote system compromise without any help from users — apply to Windows 7 or Windows 8.1, according to Martin Brinkmann at Ghacks.net.

Mercifully, none of the vulnerabilities fixed in Tuesday’s bundle are being actively exploited, although one (CVE-2019-0579) was publicly disclosed prior to the patch release, meaning attackers may have had a head start figuring out how to exploit it. This bug is one of 11 that Microsoft fixed in its Jet Database Engine.

Among the more eyebrow-raising flaws fixed this week is CVE-2019-0547, a weakness in the Windows component responsible for assigning Internet addresses to host computers (a.k.a. “Windows DHCP client”). According to security vendor Tenable, this is the most severe bug of the entire patch batch.

“In order to exploit the vulnerability, an attacker would need to be able to send a specially crafted DHCP response to its target, allowing them to run arbitrary code on the client machine,” said Satnam Narang, senior research engineer at Tenable.

Tuesday’s update bundle also includes a fix that Microsoft released late last month as an emergency patch to plug a zero-day flaw in Internet Explorer (CVE-2018-8653) that attackers are already exploiting. Experts at Recorded Future say that vulnerability continues to be exploited in the wild, with several exploit kits now including the publicly released proof-of-concept code into their platforms.

“If you have not patched this vulnerability yet, it should be the number one priority,” writes Allan Liska, senior solutions architect at Recorded Future.

It generally can’t hurt for Windows users to wait a day or two after Microsoft releases monthly security updates before installing the fixes; occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out.

Case in point: Computerworld’s Woody Leonhard notes that multiple organizations are reporting problems with their file-sharing operations after installing this month’s patch rollup.

Windows 10 likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update. Also, it’s a good idea to get in the habit of backing up your data before installing Windows updates.

Adobe released an update for its Flash Player plugin, but alas there don’t appear to be any security fixes in it. However, the company last Thursday did release new versions of its Adobe Acrobat and Reader that correct at least two critical vulnerabilities in each.

If you experience any problems installing any of these patches this month, please feel free to leave a comment about it below; there’s a good chance other readers have experienced the same and may even chime in here with some helpful tips.

Tags: , , , , , , , , , ,

43 comments

  1. The Sunshine State

    Thanks for posting !

    • I have had a new Windows 10 Pro computer for about 6 months now and have received all the Tuesday “patches/update without any hiccups whatsoever. Are there certain obscure apps or programs that seem to cause this?

  2. My respect for Krebs on Security increased even more after noting your references to Ghacks and Woody Leonard, which I have visited daily for years.

  3. “…this first Patch Tuesday of 2019 is fairly mild, bereft as it is of any new Adobe Flash updates…”

    I received KB4480979 this morning, a Flash security update (https://support.microsoft.com/en-us/help/4480979/update-for-adobe-flash-player).

    Anyway, I crossed my fingers and restarted my system this morning and it updated just fine and is running as smoothly as ever. Another bullet dodged.

    • I haven’t needed Adobe Flash for over a year now. I’m talking about the separate app. I use Chrome primarily, but have tested Firefox and Internet Explorer for functionality on most web site videos. I haven’t run into a site that doesn’t work without the separate app for just as many years.

      Good ol’ Active X. NPAPI, and PPAPI are finally dumped in the trash! THANKFULLY. I’ll never have to worry about it again!

  4. Patch Tuesday, useless computer Wednesday

  5. MS already sent me a substantial update early this week (Monday Jan 7) followed by more this morning (Weds Jan 9).

    Curious, Brian, that you just ran a posting on cheap eBay MS Office packages being too good to be true. This weeks MS update must have included an authenticity or expiry check that did not like my MS Office Key. I started getting the message pop up: “register in 30 days, online or by phone”, every time I opened an Office package. Got 27 days left before it shuts down.

    I gave MS my eBay purchased key and it was rejected as invalid. That key worked when I purchased the software and downloaded it 3 months ago; why not now?

    The eBay seller’s reply: “buy another key”.

  6. A friend of mine installed KB4480970 on his shop’s registers. After a reboot the secondary registers could no longer talk to the primary’s SQL database. I could ping the primary but couldn’t connect in any other way. Ended up backing out the patch and everything came back online.

    • Brian — After reading these several comments re KB4480970 (2019-01 Security Monthly Quality Rollup for Windows 7 for x64-based Systems, 240.3 MB), labelled “Important,” I’m wondering if it should *not* be installed currently? (I get Windows Updates automatically and get alerted, but choose not to have them install automatically.)

      Glad I disovered your blog last year — between your own posting and others’ follow-up comments, it’s very helpful to me as a semi-naive home user.

      • Follow-up: I installed today 6 of the 7 “Important” updates downloaded; left KB4480970 for later. Wonder when it will be unrisky to install? MS indicates on its linked “More information” page for this update that they’re aware of the 2 issues, are working to fix, suggest (semi-complex?) workarounds a/o 1/10/19. Any advice on timing here for safely installing this monthly security rollup?

  7. Customers can’t connect to file shares located on Windows 7 machines receive KB4480970 patch. Windows Explorer gives a “handle” error. Checking with “net use” via command line results in the same “handle” error, but with the additional detail of “System Error 6”. Rebooted, tested file shares to other servers, etc. Uninstalling the update, which installed on the machines in question at around 3AM “depending on the machine”, followed by a reboot, fixed the issue.

    • I found that by demoting accounts from Administrators to Users, they were able to access shared folders. Temporary fix…

      • I never access the network as an administrator anyway. That account is only for maintenance, updates, and installations.

    • I’ve had the same issue with a few customers today. I found re-mapping the network drives using the I.P. address instead of hostname worked for me.

  8. I’m going to throw in my addition that this patch had me banging my head against a wall this morning. Spent three hours trying to figure out why the bookkeeper for a SMB couldn’t access her QuickBooks on the other computer any more. It was working yesterday, so I checked the firewall, AV, shares, permissions, etc. etc. Finally, eating lunch, frustrated, reading KoS, I found the link to Woody that Brian included and that solved it. Uninstalled KB4480970 from the machine with QBs, rebooted and the bookkeeper could access the Company File again.

    A sincere thanks to Brian Krebs for timely article and links today.

    • This is the same issue I am having. We have 4 computers that share a server. Only 2 of our PC’s have quickbooks, Myself and the book keeper. After the new updates the book keeper and myself could not log into the server which means we cant use quickbooks either. The other 2 PC’s have no problem accessing the server.

  9. my Question is.??
    Why USA is number one, target for.crooks,fraudsters,cybercriminals??

    Why the USA Don’t Simple shut. the Doors!??
    what for USA Government officuals, CIA FBI, Homeland.Security .. getting. tax, payers. money for what?? for Not doing, Job!!

    like Kids, grow Up people

  10. Yeah – great QA testing by MS – haven’t had one of these gems in a while, as others have suggested, backout the updates and turn of auto updates. hopefully feedback gets back to MS asap.

  11. I got lucky…. KB4480970 failed installation with code x8000FFFF.
    Three times.

    I’ve blocked it.

  12. We were completely unable to see the server – my whole staff- until we removed the patch.

  13. Of all the Microsoft alerts one of them is pretty interesting (CVE-2019-0586 ). Microsoft has rated this as ‘Important’…..but I feel it should be much higher….especially if someone publishes an exploit. All it takes is sending a ‘specially crafted’ email to get access to server and exploit further.

    • Randie R Enigma

      @Hari I agreee – remotely exploitable, execution as SYSTEM, on a high value server (mail server), easily targetable against a specific target, with no mitigations or workarounds available! If that isn’t critical I don’t know what would be! Perhaps MS think a vulnerability has to be known to be being actively exploited in the wild to qualify as critical nowadays?

      • Interesting.
        The IT wienie here had been having nothing but grief with our MS derange server today.
        Wonder if it is related to this patch…

  14. Jeremy Harewood

    I installed this update and my speakers stopped working, also my computer began running very slowly, Im using windows 7, when I used system restore to remove it, its all back to normal. Anyone else have a problem like this? I know how these updates mess up sometimes

    • You never know what factor can cause this. The two common in my experience is a hardware driver or an application. I have Win 7 too, and I haven’t had an issue in years. My PC is packed with hardware also, and the only gripe I had years ago was updates affecting Win7 on coming out of sleep mode; there again, it was a hardware driver issue. Haven’t had a blip since – God willing and the creek don’t rise!

  15. Jaybie Casillano

    Patch yesterday GMT +08:00 my Win 7 64bit assembled desktop and everything works fine so far (Jan 2019 Patches).

    BTW this machine doesn’t have MS Office installed.

  16. My SMB servers run SAMBA on Linux to avoid screwy nightmares like this, but Linux can sometimes have it’s own screwy nightmares with various stuff.

    My one and only Windows 7 workstation got through the most recent Patch Tuesday scare without any issues.

    Yes, I had to run Windows Update twice; for some reason one of the 2 patches offered/needed refused to load the first time, but it loaded the second time.

  17. https://helpx.adobe.com/security/products/flash-player/apsb19-01.html says Adobe DOES have security patches for Flash Player. However, their priority rating is a 3, which is the lowest in Adobe’s scale.

  18. Had a lot of customers with scanning issues today with W7. Ran across this article from the google. Thank you! Before I uninstalled the KB in question, I made a new user account on their W7 boxes and that took care of the scanning issue.

  19. If I have a router that does DHCP, do I need to be super worried about patching this Windows DHCP client bug?

    • I haven’t looked to close yet, but rogue systems could answer DHCP queries instead of your DHCP server. Also, depending on the bug, a client might respond to an unsolicited “reply”.

  20. For me, yet another Win 10 botched update here. I run two separate newish Dell laptops and both of them had their User files trashed.
    Programs won’t open, email not recognized, etc.
    Running Win 10 Pro. Hearing anything else like this? Too much of a coincidence to be a Microsoft problem.

  21. I found all of my Windows 7 computers lost the ability to network with KB4480970 installed. The errors are “[other path] is not accessible” and “source folder ___ is not found. The handle is invald.” A Windows 7 computer cannot communicate with another if either has KB4480970 installed. Uninstalling KB4480970 from all computers solved the problem immediately. An IT person I spoke with said all of his customers had the same problem.

    • Check here to resolve SMB issues…but you can only download from the catalog website. Requires a reboot, and can be scripted.

      Hope this helps!

      https://www.catalog.update.microsoft.com/Search.aspx?q=KB4487345

      • One note on this: just install this patch overtop of KB4480970. Near as I can tell, this new patch just undoes some registry changes that were changed w/ KB4480970. Of course, you can also just uninstall the original KB, but then you’re not patch compliant.

        I’ve also heard that it can also affect Windows 10 (which requires removing the offending update), but I didn’t see it personally.

  22. Jumpy Ledbetter

    A customer of mine had this issue. Uninstalled that patch so fast (and hid it when it came back) that the customer thinks we’re crazy smart or something.

    That’s not really the case. We just notice that older M$ O.S.s that have a shorter shelf life always have problems like these so we go straight to the updates, after a while at the command line.

    Does that huge company use a “B” team to develop and test patches for the older O.S.s?

    It’s like going to the fancy Japanese Steak House and watching the skilled chef at your table but then he brings out that poor apprentice to struggle with the bean sprouts.

  23. The January 2019 Windows 10 update crashed my computer and left it sitting in the Bios – with no functioning keys.

    Turned it off to find that it took ages to produce the ASUS startup logo and a swirly circle indicating it was doing ‘something’.

    Waited ten minutes before punching the F6 key. No problems after that. I think the punch did it. I hope AI Robots are better.

  24. KB4480979 detect illegal winloader activator, not spectre and meltdown variantes issues.

  25. Still can’t install KB4480978. It fails every time with 0x800f081f

    Same thing happened with December’s KB4483232. I was never able to install it. I noticed that it is no longer available to install through the automatic update feature.

  26. Still waiting to see if there are useful/needed mitigations on KB4480979, which I (accidentally) downloaded but haven’t installed yet. I keep “postponing” installation by 4-hr. segments (max possible), but it’ll finish installing itself if I want to shut down or restart my computer. I need to clear the cache*, so I do need to restart soon. I can’t find a way to get rid of the download — seems I have to let it install, and then uninstall it — if it doesn’t screw up some setting or utility on my computer that I wouldn’t know how to restore to previous state. — *Is there another way to clear the current-memory cache? (Win 7, HP laptop.)