LASER_oneXM

Level 33
Verified
MS-ISAC ADVISORY NUMBER: 2019-020
DATE(S) ISSUED: 02/12/2019

OVERVIEW:

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
SYSTEMS AFFECTED:
  • ChakraCore
  • Edge
  • Excel 2010, 2013, 2013 RT, 2016
  • Excel Viewer
  • Exchange Server 2010, 2013, 2016, 2019
  • Internet Explorer 9, 10, 11
  • Java SDK Azure IoT
  • .NET Core 2.1, 2.2
  • .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2
  • Microsoft Office 2010, 2013, 2013 RT, 2016, 2019
  • Office 365 ProPlus
  • Microsoft Office Compatibility Pack
  • Office Word Viewer
  • PowerPoint Viewer
  • SharePoint Enterprise Server 2013, 2016
  • SharePoint Foundation 2013
  • SharePoint Server 2010, 2019
  • Visual Studio 2015, 2017
  • Visual Studio Code
  • Windows 7, 8.1, RT 8.1, 10
  • Windows Server (Core Installation) 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
  • Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019