Microsoft issued the January 2019 Security Updates that include nearly 50 unique vulnerability fixes, 7 of them rated critical.
The updates address multiple Microsoft products to include, but not limited to: Windows, Edge, Office, Office Services and Web Apps, ChakraCore, .NET Framework, ASP.NET, Exchange Server, and Microsoft Visual Studio.
As of the security update release on Tuesday, none of the vulnerabilities were actively exploited.
However, one of the vulnerabilities (CVE-2019-0579) impacts
Jet Database Engine and was publicly released just before the patch. So attackers could get a head start on developing active exploits on this bug.
According to Microsoft, “a remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory.”
Two of the critical bugs CVE-2019-0550 and CVE-2019-0551 also impact Hyper-V and could lead to remote code execution.
Also, a number of workstation related patches address critical vulnerabilities in Microsoft browsers. Three of of the memory corruption bugs impact Chakra scripting engine and one for Edge browsers.
Out-of-band Internet Explorer Patch
On December 19, Microsoft issued an out-of-band patch (CVE-2018-8653) for Internet Explorer 9, 10 and 11 after targeted attacks against this vulnerability were discovered in the wild. This patch should also be prioritized for workstations, along with other critical patches.
See the Security Update Guide and January summary release notes for more details on all patches.