Microsoft Security Update Releases Issued: January 15, 2019

********************************************************************
Title: Microsoft Security Update Releases
Issued: January 15, 2019
********************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8416
* CVE-2019-0545
* CVE-2019-0546
* CVE-2019-0624
* CVE-2019-0646
* CVE-2019-0647

Revision Information:
=====================

– CVE-2018-8416 | .NET Core Tampering
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Security Updates table to
include PowerShell Core 6.1 and 6.2 because they are affected
by CVE-2018-8416. See
https://github.com/PowerShell/Announcements/issues/11 for more
information.
– Originally posted: November 13, 2018
– Updated: January 15, 2019
– Aggregate CVE Severity Rating: Moderate
– Version: 2.0

– CVE-2019-0545 | .NET Framework Information Disclosure
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Security Updates table to
include PowerShell Core 6.1 and 6.2 because they are affected
by CVE-2019-0545. See
https://github.com/PowerShell/Announcements/issues/10 for more
information.
– Originally posted: January 8, 2018
– Updated: January 15, 2019
– Aggregate CVE Severity Rating: Important
– Version: 2.0

– CVE-2019-0564 | ASP.NET Core Denial of Service Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Revised the Security Updates table to
include PowerShell Core 6.1 and 6.2 because they are affected
by CVE-2019-0564. See
https://github.com/PowerShell/Announcements/issues/12 for more
information.
– Originally posted: January 8, 2018
– Updated: January 15, 2019
– Aggregate CVE Severity Rating: Important
– Version: 2.0

– CVE-2019-0624 | Skype for Business 2015 Spoofing Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Information published.
– Originally posted: January 15, 2018
– Updated: N/A
– Aggregate CVE Severity Rating: Important
– Version: 1.0

– CVE-2019-0646 | Team Foundation Server Cross-site Scripting
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Information published.
– Originally posted: January 15, 2018
– Updated: N/A
– Aggregate CVE Severity Rating: Important
– Version: 1.0

– CVE-2019-0647 | Team Foundation Server Information Disclosure
Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance
– Reason for Revision: Information published.
– Originally posted: January 15, 2018
– Updated: N/A
– Aggregate CVE Severity Rating: Moderate
– Version: 1.0