쏭팩

********************************************************************

Title: Microsoft Security Update Releases

Issued: January 15, 2019

********************************************************************

Summary

=======

The following CVEs have undergone a major revision increment:

* CVE-2018-8416

* CVE-2019-0545

* CVE-2019-0546

* CVE-2019-0624

* CVE-2019-0646

* CVE-2019-0647

Revision Information:

=====================

- CVE-2018-8416 | .NET Core Tampering 

  Vulnerability

- https://portal.msrc.microsoft.com/en-us/security-guidance

- Reason for Revision: Revised the Security Updates table to

  include PowerShell Core 6.1 and 6.2 because they are affected

  by CVE-2018-8416. See 

  https://github.com/PowerShell/Announcements/issues/11 for more

  information.

- Originally posted: November 13, 2018

- Updated: January 15, 2019

- Aggregate CVE Severity Rating: Moderate

- Version: 2.0

- CVE-2019-0545 | .NET Framework Information Disclosure

  Vulnerability

- https://portal.msrc.microsoft.com/en-us/security-guidance

- Reason for Revision: Revised the Security Updates table to

  include PowerShell Core 6.1 and 6.2 because they are affected

  by CVE-2019-0545. See 

  https://github.com/PowerShell/Announcements/issues/10 for more

  information.

- Originally posted: January 8, 2018

- Updated: January 15, 2019

- Aggregate CVE Severity Rating: Important

- Version: 2.0

- CVE-2019-0564 | ASP.NET Core Denial of Service Vulnerability

- https://portal.msrc.microsoft.com/en-us/security-guidance

- Reason for Revision: Revised the Security Updates table to

  include PowerShell Core 6.1 and 6.2 because they are affected

  by CVE-2019-0564. See 

  https://github.com/PowerShell/Announcements/issues/12 for more

  information.

- Originally posted: January 8, 2018

- Updated: January 15, 2019

- Aggregate CVE Severity Rating: Important

- Version: 2.0

- CVE-2019-0624 | Skype for Business 2015 Spoofing Vulnerability

- https://portal.msrc.microsoft.com/en-us/security-guidance

- Reason for Revision: Information published.

- Originally posted: January 15, 2018

- Updated: N/A

- Aggregate CVE Severity Rating: Important

- Version: 1.0

- CVE-2019-0646 | Team Foundation Server Cross-site Scripting

  Vulnerability

- https://portal.msrc.microsoft.com/en-us/security-guidance

- Reason for Revision: Information published.

- Originally posted: January 15, 2018

- Updated: N/A

- Aggregate CVE Severity Rating: Important

- Version: 1.0

- CVE-2019-0647 | Team Foundation Server Information Disclosure

  Vulnerability

- https://portal.msrc.microsoft.com/en-us/security-guidance

- Reason for Revision: Information published.

- Originally posted: January 15, 2018

- Updated: N/A

- Aggregate CVE Severity Rating: Moderate

- Version: 1.0