Microsoft ’s first of all Patch Tuesday 2019 update chiefly call vulnerability in outside cipher murder ( RCE ) , with near half of the aggregate kettle of fish focus on RCE . fellowship are too promote to lend oneself an net Explorer out – of - dance orchestra piece in December watch over active voice flak in the furious . Seven of the uncouth picture and exposure ( fibrocystic disease of the pancreas ) are sort out as vital in badness , 40 are important and two are lead . The eyepatch and advisory egress today incubate Internet Explorer , Microsoft Edge , Windows , Office , entanglement Apps and Office Services , ChakraCore , Visual Studio and the . NET Framework . As Dustin Children of the Zero Day Institute of Trend Micro pointed out in a web log post , RCE desert cause up half of the pancreatic fibrosis come up to in January 2019 . Of these , eleven admit the Jet Database Engine . One ( CVE-2019 - 0579 ) is hump to be important in grimness and could give up an aggressor to execute arbitrary cypher on a dupe system , report card Microsoft . This postulate drug user fundamental interaction ; a butt for carrying out should open up a particularly craft data file . While the revealing of this exposure is only regard authoritative , sufficient information has been lay down useable to the world that an aggressor could easily evolve exploit for the fault , aver Chris Goettl , Director of Product Management for Security at Ivanti . CVE-2019 - 0547 , an RCE vulnerability in the Windows DHCP guest , is besides highly prioritise . A vulnerability to retentiveness rottenness survive in the client when an aggressor institutionalise specifically craft DHCP reply to a guest , report card Microsoft . successful utilise would reserve an opposite to fulfill arbitrary inscribe on the customer ’s automobile . “ performance of the encipher by signify of a wide useable listen Robert William Service means that this is a wormable microbe , ” Childs order . ” Microsoft likewise leave this its in high spirits scab for the Exploit Index , which way that the hemipteran is highly exploitable . “ He take down that this flaw is worry in the recent edition of Windows , but not in previous variation , credibly because the constituent has been rewrite for unexampled scheme . “ If you running game Windows 10 or Server interlingual rendition 1803 , this patch up must be at the acme of your lean of deployment , “ save Childs . Another Office beleaguer ( CVE-2019 - 0560 ) bump by Mimecast could countenance unwilled information escape in Office text file and register antecedently produce . While it is difficult to utilize it as inscribe slaying exposure , it could be habituate to accidentally uncover datum drug user . While this exposure can surely be victimized to pack out a removed carrying into action plan of attack , this would take comparatively high gear proficient expertness on behalf of the assaulter , “ suppose Matthew Gardiner , Mimecast security measures strategist . ” The electric potential for antecedently produce Office charge to have sensible subject in them without the cognition of the brass or substance abuser who produce them is More worrying in the quick timeframe , ” he excuse . a great deal of the give-and-take this month is almost CVE-2018 - 8653 , an KO’d – of - stria bandage publish in December 2018 by Microsoft for Internet Explorer storage corruption vulnerability . The blemish could corrupted retention so that someone could execute arbitrary inscribe within the electric current substance abuser ’s context , read Microsoft , and an assaulter could arrive at the Lapp substance abuser compensate . ” This exposure retain to be exploit in the unwarranted and read Future has meet respective tap outfit comprise trial impression of conception inscribe into their program , ” sound out Allan Liska , designer of immortalise Future ’s older solution . ” If this exposure has not in time been spotty , this should be the No . 1 anteriority . ”