Today is Microsoft's January*2019*Patch Tuesday, which means it is first time in 2019 that you get to update Windows! *Included in this month's security updates is a Critical update that*was publicly exposed, so it is important that you install all available updates as soon as possible to protect your computer.
With the release of the the January security updates, Microsoft has fixed 51 vulnerabilities, including Adobe Flash Player and Servicing Stack Updates (SSU), with 7*of them being labeled as Critical.
For information about the non-security Windows updates, you can read about today's*Windows 10 Cumulative Updates.
Interesting vulnerabilities from the Jan 2019 updates

DHCP vulnerability*

A vulnerability (CVE-2019-0547)*was discovered internally by*Mitch Adair of the*Microsoft Windows Enterprise Security Team, that could allow an attacker to send a specially crafted DHCP response to a client in order to perform arbitrary code execution on the client.
"A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.To exploit the vulnerability, an attacker could send a specially crafted DHCP responses to a client."

Two Windows Hyper-V vulnerabilities that can execute code on the host

This Patch Tuesday included security updates that fix two vulnerabilities (CVE-2019-0550*& CVE-2019-0551)*in Hyper-V that could allow malware on the guest to execute code on the host operating system.
"To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code."
This is particularly scary for researchers who use Hyper-V to analyze malware samples.
Skype for Android vuln could bypass lock screen

A vulnerability in Skype for Android (CVE-2019-0622) was fixed that could have allowed attackers who had physical access to an Android device to bypass the lock screen.
This would allow them gain access to the victim's personal information.
Jet Database Engine RCE vulnerability publicly disclosed

According to Microsoft, a Jet Database Engine RCE vulnerability (CVE-2019-0579) was publicly disclosed but is not known to be actively exploited in the wild.
According to*Mitja Kolsek,*CEO of ACROS Security &*Co-founder of 0patch, this could be the vulnerability publicly disclosed by Zero Day Initiative, but which had a incomplete security update by Microsoft. After discovering the imperfect update, Kolsek's*team released a micropatch to correct it.
Critical Vulnerabilities fixed in the January 2019*Patch Tuesday updates

This Patch Tuesday fixes 7*Critical security vulnerabilities in Microsoft products. These vulnerabilities are the most dangerous as they could allow a remote attacker to execute commands on a vulnerable computer and essentially take full control over it.
Of the 7*Critical vulnerabilities, 3 were for the Chakra Scripting Engine, which we commonly see in these write ups,* 2 are for Windows Hyper-V, one and each for the Windows DHCP Client and Microsoft Edge.
CVE-2019-0539 - Chakra Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites*or advertisements.
CVE-2019-0547 - Windows DHCP Client Remote Code Execution Vulnerability
As explained above, this vulnerability allows an attacker to send a specially crafted DHCP response back to the client to perform arbitrary code execution.
CVE-2019-0550 - Windows Hyper-V Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.
CVE-2019-0551 - Windows Hyper-V Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.
CVE-2019-0565 - Microsoft Edge Memory Corruption Vulnerability
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge, and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements by adding specially crafted content that could exploit the vulnerability.
CVE-2019-0567 - Chakra Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites*or advertisements.
CVE-2019-0568 - Chakra Scripting Engine Memory Corruption Vulnerability
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites*or advertisements.
The January 2019*Patch Tuesday Security Updates

Below is the full list of vulnerabilities resolved by the January 2019*Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
Tag CVE ID CVE Title
.NET Framework CVE-2019-0545 .NET Framework Information Disclosure Vulnerability
Adobe Flash Player ADV190001 January 2019 Adobe Flash Update
Android App CVE-2019-0622 Skype for Android Elevation of Privilege Vulnerability
ASP.NET CVE-2019-0548 ASP.NET Core Denial of Service Vulnerability
ASP.NET CVE-2019-0564 ASP.NET Core Denial of Service Vulnerability
Internet Explorer CVE-2019-0541 MSHTML Engine Remote Code Execution Vulnerability
Microsoft Edge CVE-2019-0565 Microsoft Edge Memory Corruption Vulnerability
Microsoft Edge CVE-2019-0566 Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Exchange Server CVE-2019-0586 Microsoft Exchange Memory Corruption Vulnerability
Microsoft Exchange Server CVE-2019-0588 Microsoft Exchange Information Disclosure Vulnerability
Microsoft JET Database Engine CVE-2019-0576 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0538 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0575 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0577 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0582 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0583 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0584 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0581 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0578 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0579 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0580 Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0560 Microsoft Office Information Disclosure Vulnerability
Microsoft Office CVE-2019-0561 Microsoft Word Information Disclosure Vulnerability
Microsoft Office CVE-2019-0585 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0559 Microsoft Outlook Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2019-0562 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2019-0556 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2019-0558 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2019-0557 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2019-0568 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0567 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0539 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2019-0574 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0573 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0571 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0572 Windows Data Sharing Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0543 Microsoft Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0570 Windows Runtime Elevation of Privilege Vulnerability
Microsoft XML CVE-2019-0555 Microsoft XmlDocument Elevation of Privilege Vulnerability
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Visual Studio CVE-2019-0537 Microsoft Visual Studio Information Disclosure Vulnerability
Visual Studio CVE-2019-0546 Visual Studio Remote Code Execution Vulnerability
Windows COM CVE-2019-0552 Windows COM Elevation of Privilege Vulnerability
Windows DHCP Client CVE-2019-0547 Windows DHCP Client Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-0550 Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-0551 Windows Hyper-V Remote Code Execution Vulnerability
Windows Kernel CVE-2019-0569 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0536 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0554 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-0549 Windows Kernel Information Disclosure Vulnerability
Windows Subsystem for Linux CVE-2019-0553 Windows Subsystem for Linux Information Disclosure Vulnerability