August 2019 Microsoft Patch Tuesday
This month we got patches for 93 vulnerabilities total. According to Microsoft, none of them are being exploited.
Amongst critical vulnerabilities, it's worth mentioning CVE-2019-1181 and 2019-1182, which affects Remote Desktop Services (RDS) - formerly known as Terminal Services.
These vulnerabilities are pre-authentication and require no user interaction. Thus, just like Bluekeep, they are wormable.
The affected versions are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions. Windows XP, Windows Server 2003, and Windows Server 2008 are not affected.
See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
August 2019 Security Updates
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
Chakra Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2019-1131 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2019-1139 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2019-1140 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2019-1141 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2019-1195 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2019-1196 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2019-1197 | No | No | - | - | Critical | 4.2 | 3.8 |
DirectX Elevation of Privilege Vulnerability | |||||||
CVE-2019-1176 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Dynamics On-Premise Elevation of Privilege Vulnerability | |||||||
CVE-2019-1229 | No | No | Less Likely | Less Likely | Important | ||
Encryption Key Negotiation of Bluetooth Vulnerability | |||||||
CVE-2019-9506 | No | No | Less Likely | Less Likely | Important | 9.3 | 8.1 |
Git for Visual Studio Elevation of Privilege Vulnerability | |||||||
CVE-2019-1211 | No | No | Less Likely | Less Likely | Important | ||
HTTP/2 Server Denial of Service Vulnerability | |||||||
CVE-2019-9511 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
CVE-2019-9512 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
CVE-2019-9513 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
CVE-2019-9514 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
CVE-2019-9518 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
Hyper-V Remote Code Execution Vulnerability | |||||||
CVE-2019-0720 | No | No | Less Likely | Less Likely | Critical | 8.0 | 7.2 |
Jet Database Engine Remote Code Execution Vulnerability | |||||||
CVE-2019-1146 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1147 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1155 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1156 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1157 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
LNK Remote Code Execution Vulnerability | |||||||
CVE-2019-1188 | No | No | Less Likely | Less Likely | Critical | 7.5 | 6.7 |
MS XML Remote Code Execution Vulnerability | |||||||
CVE-2019-1057 | No | No | Less Likely | Less Likely | Important | 6.4 | 5.8 |
Microsoft Browser Memory Corruption Vulnerability | |||||||
CVE-2019-1193 | No | No | Less Likely | Less Likely | Important | 6.4 | 5.8 |
Microsoft Browsers Security Feature Bypass Vulnerability | |||||||
CVE-2019-1192 | No | No | More Likely | More Likely | Important | 2.4 | 2.2 |
Microsoft Defender Elevation of Privilege Vulnerability | |||||||
CVE-2019-1161 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Edge Information Disclosure Vulnerability | |||||||
CVE-2019-1030 | No | No | - | - | Important | 4.3 | 3.9 |
Microsoft Graphics Component Information Disclosure Vulnerability | |||||||
CVE-2019-1078 | No | No | More Likely | More Likely | Important | 5.5 | 5.0 |
CVE-2019-1148 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
CVE-2019-1153 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Microsoft Graphics Remote Code Execution Vulnerability | |||||||
CVE-2019-1144 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.9 |
CVE-2019-1145 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.9 |
CVE-2019-1149 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.9 |
CVE-2019-1150 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.9 |
CVE-2019-1151 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.9 |
CVE-2019-1152 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.9 |
Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing | |||||||
ADV190023 | Yes | No | - | - | |||
Microsoft Live Accounts Elevation of Privilege Vulnerability | |||||||
ADV190014 | No | No | - | - | Important | ||
Microsoft Office SharePoint XSS Vulnerability | |||||||
CVE-2019-1203 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Outlook Elevation of Privilege Vulnerability | |||||||
CVE-2019-1204 | No | No | More Likely | More Likely | Important | ||
Microsoft Outlook Memory Corruption Vulnerability | |||||||
CVE-2019-1199 | No | No | More Likely | More Likely | Critical | ||
Microsoft Outlook Remote Code Execution Vulnerability | |||||||
CVE-2019-1200 | No | No | Less Likely | Less Likely | Critical | ||
Microsoft SharePoint Information Disclosure Vulnerability | |||||||
CVE-2019-1202 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Windows Elevation of Privilege Vulnerability | |||||||
CVE-2019-1198 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability | |||||||
CVE-2019-1168 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Microsoft Word Remote Code Execution Vulnerability | |||||||
CVE-2019-1201 | No | No | More Likely | More Likely | Critical | ||
CVE-2019-1205 | No | No | Less Likely | Less Likely | Critical | ||
Outlook iOS Spoofing Vulnerability | |||||||
CVE-2019-1218 | No | No | - | - | Important | ||
Remote Desktop Protocol Server Information Disclosure Vulnerability | |||||||
CVE-2019-1224 | No | No | More Likely | More Likely | Important | 7.5 | 6.7 |
CVE-2019-1225 | No | No | More Likely | More Likely | Important | 7.5 | 6.7 |
Remote Desktop ServicesRemote Code Execution Vulnerability | |||||||
CVE-2019-1181 | No | No | More Likely | More Likely | Critical | 9.8 | 8.8 |
CVE-2019-1182 | No | No | More Likely | More Likely | Critical | 9.8 | 8.8 |
CVE-2019-1222 | No | No | More Likely | More Likely | Critical | 9.8 | 8.8 |
CVE-2019-1226 | No | No | More Likely | More Likely | Critical | 9.8 | 8.8 |
Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2019-1133 | No | No | Less Likely | Less Likely | Critical | 6.4 | 5.8 |
CVE-2019-1194 | No | No | Less Likely | Less Likely | Critical | 6.4 | 5.8 |
SymCrypt Information Disclosure Vulnerability | |||||||
CVE-2019-1171 | No | No | Less Likely | Less Likely | Important | 5.6 | 5.1 |
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2019-1169 | No | No | - | - | Important | 7.8 | 7.0 |
Windows ALPC Elevation of Privilege Vulnerability | |||||||
CVE-2019-1162 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.2 |
Windows DHCP Client Remote Code Execution Vulnerability | |||||||
CVE-2019-0736 | No | No | Less Likely | Less Likely | Critical | 9.8 | 8.8 |
Windows DHCP Server Denial of Service Vulnerability | |||||||
CVE-2019-1206 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
CVE-2019-1212 | No | No | Less Likely | Less Likely | Important | 9.8 | 8.8 |
Windows DHCP Server Remote Code Execution Vulnerability | |||||||
CVE-2019-1213 | No | No | - | - | Critical | 9.8 | 8.8 |
Windows Denial of Service Vulnerability | |||||||
CVE-2019-0716 | No | No | Less Likely | Less Likely | Important | 5.8 | 5.2 |
Windows Elevation of Privilege Vulnerability | |||||||
CVE-2019-1173 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2019-1174 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2019-1175 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2019-1178 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2019-1179 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2019-1180 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2019-1177 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2019-1184 | No | No | More Likely | More Likely | Important | 6.7 | 6.0 |
CVE-2019-1186 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows File Signature Security Feature Bypass Vulnerability | |||||||
CVE-2019-1163 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Graphics Component Information Disclosure Vulnerability | |||||||
CVE-2019-1143 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
CVE-2019-1154 | No | No | - | - | Important | 5.5 | 5.0 |
CVE-2019-1158 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Hyper-V Denial of Service Vulnerability | |||||||
CVE-2019-0714 | No | No | Less Likely | Less Likely | Important | 5.8 | 5.2 |
CVE-2019-0715 | No | No | Less Likely | Less Likely | Important | 5.8 | 5.2 |
CVE-2019-0717 | No | No | Less Likely | Less Likely | Important | 5.8 | 5.2 |
CVE-2019-0718 | No | No | Less Likely | Less Likely | Important | 5.8 | 5.2 |
CVE-2019-0723 | No | No | Less Likely | Less Likely | Important | 5.8 | 5.2 |
Windows Hyper-V Remote Code Execution Vulnerability | |||||||
CVE-2019-0965 | No | No | Less Likely | Less Likely | Critical | 7.6 | 6.8 |
Windows Image Elevation of Privilege Vulnerability | |||||||
CVE-2019-1190 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Information Disclosure Vulnerability | |||||||
CVE-2019-1172 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.9 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2019-1159 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
CVE-2019-1164 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
Windows Kernel Information Disclosure Vulnerability | |||||||
CVE-2019-1227 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
CVE-2019-1228 | No | No | - | - | Important | 5.5 | 5.0 |
Windows NTFS Elevation of Privilege Vulnerability | |||||||
CVE-2019-1170 | No | No | More Likely | More Likely | Important | 7.9 | 7.1 |
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | |||||||
CVE-2019-1223 | No | No | More Likely | More Likely | Important | 7.5 | 6.7 |
Windows Subsystem for Linux Elevation of Privilege Vulnerability | |||||||
CVE-2019-1185 | No | No | - | - | Important | ||
Windows VBScript Engine Remote Code Execution Vulnerability | |||||||
CVE-2019-1183 | No | No | Less Likely | Less Likely | Critical | 7.5 | 6.7 |
XmlLite Runtime Denial of Service Vulnerability | |||||||
CVE-2019-1187 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|
Comments