August 2019 Microsoft Patch Tuesday

Published: 2019-08-13. Last Updated: 2019-08-13 20:16:14 UTC
by Johannes Ullrich (Version: 1)

This month we got patches for 93 vulnerabilities total. According to Microsoft, none of them are being exploited.

Amongst critical vulnerabilities, it's worth mentioning CVE-2019-1181 and 2019-1182, which affects Remote Desktop Services (RDS) - formerly known as Terminal Services.

These vulnerabilities are pre-authentication and require no user interaction. Thus, just like Bluekeep, they are wormable.

The affected versions are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions. Windows XP, Windows Server 2003, and Windows Server 2008 are not affected.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

August 2019 Security Updates

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-1131	No	No	-	-	Critical	4.2	3.8
CVE-2019-1139	No	No	-	-	Critical	4.2	3.8
CVE-2019-1140	No	No	-	-	Critical	4.2	3.8
CVE-2019-1141	No	No	-	-	Critical	4.2	3.8
CVE-2019-1195	No	No	-	-	Critical	4.2	3.8
CVE-2019-1196	No	No	-	-	Critical	4.2	3.8
CVE-2019-1197	No	No	-	-	Critical	4.2	3.8
DirectX Elevation of Privilege Vulnerability
CVE-2019-1176	No	No	Less Likely	Less Likely	Important	7.0	6.3
Dynamics On-Premise Elevation of Privilege Vulnerability
CVE-2019-1229	No	No	Less Likely	Less Likely	Important
Encryption Key Negotiation of Bluetooth Vulnerability
CVE-2019-9506	No	No	Less Likely	Less Likely	Important	9.3	8.1
Git for Visual Studio Elevation of Privilege Vulnerability
CVE-2019-1211	No	No	Less Likely	Less Likely	Important
HTTP/2 Server Denial of Service Vulnerability
CVE-2019-9511	No	No	Less Likely	Less Likely	Important	7.5	6.7
CVE-2019-9512	No	No	Less Likely	Less Likely	Important	7.5	6.7
CVE-2019-9513	No	No	Less Likely	Less Likely	Important	7.5	6.7
CVE-2019-9514	No	No	Less Likely	Less Likely	Important	7.5	6.7
CVE-2019-9518	No	No	Less Likely	Less Likely	Important	7.5	6.7
Hyper-V Remote Code Execution Vulnerability
CVE-2019-0720	No	No	Less Likely	Less Likely	Critical	8.0	7.2
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1146	No	No	Less Likely	Less Likely	Important	7.8	7.0
CVE-2019-1147	No	No	Less Likely	Less Likely	Important	7.8	7.0
CVE-2019-1155	No	No	Less Likely	Less Likely	Important	7.8	7.0
CVE-2019-1156	No	No	Less Likely	Less Likely	Important	7.8	7.0
CVE-2019-1157	No	No	Less Likely	Less Likely	Important	7.8	7.0
LNK Remote Code Execution Vulnerability
CVE-2019-1188	No	No	Less Likely	Less Likely	Critical	7.5	6.7
MS XML Remote Code Execution Vulnerability
CVE-2019-1057	No	No	Less Likely	Less Likely	Important	6.4	5.8
Microsoft Browser Memory Corruption Vulnerability
CVE-2019-1193	No	No	Less Likely	Less Likely	Important	6.4	5.8
Microsoft Browsers Security Feature Bypass Vulnerability
CVE-2019-1192	No	No	More Likely	More Likely	Important	2.4	2.2
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2019-1161	No	No	Less Likely	Less Likely	Important
Microsoft Edge Information Disclosure Vulnerability
CVE-2019-1030	No	No	-	-	Important	4.3	3.9
Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2019-1078	No	No	More Likely	More Likely	Important	5.5	5.0
CVE-2019-1148	No	No	Less Likely	Less Likely	Important	5.5	5.0
CVE-2019-1153	No	No	Less Likely	Less Likely	Important	5.5	5.0
Microsoft Graphics Remote Code Execution Vulnerability
CVE-2019-1144	No	No	Less Likely	Less Likely	Critical	8.8	7.9
CVE-2019-1145	No	No	Less Likely	Less Likely	Critical	8.8	7.9
CVE-2019-1149	No	No	Less Likely	Less Likely	Critical	8.8	7.9
CVE-2019-1150	No	No	Less Likely	Less Likely	Critical	8.8	7.9
CVE-2019-1151	No	No	Less Likely	Less Likely	Critical	8.8	7.9
CVE-2019-1152	No	No	Less Likely	Less Likely	Critical	8.8	7.9
Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
ADV190023	Yes	No	-	-
Microsoft Live Accounts Elevation of Privilege Vulnerability
ADV190014	No	No	-	-	Important
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-1203	No	No	Less Likely	Less Likely	Important
Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2019-1204	No	No	More Likely	More Likely	Important
Microsoft Outlook Memory Corruption Vulnerability
CVE-2019-1199	No	No	More Likely	More Likely	Critical
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2019-1200	No	No	Less Likely	Less Likely	Critical
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2019-1202	No	No	Less Likely	Less Likely	Important
Microsoft Windows Elevation of Privilege Vulnerability
CVE-2019-1198	No	No	Less Likely	Less Likely	Important	6.5	5.9
Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability
CVE-2019-1168	No	No	Less Likely	Less Likely	Important	7.8	7.0
Microsoft Word Remote Code Execution Vulnerability
CVE-2019-1201	No	No	More Likely	More Likely	Critical
CVE-2019-1205	No	No	Less Likely	Less Likely	Critical
Outlook iOS Spoofing Vulnerability
CVE-2019-1218	No	No	-	-	Important
Remote Desktop Protocol Server Information Disclosure Vulnerability
CVE-2019-1224	No	No	More Likely	More Likely	Important	7.5	6.7
CVE-2019-1225	No	No	More Likely	More Likely	Important	7.5	6.7
Remote Desktop ServicesRemote Code Execution Vulnerability
CVE-2019-1181	No	No	More Likely	More Likely	Critical	9.8	8.8
CVE-2019-1182	No	No	More Likely	More Likely	Critical	9.8	8.8
CVE-2019-1222	No	No	More Likely	More Likely	Critical	9.8	8.8
CVE-2019-1226	No	No	More Likely	More Likely	Critical	9.8	8.8
Scripting Engine Memory Corruption Vulnerability
CVE-2019-1133	No	No	Less Likely	Less Likely	Critical	6.4	5.8
CVE-2019-1194	No	No	Less Likely	Less Likely	Critical	6.4	5.8
SymCrypt Information Disclosure Vulnerability
CVE-2019-1171	No	No	Less Likely	Less Likely	Important	5.6	5.1
Win32k Elevation of Privilege Vulnerability
CVE-2019-1169	No	No	-	-	Important	7.8	7.0
Windows ALPC Elevation of Privilege Vulnerability
CVE-2019-1162	No	No	Less Likely	Less Likely	Important	7.8	7.2
Windows DHCP Client Remote Code Execution Vulnerability
CVE-2019-0736	No	No	Less Likely	Less Likely	Critical	9.8	8.8
Windows DHCP Server Denial of Service Vulnerability
CVE-2019-1206	No	No	Less Likely	Less Likely	Important	7.5	6.7
CVE-2019-1212	No	No	Less Likely	Less Likely	Important	9.8	8.8
Windows DHCP Server Remote Code Execution Vulnerability
CVE-2019-1213	No	No	-	-	Critical	9.8	8.8
Windows Denial of Service Vulnerability
CVE-2019-0716	No	No	Less Likely	Less Likely	Important	5.8	5.2
Windows Elevation of Privilege Vulnerability
CVE-2019-1173	No	No	More Likely	More Likely	Important	7.0	6.3
CVE-2019-1174	No	No	More Likely	More Likely	Important	7.0	6.3
CVE-2019-1175	No	No	More Likely	More Likely	Important	7.0	6.3
CVE-2019-1178	No	No	Less Likely	Less Likely	Important	7.0	6.3
CVE-2019-1179	No	No	Less Likely	Less Likely	Important	7.0	6.3
CVE-2019-1180	No	No	Less Likely	Less Likely	Important	7.0	6.3
CVE-2019-1177	No	No	Less Likely	Less Likely	Important	7.0	6.3
CVE-2019-1184	No	No	More Likely	More Likely	Important	6.7	6.0
CVE-2019-1186	No	No	Less Likely	Less Likely	Important	7.0	6.3
Windows File Signature Security Feature Bypass Vulnerability
CVE-2019-1163	No	No	Less Likely	Less Likely	Important	5.5	5.0
Windows Graphics Component Information Disclosure Vulnerability
CVE-2019-1143	No	No	Less Likely	Less Likely	Important	5.5	5.0
CVE-2019-1154	No	No	-	-	Important	5.5	5.0
CVE-2019-1158	No	No	Less Likely	Less Likely	Important	5.5	5.0
Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0714	No	No	Less Likely	Less Likely	Important	5.8	5.2
CVE-2019-0715	No	No	Less Likely	Less Likely	Important	5.8	5.2
CVE-2019-0717	No	No	Less Likely	Less Likely	Important	5.8	5.2
CVE-2019-0718	No	No	Less Likely	Less Likely	Important	5.8	5.2
CVE-2019-0723	No	No	Less Likely	Less Likely	Important	5.8	5.2
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-0965	No	No	Less Likely	Less Likely	Critical	7.6	6.8
Windows Image Elevation of Privilege Vulnerability
CVE-2019-1190	No	No	Less Likely	Less Likely	Important	7.8	7.0
Windows Information Disclosure Vulnerability
CVE-2019-1172	No	No	Less Likely	Less Likely	Important	4.3	3.9
Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-1159	No	No	More Likely	More Likely	Important	7.8	7.0
CVE-2019-1164	No	No	More Likely	More Likely	Important	7.8	7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2019-1227	No	No	Less Likely	Less Likely	Important	5.5	5.0
CVE-2019-1228	No	No	-	-	Important	5.5	5.0
Windows NTFS Elevation of Privilege Vulnerability
CVE-2019-1170	No	No	More Likely	More Likely	Important	7.9	7.1
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2019-1223	No	No	More Likely	More Likely	Important	7.5	6.7
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2019-1185	No	No	-	-	Important
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2019-1183	No	No	Less Likely	Less Likely	Critical	7.5	6.7
XmlLite Runtime Denial of Service Vulnerability
CVE-2019-1187	No	No	Less Likely	Less Likely	Important	5.5	5.0

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

Keywords:

0 comment(s)

Internet Storm Center

August 2019 Microsoft Patch Tuesday

Comments