Microsoft September 2019 Patch Tuesday
This month we got patches for 79 vulnerabilities total. Two of them (CVE-2019-1214 and CVE-2019-1215) are being exploited, and three were previously disclosed (CVE-2019-1253, CVE-2019-1235, and CVE-2019-1294).
The exploited vulnerabilities (CVE-2019-1214 and CVE-2019-1215) affects Windows Common Log File System (CLFS) driver and ws2ifsl.sys (Winsock), respectively. Both are privilege escalation vulnerabilities and may allow a local attacker to run processes in elevated privileges.
Amongst critical vulnerabilities, it's worth mentioning the LNK Remote Code Execution Vulnerability (CVE-2019-1280). It could allow remote code execution if an .LNK file is processed. An attacker may exploit this vulnerability by presenting the user a removable drive or a remote share containing a malicious.LNK file associated with a malicious binary. Once the user opens the drive (removable or shared), the malicious binary will execute on the user's system. Notice that the user doesn't need to execute the LNK file. It is enough to have the malicious .LNK parsed by Windows Explorer or any other application that parses .LNK files.
See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
.NET Core Denial of Service Vulnerability | |||||||
CVE-2019-1301 | No | No | Less Likely | Less Likely | Important | ||
.NET Framework Elevation of Privilege Vulnerability | |||||||
CVE-2019-1142 | No | No | Less Likely | Less Likely | Important | ||
ASP.NET Core Elevation Of Privilege Vulnerability | |||||||
CVE-2019-1302 | No | No | Less Likely | Less Likely | Important | ||
Active Directory Federation Services XSS Vulnerability | |||||||
CVE-2019-1273 | No | No | Less Likely | Less Likely | Important | 8.2 | 7.4 |
Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability | |||||||
CVE-2019-1306 | No | No | Less Likely | Less Likely | Critical | ||
Chakra Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2019-1138 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2019-1217 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2019-1237 | No | No | Less Likely | Less Likely | Critical | 4.2 | 3.8 |
CVE-2019-1298 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2019-1300 | No | No | - | - | Critical | 4.2 | 3.8 |
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | |||||||
CVE-2019-1232 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
DirectWrite Information Disclosure Vulnerability | |||||||
CVE-2019-1244 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2019-1245 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
CVE-2019-1251 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
DirectX Elevation of Privilege Vulnerability | |||||||
CVE-2019-1284 | No | No | - | - | Important | 7.8 | 7.0 |
DirectX Information Disclosure Vulnerability | |||||||
CVE-2019-1216 | No | No | - | - | Important | 5.5 | 5.1 |
Jet Database Engine Remote Code Execution Vulnerability | |||||||
CVE-2019-1240 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1241 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1242 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1243 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1246 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1247 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1248 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1249 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1250 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
LNK Remote Code Execution Vulnerability | |||||||
CVE-2019-1280 | No | No | Less Likely | Less Likely | Critical | 7.3 | 6.6 |
Latest Servicing Stack Updates | |||||||
ADV990001 | No | No | - | - | Critical | ||
Lync 2013 Information Disclosure Vulnerability | |||||||
CVE-2019-1209 | No | No | - | - | Important | ||
Microsoft Browser Security Feature Bypass Vulnerability | |||||||
CVE-2019-1220 | No | No | Less Likely | Less Likely | Important | 2.4 | 2.2 |
Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability | |||||||
CVE-2019-1267 | No | No | Less Likely | Less Likely | Important | 7.3 | 6.6 |
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | |||||||
CVE-2019-1299 | No | No | - | - | Important | 4.3 | 3.9 |
Microsoft Excel Information Disclosure Vulnerability | |||||||
CVE-2019-1263 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2019-1297 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Exchange Denial of Service Vulnerability | |||||||
CVE-2019-1233 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Exchange Spoofing Vulnerability | |||||||
CVE-2019-1266 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Graphics Components Information Disclosure Vulnerability | |||||||
CVE-2019-1283 | No | No | - | - | Important | 5.5 | 5.0 |
Microsoft Office Security Feature Bypass Vulnerability | |||||||
CVE-2019-1264 | No | No | - | - | Important | ||
Microsoft Office SharePoint XSS Vulnerability | |||||||
CVE-2019-1262 | No | No | - | - | Important | ||
Microsoft SharePoint Elevation of Privilege Vulnerability | |||||||
CVE-2019-1260 | No | No | Less Likely | Less Likely | Important | ||
Microsoft SharePoint Remote Code Execution Vulnerability | |||||||
CVE-2019-1257 | No | No | More Likely | More Likely | Critical | ||
CVE-2019-1295 | No | No | More Likely | More Likely | Critical | ||
CVE-2019-1296 | No | No | More Likely | More Likely | Critical | ||
Microsoft SharePoint Spoofing Vulnerability | |||||||
CVE-2019-1259 | No | No | - | - | Moderate | ||
CVE-2019-1261 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Windows Store Installer Elevation of Privilege Vulnerability | |||||||
CVE-2019-1270 | No | No | Less Likely | Less Likely | Important | 6.3 | 5.7 |
Microsoft Yammer Security Feature Bypass Vulnerability | |||||||
CVE-2019-1265 | No | No | Less Likely | Less Likely | Important | ||
Remote Desktop Client Remote Code Execution Vulnerability | |||||||
CVE-2019-0787 | No | No | More Likely | More Likely | Critical | 7.5 | 6.7 |
CVE-2019-0788 | No | No | More Likely | More Likely | Critical | 7.5 | 6.7 |
CVE-2019-1290 | No | No | More Likely | More Likely | Critical | 7.5 | 6.7 |
CVE-2019-1291 | No | No | More Likely | More Likely | Critical | 7.5 | 6.7 |
Rome SDK Information Disclosure Vulnerability | |||||||
CVE-2019-1231 | No | No | Less Likely | Less Likely | Important | ||
Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2019-1221 | No | No | - | - | Critical | 6.4 | 5.8 |
September 2019 Adobe Flash Security Update | |||||||
ADV190022 | No | No | Less Likely | Less Likely | Critical | ||
Team Foundation Server Cross-site Scripting Vulnerability | |||||||
CVE-2019-1305 | No | No | Less Likely | Less Likely | Important | ||
VBScript Remote Code Execution Vulnerability | |||||||
CVE-2019-1208 | No | No | Less Likely | Less Likely | Critical | 6.4 | 5.8 |
CVE-2019-1236 | No | No | Less Likely | Less Likely | Critical | 6.4 | 5.8 |
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2019-1256 | No | No | More Likely | Unlikely | Important | 7.8 | 7.0 |
CVE-2019-1285 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
Windows ALPC Elevation of Privilege Vulnerability | |||||||
CVE-2019-1269 | No | No | Less Likely | Less Likely | Important | 6.3 | 5.7 |
CVE-2019-1272 | No | No | Less Likely | Less Likely | Important | 6.3 | 5.7 |
Windows Audio Service Elevation of Privilege Vulnerability | |||||||
CVE-2019-1277 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | |||||||
CVE-2019-1214 | No | Yes | More Likely | Unlikely | Important | 7.8 | 7.0 |
Windows Common Log File System Driver Information Disclosure Vulnerability | |||||||
CVE-2019-1282 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Denial of Service Vulnerability | |||||||
CVE-2019-1292 | No | No | Less Likely | Less Likely | Important | 5.8 | 5.2 |
Windows Elevation of Privilege Vulnerability | |||||||
CVE-2019-1215 | No | Yes | More Likely | More Likely | Important | 7.8 | 7.0 |
CVE-2019-1253 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1278 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1303 | No | No | Less Likely | Less Likely | Important | ||
Windows GDI Information Disclosure Vulnerability | |||||||
CVE-2019-1252 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
CVE-2019-1286 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Hyper-V Denial of Service Vulnerability | |||||||
CVE-2019-0928 | No | No | - | - | Important | 5.4 | 4.9 |
Windows Hyper-V Information Disclosure Vulnerability | |||||||
CVE-2019-1254 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Kernel Information Disclosure Vulnerability | |||||||
CVE-2019-1274 | No | No | Less Likely | Less Likely | Important | 6.3 | 5.7 |
Windows Media Elevation of Privilege Vulnerability | |||||||
CVE-2019-1271 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Windows Network Connectivity Assistant Elevation of Privilege Vulnerability | |||||||
CVE-2019-1287 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows SMB Client Driver Information Disclosure Vulnerability | |||||||
CVE-2019-1293 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Secure Boot Security Feature Bypass Vulnerability | |||||||
CVE-2019-1294 | Yes | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
Windows Text Service Framework Elevation of Privilege Vulnerability | |||||||
CVE-2019-1235 | Yes | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Transaction Manager Information Disclosure Vulnerability | |||||||
CVE-2019-1219 | No | No | More Likely | More Likely | Important | 5.5 | 5.0 |
Windows Update Delivery Optimization Elevation of Privilege Vulnerability | |||||||
CVE-2019-1289 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
Winlogon Elevation of Privilege Vulnerability | |||||||
CVE-2019-1268 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.9 |
Total Vulnerabilities: 79
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments