Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: August 2019 Microsoft Patch Tuesday SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
August 2019 Microsoft Patch Tuesday

This month we got patches for 93 vulnerabilities total. According to Microsoft, none of them are being exploited.

Amongst critical vulnerabilities, it's worth mentioning CVE-2019-1181 and 2019-1182, which affects Remote Desktop Services (RDS) - formerly known as Terminal Services.

These vulnerabilities are pre-authentication and require no user interaction. Thus, just like Bluekeep, they are wormable.

The affected versions are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions. Windows XP, Windows Server 2003, and Windows Server 2008 are not affected.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

August 2019 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-1131 No No - - Critical 4.2 3.8
CVE-2019-1139 No No - - Critical 4.2 3.8
CVE-2019-1140 No No - - Critical 4.2 3.8
CVE-2019-1141 No No - - Critical 4.2 3.8
CVE-2019-1195 No No - - Critical 4.2 3.8
CVE-2019-1196 No No - - Critical 4.2 3.8
CVE-2019-1197 No No - - Critical 4.2 3.8
DirectX Elevation of Privilege Vulnerability
CVE-2019-1176 No No Less Likely Less Likely Important 7.0 6.3
Dynamics On-Premise Elevation of Privilege Vulnerability
CVE-2019-1229 No No Less Likely Less Likely Important    
Encryption Key Negotiation of Bluetooth Vulnerability
CVE-2019-9506 No No Less Likely Less Likely Important 9.3 8.1
Git for Visual Studio Elevation of Privilege Vulnerability
CVE-2019-1211 No No Less Likely Less Likely Important    
HTTP/2 Server Denial of Service Vulnerability
CVE-2019-9511 No No Less Likely Less Likely Important 7.5 6.7
CVE-2019-9512 No No Less Likely Less Likely Important 7.5 6.7
CVE-2019-9513 No No Less Likely Less Likely Important 7.5 6.7
CVE-2019-9514 No No Less Likely Less Likely Important 7.5 6.7
CVE-2019-9518 No No Less Likely Less Likely Important 7.5 6.7
Hyper-V Remote Code Execution Vulnerability
CVE-2019-0720 No No Less Likely Less Likely Critical 8.0 7.2
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1146 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1147 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1155 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1156 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1157 No No Less Likely Less Likely Important 7.8 7.0
LNK Remote Code Execution Vulnerability
CVE-2019-1188 No No Less Likely Less Likely Critical 7.5 6.7
MS XML Remote Code Execution Vulnerability
CVE-2019-1057 No No Less Likely Less Likely Important 6.4 5.8
Microsoft Browser Memory Corruption Vulnerability
CVE-2019-1193 No No Less Likely Less Likely Important 6.4 5.8
Microsoft Browsers Security Feature Bypass Vulnerability
CVE-2019-1192 No No More Likely More Likely Important 2.4 2.2
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2019-1161 No No Less Likely Less Likely Important    
Microsoft Edge Information Disclosure Vulnerability
CVE-2019-1030 No No - - Important 4.3 3.9
Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2019-1078 No No More Likely More Likely Important 5.5 5.0
CVE-2019-1148 No No Less Likely Less Likely Important 5.5 5.0
CVE-2019-1153 No No Less Likely Less Likely Important 5.5 5.0
Microsoft Graphics Remote Code Execution Vulnerability
CVE-2019-1144 No No Less Likely Less Likely Critical 8.8 7.9
CVE-2019-1145 No No Less Likely Less Likely Critical 8.8 7.9
CVE-2019-1149 No No Less Likely Less Likely Critical 8.8 7.9
CVE-2019-1150 No No Less Likely Less Likely Critical 8.8 7.9
CVE-2019-1151 No No Less Likely Less Likely Critical 8.8 7.9
CVE-2019-1152 No No Less Likely Less Likely Critical 8.8 7.9
Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
ADV190023 Yes No - -      
Microsoft Live Accounts Elevation of Privilege Vulnerability
ADV190014 No No - - Important    
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-1203 No No Less Likely Less Likely Important    
Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2019-1204 No No More Likely More Likely Important    
Microsoft Outlook Memory Corruption Vulnerability
CVE-2019-1199 No No More Likely More Likely Critical    
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2019-1200 No No Less Likely Less Likely Critical    
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2019-1202 No No Less Likely Less Likely Important    
Microsoft Windows Elevation of Privilege Vulnerability
CVE-2019-1198 No No Less Likely Less Likely Important 6.5 5.9
Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability
CVE-2019-1168 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Word Remote Code Execution Vulnerability
CVE-2019-1201 No No More Likely More Likely Critical    
CVE-2019-1205 No No Less Likely Less Likely Critical    
Outlook iOS Spoofing Vulnerability
CVE-2019-1218 No No - - Important    
Remote Desktop Protocol Server Information Disclosure Vulnerability
CVE-2019-1224 No No More Likely More Likely Important 7.5 6.7
CVE-2019-1225 No No More Likely More Likely Important 7.5 6.7
Remote Desktop ServicesRemote Code Execution Vulnerability
CVE-2019-1181 No No More Likely More Likely Critical 9.8 8.8
CVE-2019-1182 No No More Likely More Likely Critical 9.8 8.8
CVE-2019-1222 No No More Likely More Likely Critical 9.8 8.8
CVE-2019-1226 No No More Likely More Likely Critical 9.8 8.8
Scripting Engine Memory Corruption Vulnerability
CVE-2019-1133 No No Less Likely Less Likely Critical 6.4 5.8
CVE-2019-1194 No No Less Likely Less Likely Critical 6.4 5.8
SymCrypt Information Disclosure Vulnerability
CVE-2019-1171 No No Less Likely Less Likely Important 5.6 5.1
Win32k Elevation of Privilege Vulnerability
CVE-2019-1169 No No - - Important 7.8 7.0
Windows ALPC Elevation of Privilege Vulnerability
CVE-2019-1162 No No Less Likely Less Likely Important 7.8 7.2
Windows DHCP Client Remote Code Execution Vulnerability
CVE-2019-0736 No No Less Likely Less Likely Critical 9.8 8.8
Windows DHCP Server Denial of Service Vulnerability
CVE-2019-1206 No No Less Likely Less Likely Important 7.5 6.7
CVE-2019-1212 No No Less Likely Less Likely Important 9.8 8.8
Windows DHCP Server Remote Code Execution Vulnerability
CVE-2019-1213 No No - - Critical 9.8 8.8
Windows Denial of Service Vulnerability
CVE-2019-0716 No No Less Likely Less Likely Important 5.8 5.2
Windows Elevation of Privilege Vulnerability
CVE-2019-1173 No No More Likely More Likely Important 7.0 6.3
CVE-2019-1174 No No More Likely More Likely Important 7.0 6.3
CVE-2019-1175 No No More Likely More Likely Important 7.0 6.3
CVE-2019-1178 No No Less Likely Less Likely Important 7.0 6.3
CVE-2019-1179 No No Less Likely Less Likely Important 7.0 6.3
CVE-2019-1180 No No Less Likely Less Likely Important 7.0 6.3
CVE-2019-1177 No No Less Likely Less Likely Important 7.0 6.3
CVE-2019-1184 No No More Likely More Likely Important 6.7 6.0
CVE-2019-1186 No No Less Likely Less Likely Important 7.0 6.3
Windows File Signature Security Feature Bypass Vulnerability
CVE-2019-1163 No No Less Likely Less Likely Important 5.5 5.0
Windows Graphics Component Information Disclosure Vulnerability
CVE-2019-1143 No No Less Likely Less Likely Important 5.5 5.0
CVE-2019-1154 No No - - Important 5.5 5.0
CVE-2019-1158 No No Less Likely Less Likely Important 5.5 5.0
Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0714 No No Less Likely Less Likely Important 5.8 5.2
CVE-2019-0715 No No Less Likely Less Likely Important 5.8 5.2
CVE-2019-0717 No No Less Likely Less Likely Important 5.8 5.2
CVE-2019-0718 No No Less Likely Less Likely Important 5.8 5.2
CVE-2019-0723 No No Less Likely Less Likely Important 5.8 5.2
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-0965 No No Less Likely Less Likely Critical 7.6 6.8
Windows Image Elevation of Privilege Vulnerability
CVE-2019-1190 No No Less Likely Less Likely Important 7.8 7.0
Windows Information Disclosure Vulnerability
CVE-2019-1172 No No Less Likely Less Likely Important 4.3 3.9
Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-1159 No No More Likely More Likely Important 7.8 7.0
CVE-2019-1164 No No More Likely More Likely Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2019-1227 No No Less Likely Less Likely Important 5.5 5.0
CVE-2019-1228 No No - - Important 5.5 5.0
Windows NTFS Elevation of Privilege Vulnerability
CVE-2019-1170 No No More Likely More Likely Important 7.9 7.1
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2019-1223 No No More Likely More Likely Important 7.5 6.7
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2019-1185 No No - - Important    
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2019-1183 No No Less Likely Less Likely Critical 7.5 6.7
XmlLite Runtime Denial of Service Vulnerability
CVE-2019-1187 No No Less Likely Less Likely Important 5.5 5.0

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3698 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!