Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MSFT July 2019 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MSFT July 2019 Patch Tuesday

July 2019 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Denial of Service Vulnerability
CVE-2019-1083 No No Less Likely Less Likely Important    
.NET Framework Remote Code Execution Vulnerability
CVE-2019-1113 No No More Likely More Likely Critical    
ADFS Security Feature Bypass Vulnerability
CVE-2019-0975 No No Less Likely Less Likely Important 4.3 3.9
CVE-2019-1126 No No Less Likely Less Likely Important 5.3 4.8
ASP.NET Core Spoofing Vulnerability
CVE-2019-1075 No No Less Likely Less Likely Moderate    
Azure Automation Elevation of Privilege Vulnerability
CVE-2019-0962 Yes No Less Likely Less Likely Important    
Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability
CVE-2019-1072 No No Less Likely Less Likely Critical    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-1062 No No - - Critical 4.2 3.8
CVE-2019-1092 No No - - Critical 4.2 3.8
CVE-2019-1103 No No - - Critical 4.2 3.8
CVE-2019-1106 No No - - Critical 4.2 3.8
CVE-2019-1107 No No - - Critical 4.2 3.8
DirectWrite Information Disclosure Vulnerability
CVE-2019-1093 No No Less Likely Less Likely Important 5.5 5.0
CVE-2019-1097 No No Less Likely Less Likely Important 5.5 5.0
DirectWrite Remote Code Execution Vulnerability
CVE-2019-1117 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1118 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1119 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1120 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1121 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1122 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1123 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1124 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1127 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1128 No No Less Likely Less Likely Important 7.8 7.0
DirectX Elevation of Privilege Vulnerability
CVE-2019-0999 No No - - Important 7.8 7.0
Docker Elevation of Privilege Vulnerability
CVE-2018-15664 Yes No Less Likely Less Likely Important    
GDI+ Remote Code Execution Vulnerability
CVE-2019-1102 No No Less Likely Less Likely Critical 8.4 7.6
Internet Explorer Memory Corruption Vulnerability
CVE-2019-1063 No No More Likely More Likely Critical 6.4 5.8
Latest Servicing Stack Updates
ADV990001 No No - - Critical    
Microsoft Browser Memory Corruption Vulnerability
CVE-2019-1104 No No More Likely More Likely Critical 6.4 5.8
Microsoft Excel Information Disclosure Vulnerability
CVE-2019-1112 No No More Likely More Likely Important    
Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-1110 No No Less Likely Less Likely Important    
CVE-2019-1111 No No Less Likely Less Likely Important    
Microsoft Exchange Information Disclosure Vulnerability
CVE-2019-1084 No No Less Likely Less Likely Important    
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2019-1136 No No Less Likely Less Likely Important    
Microsoft Exchange Server Spoofing Vulnerability
CVE-2019-1137 No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-1134 No No Less Likely Less Likely Important    
Microsoft Office Spoofing Vulnerability
CVE-2019-1109 No No Less Likely Less Likely Important    
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2019-1068 Yes No Less Likely Less Likely Important    
Microsoft Windows Elevation of Privilege Vulnerability
CVE-2019-1074 No No More Likely More Likely Important 5.3 5.3
CVE-2019-1082 No No - - Important 7.7 7.7
Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2019-0880 No Yes Detected More Likely Important 7.0 6.3
Microsoft unistore.dll Information Disclosure Vulnerability
CVE-2019-1091 No No Less Likely Less Likely Important 5.5 5.0
Outlook on the web Cross-Site Scripting Vulnerability
ADV190021 No No - - Important    
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2019-1108 No No More Likely More Likely Important 6.5 5.9
Remote Desktop Services Remote Code Execution Vulnerability
CVE-2019-0887 Yes No More Likely More Likely Important 8.0 7.2
Scripting Engine Memory Corruption Vulnerability
CVE-2019-1056 No No - - Critical 6.4 5.8
CVE-2019-1059 No No Less Likely Less Likely Critical 6.4 5.8
CVE-2019-1001 No No More Likely More Likely Critical 6.4 5.8
CVE-2019-1004 No No More Likely More Likely Critical 6.4 5.8
SymCrypt Denial of Service Vulnerability
CVE-2019-0865 Yes No Less Likely Less Likely Important 7.5 6.7
Team Foundation Server Cross-site Scripting Vulnerability
CVE-2019-1076 No No Less Likely Less Likely Important    
Visual Studio Elevation of Privilege Vulnerability
CVE-2019-1077 No No Less Likely Less Likely Important    
Visual Studio Information Disclosure Vulnerability
CVE-2019-1079 No No Less Likely Less Likely Important    
WCF/WIF SAML Token Authentication Bypass Vulnerability
CVE-2019-1006 No No Less Likely Less Likely Important    
Win32k Elevation of Privilege Vulnerability
CVE-2019-1132 No Yes - - Important 7.8 7.2
Win32k Information Disclosure Vulnerability
CVE-2019-1096 No No Less Likely Less Likely Important 5.5 5.0
Windows Audio Service Elevation of Privilege Vulnerability
CVE-2019-1086 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1087 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1088 No No Less Likely Less Likely Important 7.8 7.0
Windows DHCP Server Remote Code Execution Vulnerability
CVE-2019-0785 No No Less Likely Less Likely Critical 9.8 8.8
Windows DNS Server Denial of Service Vulnerability
CVE-2019-0811 No No Less Likely Less Likely Important 7.5 6.7
Windows Elevation of Privilege Vulnerability
CVE-2019-1129 Yes No More Likely More Likely Important 7.8 7.0
CVE-2019-1130 No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2019-1037 No No Less Likely Less Likely Important 7.0 6.3
Windows GDI Information Disclosure Vulnerability
CVE-2019-1094 No No Less Likely Less Likely Important 5.5 5.0
CVE-2019-1095 No No Less Likely Less Likely Important 5.5 5.0
CVE-2019-1098 No No - - Important 5.5 5.0
CVE-2019-1099 No No - - Important 5.5 5.0
CVE-2019-1100 No No - - Important 5.5 5.0
CVE-2019-1101 No No - - Important 5.5 5.0
CVE-2019-1116 No No - - Important 5.5 5.0
Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0966 No No Less Likely Less Likely Important 6.8 6.1
Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-1067 No No More Likely More Likely Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2019-1071 No No More Likely More Likely Important 5.5 5.0
CVE-2019-1073 No No More Likely More Likely Important 5.5 5.0
Windows RPCSS Elevation of Privilege Vulnerability
CVE-2019-1089 No No More Likely More Likely Important 7.8 7.0
Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2019-1085 No No Less Likely Less Likely Important 7.8 7.0
Windows dnsrlvr.dll Elevation of Privilege Vulnerability
CVE-2019-1090 No No Less Likely Less Likely Important 7.8 7.0

 

--
John Bambenek
bambenek \at\ gmail /dot/ com
ThreatSTOP

 John

258 Posts
ISC Handler
Subscribe Jul 9th 2019
10 months ago
Thanks guys! Its great to have the chart above but the CVEs are mostly NOT live in the NVD. It would be more helpful to have the links to the MSFT security advisory or KB
 Anonymous
Quote Jul 9th 2019
10 months ago

Sign Up for Free or Log In to start participating in the conversation!