Microsoft Released September Patches to Fix 81 Security Vulnerabilities
Total Page:16
File Type:pdf, Size:1020Kb
Microsoft Released September Patches to Fix 81 Security Vulnerabilities Threat Alert Overview Microsoft released the Spetember 2019 security patch on Tuesday that fixes 81 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, .NET Framework, Active Directory, Adobe Flash Player, ASP.NET, Common Log File System Driver, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Yammer, Project Rome, Servicing Stack Updates, Skype for Business and Microsoft Lync, Team Foundation Server, Visual Studio, Windows Hyper-V, Windows Kernel, and Windows RDP. Details can be found in the following table. Product CVE ID CVE Title Severity Level @NSFOCUS 2019 http://www.nsfocus.com .NET Core Denial-of-Service .NET Core CVE-2019-1301 Important Vulnerability .NET Framework Privilege .NET Framework CVE-2019-1142 Important Escalation Vulnerability Active Directory Federation Active Directory CVE-2019-1273 Important Services XSS Vulnerability September 2019 Adobe Flash Adobe Flash Player ADV190022 Critical Security Update ASP.NET Core Elevation Of ASP.NET CVE-2019-1302 Important Privilege Vulnerability Windows Common Log File Common Log File System Driver CVE-2019-1214 System Driver Privilege Escalation Important Vulnerability Windows Common Log File Common Log File System Driver CVE-2019-1282 System Driver Information Important Disclosure Vulnerability @NSFOCUS 2019 http://www.nsfocus.com Microsoft Browser Security Feature Microsoft Browsers CVE-2019-1220 Important Bypass Vulnerability Microsoft Edge based on Edge Microsoft Edge CVE-2019-1299 HTML Information Disclosure Important Vulnerability Microsoft Exchange Denial-of- Microsoft Exchange Server CVE-2019-1233 Important Service Vulnerability Microsoft Exchange Spoofing Microsoft Exchange Server CVE-2019-1266 Important Vulnerability DirectX Information Disclosure Microsoft Graphics Component CVE-2019-1216 Important Vulnerability DirectWrite Information Disclosure Microsoft Graphics Component CVE-2019-1244 Important Vulnerability DirectWrite Information Disclosure Microsoft Graphics Component CVE-2019-1245 Important Vulnerability @NSFOCUS 2019 http://www.nsfocus.com DirectWrite Information Disclosure Microsoft Graphics Component CVE-2019-1251 Important Vulnerability Windows GDI Information Microsoft Graphics Component CVE-2019-1252 Important Disclosure Vulnerability Microsoft Graphics Components Microsoft Graphics Component CVE-2019-1283 Information Disclosure Important Vulnerability DirectX Privilege Escalation Microsoft Graphics Component CVE-2019-1284 Important Vulnerability Windows GDI Information Microsoft Graphics Component CVE-2019-1286 Important Disclosure Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1240 Important Execution Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1241 Important Execution Vulnerability @NSFOCUS 2019 http://www.nsfocus.com Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1242 Important Execution Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1243 Important Execution Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1246 Important Execution Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1247 Important Execution Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1248 Important Execution Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1249 Important Execution Vulnerability Jet Database Engine Remote Code Microsoft JET Database Engine CVE-2019-1250 Important Execution Vulnerability @NSFOCUS 2019 http://www.nsfocus.com Microsoft Excel Remote Code Microsoft Office CVE-2019-1297 Important Execution Vulnerability Microsoft Excel Information Microsoft Office CVE-2019-1263 Important Disclosure Vulnerability Microsoft Office Security Feature Microsoft Office CVE-2019-1264 Important Bypass Vulnerability Microsoft SharePoint Remote Code Microsoft Office SharePoint CVE-2019-1257 Critical Execution Vulnerability Microsoft SharePoint Spoofing Microsoft Office SharePoint CVE-2019-1259 Moderate Vulnerability Microsoft SharePoint Privilege Microsoft Office SharePoint CVE-2019-1260 Important Escalation Vulnerability Microsoft SharePoint Spoofing Microsoft Office SharePoint CVE-2019-1261 Important Vulnerability @NSFOCUS 2019 http://www.nsfocus.com Microsoft Office SharePoint XSS Microsoft Office SharePoint CVE-2019-1262 Important Vulnerability Microsoft SharePoint Remote Code Microsoft Office SharePoint CVE-2019-1295 Critical Execution Vulnerability Microsoft SharePoint Remote Code Microsoft Office SharePoint CVE-2019-1296 Critical Execution Vulnerability Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-1138 Moderate Corruption Vulnerability Microsoft Scripting Engine CVE-2019-1208 VBScript Remote Code Execution Critical Vulnerability Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-1217 Critical Corruption Vulnerability Scripting Engine Memory Microsoft Scripting Engine CVE-2019-1221 Critical Corruption Vulnerability VBScript Remote Code Execution Microsoft Scripting Engine CVE-2019-1236 Critical Vulnerability @NSFOCUS 2019 http://www.nsfocus.com Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-1237 Critical Corruption Vulnerability Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-1298 Moderate Corruption Vulnerability Chakra Scripting Engine Memory Microsoft Scripting Engine CVE-2019-1300 Critical Corruption Vulnerability Windows Privilege Escalation Microsoft Windows CVE-2019-1215 Important Vulnerability Windows Transaction Manager Microsoft Windows CVE-2019-1219 Information Disclosure Important Vulnerability Microsoft Compatibility Appraiser Microsoft Windows CVE-2019-1267 Important Privilege Escalation Vulnerability Winlogon Privilege Escalation Microsoft Windows CVE-2019-1268 Important Vulnerability @NSFOCUS 2019 http://www.nsfocus.com Windows ALPC Privilege Microsoft Windows CVE-2019-1269 Important Escalation Vulnerability Microsoft Windows Store Installer Microsoft Windows CVE-2019-1270 Important Privilege Escalation Vulnerability Windows Media Privilege Microsoft Windows CVE-2019-1271 Important Escalation Vulnerability Windows ALPC Privilege Microsoft Windows CVE-2019-1272 Important Escalation Vulnerability Windows Text Service Framework Microsoft Windows CVE-2019-1235 Important Privilege Escalation Vulnerability Windows Privilege Escalation Microsoft Windows CVE-2019-1253 Important Vulnerability Windows Audio Service Privilege Microsoft Windows CVE-2019-1277 Important Escalation Vulnerability @NSFOCUS 2019 http://www.nsfocus.com Windows Privilege Escalation Microsoft Windows CVE-2019-1278 Important Vulnerability LNK Remote Code Execution Microsoft Windows CVE-2019-1280 Critical Vulnerability Windows Network Connectivity Microsoft Windows CVE-2019-1287 Assistant Privilege Escalation Important Vulnerability Windows Update Delivery Microsoft Windows CVE-2019-1289 Optimization Privilege Escalation Important Vulnerability Windows Denial-of-Service Microsoft Windows CVE-2019-1292 Important Vulnerability Windows Secure Boot Security Microsoft Windows CVE-2019-1294 Important Feature Bypass Vulnerability Windows Privilege Escalation Microsoft Windows CVE-2019-1303 Important Vulnerability @NSFOCUS 2019 http://www.nsfocus.com Microsoft Yammer Security Microsoft Yammer CVE-2019-1265 Important Feature Bypass Vulnerability Rome SDK Information Disclosure Project Rome CVE-2019-1231 Important Vlunerability Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical Lync 2013 Information Disclosure Skype for Business and Microsoft Lync CVE-2019-1209 Important Vlunerability Team Foundation Server Cross-site Team Foundation Server CVE-2019-1305 Important Scripting Vulnerability Azure DevOps and Team Team Foundation Server CVE-2019-1306 Foundation Server Remote Code Critical Execution Vulnerability Diagnostics Hub Standard Visual Studio CVE-2019-1232 Collector Service Privilege Important Escalation Vulnerability @NSFOCUS 2019 http://www.nsfocus.com Windows Hyper-V Denial-of- Windows Hyper-V CVE-2019-0928 Important Service Vulnerability Windows Hyper-V Information Windows Hyper-V CVE-2019-1254 Important Disclosure Vulnerability Windows Kernel Information Windows Kernel CVE-2019-1274 Important Disclosure Vulnerability Win32k Privilege Escalation Windows Kernel CVE-2019-1256 Important Vulnerability Win32k Privilege Escalation Windows Kernel CVE-2019-1285 Important Vulnerability Windows SMB Client Driver Windows Kernel CVE-2019-1293 Information Disclosure Important Vulnerability Remote Desktop Client Remote Windows RDP CVE-2019-0787 Critical Code Execution Vulnerability @NSFOCUS 2019 http://www.nsfocus.com Remote Desktop Client Remote Windows RDP CVE-2019-0788 Critical Code Execution Vulnerability Remote Desktop Client Remote Windows RDP CVE-2019-1290 Critical Code Execution Vulnerability Remote Desktop Client Remote Windows RDP CVE-2019-1291 Critical Code Execution Vulnerability Recommended Mitigation Measures Microsoft has released security updates to fix these issues. Please download and install them as soon as possible. @NSFOCUS 2019 http://www.nsfocus.com Appendix ADV190022 - September 2019 Adobe