Zero-Day 2019- Úvod Graf Katal

Zero-Day 2019- Úvod Graf Katalog Zranitelností OWASP Webové útoky (103) Vulnerebility Web Vul. Top 50 in years CVE Defination ATT&CK Matrix for Enterprise

2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009

Microsoft Patch Tuesday – December 2019
This month the vendor has patched 36 vulnerabilities, 7 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the December 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Microsoft Office
Microsoft Windows
Microsoft Hyper-V
Graphics Device Interface (GDI)
Microsoft Windows Kernel
SQL Server
Visual Studio
Microsoft Authentication Library for Android
Microsoft Defender
Skype for Business Server

The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Internet Explorer

VBScript Remote Code Execution Vulnerability (CVE-2019-1485) MS Rating: Important

Cumulative Security Update for Microsoft Office

Microsoft Word Denial of Service Vulnerability (CVE-2019-1461) MS Rating: Important

A denial of service vulnerability exists in Microsoft Word software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.

Microsoft PowerPoint Remote Code Execution Vulnerability (CVE-2019-1462) MS Rating: Important

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Access Information Disclosure Vulnerability (CVE-2019-1463) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Microsoft Excel Information Disclosure Vulnerability (CVE-2019-1464) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user's computer or data.

Microsoft Access Information Disclosure Vulnerability (CVE-2019-1400) MS Rating: Important

Cumulative Security Update for Microsoft Windows Kernel

Win32k Privilege Escalation Vulnerability (CVE-2019-1458) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Win32k Information Disclosure Vulnerability (CVE-2019-1469) MS Rating: Important

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Windows Kernel Information Disclosure Vulnerability (CVE-2019-1472) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Windows Kernel Information Disclosure Vulnerability (CVE-2019-1474) MS Rating: Important

Cumulative Security Update for Microsoft Hyper-V

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-1471) MS Rating: Critical

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

Windows Hyper-V Information Disclosure Vulnerability (CVE-2019-1470) MS Rating: Important

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

Security Update for Microsoft Graphics

Win32k Graphics Remote Code Execution Vulnerability (CVE-2019-1468) MS Rating: Critical

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited this vulnerability could take control of the affected system.

Windows GDI Information Disclosure Vulnerability (CVE-2019-1465) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Windows GDI Information Disclosure Vulnerability (CVE-2019-1466) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1467) MS Rating: Important

Security Update for Microsoft Windows

Windows Privilege Escalation Vulnerability (CVE-2019-1476) MS Rating: Important

A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Printer Service Privilege Escalation Vulnerability (CVE-2019-1477) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers. An authenticated attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.

Windows COM Server Privilege Escalation Vulnerability (CVE-2019-1478) MS Rating: Important

A privilege escalation vulnerability exists when Windows improperly handles COM object creation. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

Windows Media Player Information Disclosure Vulnerability (CVE-2019-1480) MS Rating: Important

An information disclosure vulnerability exists in Windows Media Player when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

Windows Media Player Information Disclosure Vulnerability (CVE-2019-1481) MS Rating: Important

Windows Privilege Escalation Vulnerability (CVE-2019-1483) MS Rating: Important

A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows OLE Remote Code Execution Vulnerability (CVE-2019-1484) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.

Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability (CVE-2019-1453) MS Rating: Important

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding.

Remote Desktop Protocol Information Disclosure Vulnerability (CVE-2019-1489) MS Rating: Important

An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
Security Update for Microsoft SQL Server

Microsoft SQL Server Reporting Services XSS Vulnerability (CVE-2019-1332) MS Rating: Important

A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server. An attacker who successfully exploited the vulnerability could run scripts in the contect of the targeted user.

Security Update for Microsoft Visual Studio

Git for Visual Studio Remote Code Execution Vulnerability (CVE-2019-1349) MS Rating: Critical

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system.

Git for Visual Studio Remote Code Execution Vulnerability (CVE-2019-1350) MS Rating: Critical

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system.

Git for Visual Studio Remote Code Execution Vulnerability (CVE-2019-1352) MS Rating: Critical

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system.

Git for Visual Studio Remote Code Execution Vulnerability (CVE-2019-1354) MS Rating: Critical

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system.

Git for Visual Studio Remote Code Execution Vulnerability (CVE-2019-1387) MS Rating: Critical

A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input. An attacker who successfully exploited this vulnerability could take control of an affected system.

Visual Studio Live Share Spoofing Vulnerability (CVE-2019-1486) MS Rating: Important

A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host. An attacker who successfully exploited this vulnerability could cause a connected guest's computer to open a browser and navigate to a URL without consent from the guest.

Git for Visual Studio Tampering Vulnerability (CVE-2019-1351) MS Rating: Moderate

A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system.

Security Update for Microsoft Authentication Library for Android

Microsoft Authentication Library for Android Information Disclosure Vulnerability (CVE-2019-1487) MS Rating: Important

An information disclosure vulnerability in Android Apps using Microsoft Authentication Library (MSAL) 0.3.1-Alpha or later exists under specific conditions. This vulnerability could result in sensitive data being exposed.

Security Update for Microsoft Defender

Microsoft Defender Security Bypass Vulnerability (CVE-2019-1488) MS Rating: Important

A security bypass vulnerability exists when Microsoft Defender improperly handles specific buffers. An attacker could exploit the vulnerability to trigger warnings and false positives when no threat is present.
Security Update for Skype for Business Server

Skype for Business and Lync Spoofing Vulnerability (CVE-2019-1490) MS Rating: Important

A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected server.

Microsoft Patch Tuesday – November 2019
This month the vendor has patched 75 vulnerabilities, 14 of which are rated Critical.
As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the November 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Microsoft Edge
ChakraCore
Microsoft Office
Microsoft Windows
Microsoft Hyper-V
Graphics Device Interface
Jet Database Engine
Azure
Open Enclave SDK
Visual Studio
OpenType Font Driver
Microsoft Exchange
The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1426) MS Rating: Critical

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1427) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1428) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1429) MS Rating: Critical

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

VBScript Remote Code Execution Vulnerability (CVE-2019-1390) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Microsoft Edge Security Bypass Vulnerability (CVE-2019-1413) MS Rating: Important

A security bypass vulnerability exists when Microsoft Edge improperly handles extension requests and fails to request host permission for all_urls. An attacker who successfully exploited this vulnerability could trick a browser into installing an extension without the user's consent.

Cumulative Security Update for Microsoft Office

Microsoft Office Security Bypass Vulnerability (CVE-2019-1442) MS Rating: Important

A security bypass vulnerability exists when Microsoft Office does not validate URLs. An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials.

Microsoft SharePoint Information Disclosure Vulnerability (CVE-2019-1443) MS Rating: Important

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.

Microsoft Office Online Spoofing Vulnerability (CVE-2019-1445) MS Rating: Important

A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly. An attacker could exploit the vulnerability by sending a specially crafted request to an affected site.

Microsoft Excel Information Disclosure Vulnerability (CVE-2019-1446) MS Rating: Important

Microsoft Office Online Spoofing Vulnerability (CVE-2019-1447) MS Rating: Important

Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1448) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Office ClickToRun Security Bypass Vulnerability (CVE-2019-1449) MS Rating: Important

A security bypass vulnerability exists in the way that Office Click-to-Run (C2R) components handle a specially crafted file, which could lead to a standard user, any AppContainer sandbox, and Office LPAC Protected View to escalate privileges to SYSTEM. To exploit this bug, an attacker would have to run a specially crafted file.

Microsoft Access Information Disclosure Vulnerability (CVE-2019-1402) MS Rating: Important

An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Microsoft Office Excel Security Bypass Vulnerability (CVE-2019-1457) MS Rating: Important

A security bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document. This issue by itself does not allow arbitrary code execution.

Cumulative Security Update for Microsoft Windows Kernel

Win32k Graphics Remote Code Execution Vulnerability (CVE-2019-1441) MS Rating: Critical

Win32k Privilege Escalation Vulnerability (CVE-2019-1393) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2019-1394) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2019-1395) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2019-1396) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2019-1408) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2019-1434) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Win32k Information Disclosure Vulnerability (CVE-2019-1436) MS Rating: Important

Win32k Information Disclosure Vulnerability (CVE-2019-1440) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-11135) MS Rating: Important

Windows Kernel Privilege Escalation Vulnerability (CVE-2019-1392) MS Rating: Important

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Cumulative Security Update for Microsoft Hyper-V

Hyper-V Remote Code Execution Vulnerability (CVE-2019-0719) MS Rating: Critical

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system.

Hyper-V Remote Code Execution Vulnerability (CVE-2019-0721) MS Rating: Critical

A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-1389) MS Rating: Critical

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-1397) MS Rating: Critical

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-1398) MS Rating: Critical

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0712) MS Rating: Important

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system. An attacker who successfully exploited the vulnerability could cause the host server to crash.

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-1309) MS Rating: Important

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-1310) MS Rating: Important

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-1399) MS Rating: Important

A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.

Security Update for Microsoft Graphics

Windows Graphics Component Privilege Escalation Vulnerability (CVE-2019-1407) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Graphics Component Privilege Escalation Vulnerability (CVE-2019-1433) MS Rating: Important

Windows Graphics Component Privilege Escalation Vulnerability (CVE-2019-1435) MS Rating: Important

Windows Graphics Component Privilege Escalation Vulnerability (CVE-2019-1437) MS Rating: Important

Windows Graphics Component Privilege Escalation Vulnerability (CVE-2019-1438) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1439) MS Rating: Important

Security Update for Microsoft Windows

Microsoft Windows Media Foundation Remote Code Execution Vulnerability (CVE-2019-1430) MS Rating: Critical

A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

Windows TCP/IP Information Disclosure Vulnerability (CVE-2019-1324) MS Rating: Important

An information disclosure vulnerability exists when the Windows TCP/IP stack improperly handles IPv6 flowlabel filled in packets. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Windows Error Reporting Information Disclosure Vulnerability (CVE-2019-1374) MS Rating: Important

An information disclosure vulnerability exists in the way Windows Error Reporting (WER) handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2019-1379) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Microsoft splwow64 Privilege Escalation Vulnerability (CVE-2019-1380) MS Rating: Important

A local Privilege Escalation Vulnerability exists in how 'splwow64.exe' handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.

Microsoft Windows Information Disclosure Vulnerability (CVE-2019-1381) MS Rating: Important

An information disclosure vulnerability exists when the Windows Servicing Stack allows access to unprivileged file locations. An attacker who successfully exploited the vulnerability could potentially access unauthorized files.

Microsoft ActiveX Installer Service Privilege Escalation Vulnerability (CVE-2019-1382) MS Rating: Important

A privilege escalation vulnerability exists when ActiveX Installer service may allow access to files without proper authentication. An attacker who successfully exploited the vulnerability could potentially access unauthorized files.

Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2019-1383) MS Rating: Important

Microsoft Windows Security Bypass Vulnerability (CVE-2019-1384) MS Rating: Important

A security bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request.

Windows Privilege Escalation Vulnerability (CVE-2019-1385) MS Rating: Important

A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.

Windows Certificate Dialog Privilege Escalation Vulnerability (CVE-2019-1388) MS Rating: Important

A privilege escalation vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Denial of Service Vulnerability (CVE-2019-1391) MS Rating: Important

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

Windows UPnP Service Privilege Escalation Vulnerability (CVE-2019-1405) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges.

Windows Remote Procedure Call Information Disclosure Vulnerability (CVE-2019-1409) MS Rating: Important

An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

DirectWrite Information Disclosure Vulnerability (CVE-2019-1411) MS Rating: Important

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Windows Installer Privilege Escalation Vulnerability (CVE-2019-1415) MS Rating: Important

A privilege escalation vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations. To exploit the vulnerability, an attacker would require unprivileged execution on the victim system.

Windows Subsystem for Linux Privilege Escalation Vulnerability (CVE-2019-1416) MS Rating: Important

A privilege escalation vulnerability exists due to a race condition in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2019-1417) MS Rating: Important

Windows Modules Installer Service Information Disclosure Vulnerability (CVE-2019-1418) MS Rating: Important

An information vulnerability exists when Windows Modules Installer Service improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of a log file on disk.

Windows Privilege Escalation Vulnerability (CVE-2019-1420) MS Rating: Important

A privilege escalation vulnerability exists in the way that the 'dssvc.dll' handles file creation allowing for a file overwrite or creation in a secured location. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Privilege Escalation Vulnerability (CVE-2019-1422) MS Rating: Important

A privilege escalation vulnerability exists in the way that the 'iphlpsvc.dll' handles file creation allowing for a file overwrite. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Privilege Escalation Vulnerability (CVE-2019-1423) MS Rating: Important

A privilege escalation vulnerability exists in the way that the 'StartTileData.dll' handles file creation in protected locations. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

NetLogon Security Bypass Vulnerability (CVE-2019-1424) MS Rating: Important

A security bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability could downgrade aspects of the connection allowing for further modification of the transmission.

DirectWrite Information Disclosure Vulnerability (CVE-2019-1432) MS Rating: Important

Windows User Profile Service Privilege Escalation Vulnerability (CVE-2019-1454) MS Rating: Important

A privilege escalation vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context.

Windows Denial of Service Vulnerability (CVE-2018-12207) MS Rating: Important

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

Security Update for Jet Database Engine

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1406) MS Rating: Important

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

Security Update for Microsoft Exchange

Microsoft Exchange Remote Code Execution Vulnerability (CVE-2019-1373) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the logged in user.

Security Update for Azure

Azure Stack Spoofing Vulnerability (CVE-2019-1234) MS Rating: Important

A spoofing vulnerability exists when Azure Stack fails to validate certain requests. An attacker who successfully exploited the vulnerability could make requests to internal Azure Stack resources.

Security Update for Open Enclave SDK

Open Enclave SDK Information Disclosure Vulnerability (CVE-2019-1370) MS Rating: Important

An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information stored in the Enclave.

Security Update for Visual Studio

Visual Studio Privilege Escalation Vulnerability (CVE-2019-1425) MS Rating: Important

A privilege escalation vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files. An attacker who successfully exploited this vulnerability could overwrite arbitrary files in the security context of the local system.

Security Update for OpenType Font Driver

OpenType Font Parsing Remote Code Execution Vulnerability (CVE-2019-1419) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely.

OpenType Font Driver Information Disclosure Vulnerability (CVE-2019-1412) MS Rating: Important

An information disclosure vulnerability exists in Windows 'Adobe Type Manager Font Driver (ATMFD.dll)' when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

OpenType Font Parsing Remote Code Execution Vulnerability (CVE-2019-1456) MS Rating: Important

Microsoft Patch Tuesday – October 2019
This month the vendor has patched 59 vulnerabilities, 9 of which are rated Critical.
This month the vendor has patched 59 vulnerabilities, 9 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the October 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Microsoft Edge
ChakraCore
Microsoft Office
Microsoft Windows
Microsoft Hyper-V
Graphics Device Interface
Jet Database Engine
Azure App Service
Open Enclave SDK
Microsoft Dynamics 365
SQL Server Management Studio
The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

VBScript Remote Code Execution Vulnerability (CVE-2019-1238) MS Rating: Critical

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

VBScript Remote Code Execution Vulnerability (CVE-2019-1239) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1307) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1308) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1335) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1366) MS Rating: Critical

Microsoft Edge Spoofing Vulnerability (CVE-2019-0608) MS Rating: Important

A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries.

Microsoft Edge based on Edge HTML Information Disclosure Vulnerability (CVE-2019-1356) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Microsoft Browser Spoofing Vulnerability (CVE-2019-1357) MS Rating: Important

A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies. An attacker who successfully exploited this vulnerability could trick a browser into overwriting a secure cookie with an insecure cookie.

Internet Explorer Memory Corruption Vulnerability (CVE-2019-1371) MS Rating: Important

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Cumulative Security Update for Microsoft Office

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1070) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected SharePoint server.

Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1327) MS Rating: Important

Microsoft SharePoint Spoofing Vulnerability (CVE-2019-1328) MS Rating: Important

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected SharePoint server.

Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2019-1329) MS Rating: Important

A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected SharePoint server.

Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2019-1330) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server.

Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1331) MS Rating: Important

Cumulative Security Update for Microsoft Windows Kernel

Windows Kernel Information Disclosure Vulnerability (CVE-2019-1334) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-1345) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2019-1362) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2019-1364) MS Rating: Important

Cumulative Security Update for Microsoft Hyper-V

Hyper-V Information Disclosure Vulnerability (CVE-2019-1230) MS Rating: Important

An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

Security Update for Microsoft Graphics

Microsoft Graphics Components Information Disclosure Vulnerability (CVE-2019-1361) MS Rating: Important

An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation.

Windows GDI Information Disclosure Vulnerability (CVE-2019-1363) MS Rating: Important

An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

Security Update for Microsoft Windows

Remote Desktop Client Remote Code Execution Vulnerability (CVE-2019-1333) MS Rating: Critical

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client.

MS XML Remote Code Execution Vulnerability (CVE-2019-1060) MS Rating: Critical

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user's system.

Windows NTLM Tampering Vulnerability (CVE-2019-1166) MS Rating: Important

Windows Imaging API Remote Code Execution Vulnerability (CVE-2019-1311) MS Rating: Important

A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.

Windows 10 Mobile Security Bypass Vulnerability (CVE-2019-1314) MS Rating: Important

A security bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen. An attacker who successfully exploited this vulnerability could access the photo library of an affected phone and modify or delete photos without authenticating to the system.

Windows Error Reporting Manager Privilege Escalation Vulnerability (CVE-2019-1315) MS Rating: Important

A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

Microsoft Windows Setup Privilege Escalation Vulnerability (CVE-2019-1316) MS Rating: Important

A privilege escalation vulnerability exists in the Microsoft Windows Setup when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Microsoft Windows Denial of Service Vulnerability (CVE-2019-1317) MS Rating: Important

A denial of service vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

Microsoft Windows Spoofing Vulnerability (CVE-2019-1318) MS Rating: Important

A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions. An attacker who successfully exploited this vulnerability may gain access to unauthorized information.

Windows Error Reporting Privilege Escalation Vulnerability (CVE-2019-1319) MS Rating: Important

A privilege escalation vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.

Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1320) MS Rating: Important

A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Microsoft Windows CloudStore Privilege Escalation Vulnerability (CVE-2019-1321) MS Rating: Important

A privilege escalation vulnerability exists when Windows 'CloudStore' improperly handles file Discretionary Access Control List (DACL). An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1322) MS Rating: Important

Microsoft Windows Update Client Privilege Escalation Vulnerability (CVE-2019-1323) MS Rating: Important

A privilege escalation vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Redirected Drive Buffering System Privilege Escalation Vulnerability (CVE-2019-1325) MS Rating: Important

A privilege escalation vulnerability exists in the Windows redirected drive buffering system ('rdbss.sys') when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems.

Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability (CVE-2019-1326) MS Rating: Important

Microsoft Windows Update Client Privilege Escalation Vulnerability (CVE-2019-1336) MS Rating: Important

Microsoft Windows Update Client Information Disclosure Vulnerability (CVE-2019-1337) MS Rating: Important

An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process.

Microsoft Windows NTLM Security Bypass Vulnerability (CVE-2019-1338) MS Rating: Important

A security bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.

Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1339) MS Rating: Important

Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1340) MS Rating: Important

A privilege escalation vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system.

Windows Power Service Privilege Escalation Vulnerability (CVE-2019-1341) MS Rating: Important

A privilege escalation vulnerability exists when umpo. dll of the Power Service, improperly handles a Registry Restore Key function.

Windows Error Reporting Manager Privilege Escalation Vulnerability (CVE-2019-1342) MS Rating: Important

A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status.

Microsoft Windows Denial of Service Vulnerability (CVE-2019-1343) MS Rating: Important

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

Microsoft Windows Code Integrity Module Information Disclosure Vulnerability (CVE-2019-1344) MS Rating: Important

An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Microsoft Windows Denial of Service Vulnerability (CVE-2019-1346) MS Rating: Important

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

Microsoft Windows Denial of Service Vulnerability (CVE-2019-1347) MS Rating: Important

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

Microsoft IIS Server Privilege Escalation Vulnerability (CVE-2019-1365) MS Rating: Important

A privilege escalation vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of 'NT AUTHORITY\system' escaping the Sandbox.

Microsoft Windows Secure Boot Security Bypass Vulnerability (CVE-2019-1368) MS Rating: Important

A security bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. An attacker who successfully exploited this vulnerability could disclose protected kernel memory.

Security Update for Jet Database Engine

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1358) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1359) MS Rating: Important

Security Update for SQL Server Management Studio

SQL Server Management Studio Information Disclosure Vulnerability (CVE-2019-1313) MS Rating: Important

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database.

SQL Server Management Studio Information Disclosure Vulnerability (CVE-2019-1376) MS Rating: Important

Security Update for Azure App Service

Azure App Service Remote Code Execution Vulnerability (CVE-2019-1372) MS Rating: Critical

An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.

Security Update for Microsoft Dynamics 365 (On-Premise)

Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability (CVE-2019-1375) MS Rating: Important

A cross site scripting vulnerability because it fails to properly sanitize user-supplied input. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected Dynamics server.

Security Update for Open Enclave SDK

Open Enclave SDK Information Disclosure Vulnerability (CVE-2019-1369) MS Rating: Important

Microsoft Patch Tuesday – September 2019
This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.
This month the vendor has patched 79 vulnerabilities, 18 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the September 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Microsoft Edge
ChakraCore
Microsoft Office
Microsoft Windows
Microsoft Hyper-V
Graphics Device Interface (GDI)
Jet Database Engine
Microsoft Lync Server
Azure DevOps and Team Foundation Server
Yammer for Android
Rome SDK Microsoft
Microsoft .NET
Microsoft Exchange Server
The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1138) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

VBScript Remote Code Execution Vulnerability (CVE-2019-1208) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1217) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1221) MS Rating: Critical

VBScript Remote Code Execution Vulnerability (CVE-2019-1236) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1237) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1298) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1300) MS Rating: Critical

Internet Explorer Security Bypass Vulnerability (CVE-2019-1220) MS Rating: Important

A security-bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Microsoft Edge Information Disclosure Vulnerability (CVE-2019-1299) MS Rating: Important

Cumulative Security Update for Microsoft Office

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-1295) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft SharePoint where unsafe APIs are exposed when importing data. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-1296) MS Rating: Critical

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-1257) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1262) MS Rating: Important

A cross-site-scripting vulnerability (XSS) exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Excel Information Disclosure Vulnerability (CVE-2019-1263) MS Rating: Important

Microsoft Office Security Bypass Vulnerability (CVE-2019-1264) MS Rating: Important

A security-bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1297) MS Rating: Important

Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2019-1260) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server.

Microsoft SharePoint Spoofing Vulnerability (CVE-2019-1261) MS Rating: Important

A spoofing vulnerabilty exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF). To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request.

Microsoft SharePoint Spoofing Vulnerability (CVE-2019-1259) MS Rating: Moderate

Cumulative Security Update for Microsoft Windows Kernel

Win32k Privilege Escalation Vulnerability (CVE-2019-1256) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-1274) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Win32k Privilege Escalation Vulnerability (CVE-2019-1285) MS Rating: Important

Cumulative Security Update for Microsoft Hyper-V

Windows Hyper-V Information Disclosure Vulnerability (CVE-2019-1254) MS Rating: Important

An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk. An attacker could exploit the vulnerability by reading a file to recover kernel memory.

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0928) MS Rating: Important

Security Update for Microsoft Graphics

Windows GDI Information Disclosure Vulnerability (CVE-2019-1252) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1286) MS Rating: Important

Microsoft Graphics Components Information Disclosure Vulnerability (CVE-2019-1283) MS Rating: Important

Security Update for Microsoft Windows

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0787) MS Rating: Critical

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0788) MS Rating: Critical

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-1290) MS Rating: Critical

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-1291) MS Rating: Critical

LNK Remote Code Execution Vulnerability (CVE-2019-1280) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a . LNK file is processed.

Windows Privilege Escalation Vulnerability (CVE-2019-1215) MS Rating: Important

A privilege escalation vulnerability exists in the way that the ws2ifsl. sys handles objects in memory.

Windows Privilege Escalation Vulnerability (CVE-2019-1253) MS Rating: Important

Windows Denial of Service Vulnerability (CVE-2019-1292) MS Rating: Important

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

Windows Privilege Escalation Vulnerability (CVE-2019-1303) MS Rating: Important

Windows Common Log File System Driver Privilege Escalation Vulnerability (CVE-2019-1214) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Transaction Manager Information Disclosure Vulnerability (CVE-2019-1219) MS Rating: Important

An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

Windows ALPC Privilege Escalation Vulnerability (CVE-2019-1269) MS Rating: Important

A privilege escalation vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system.

Windows ALPC Privilege Escalation Vulnerability (CVE-2019-1272) MS Rating: Important

Windows Common Log File System Driver Information Disclosure Vulnerability (CVE-2019-1282) MS Rating: Important

An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits.

Windows Text Service Framework Privilege Escalation Vulnerability (CVE-2019-1235) MS Rating: Important

A privilege escalation vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME).

Windows Secure Boot Security Bypass Vulnerability (CVE-2019-1294) MS Rating: Important

A security-bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. An attacker who successfully exploited this vulnerability could disclose protected kernel memory.

Microsoft Windows Store Installer Privilege Escalation Vulnerability (CVE-2019-1270) MS Rating: Important

A privilege escalation vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.

Windows Media Privilege Escalation Vulnerability (CVE-2019-1271 MS Rating: Important

An elevation of privilege exists in hdAudio. sys which may lead to an out of band write.

Windows Audio Service Privilege Escalation Vulnerability (CVE-2019-1277) MS Rating: Important

An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

DirectX Information Disclosure Vulnerability (CVE-2019-1216) MS Rating: Important

An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

DirectWrite Information Disclosure Vulnerability (CVE-2019-1244) MS Rating: Important

DirectWrite Information Disclosure Vulnerability (CVE-2019-1245) MS Rating: Important

DirectWrite Information Disclosure Vulnerability (CVE-2019-1251) MS Rating: Important

DirectX Privilege Escalation Vulnerability (CVE-2019-1284) MS Rating: Important

A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Windows Network Connectivity Assistant Privilege Escalation Vulnerability (CVE-2019-1287) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Update Delivery Optimization Privilege Escalation Vulnerability (CVE-2019-1289) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has.

Active Directory Federation Services XSS Vulnerability (CVE-2019-1273) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected ADFS server.

Diagnostics Hub Standard Collector Service Privilege Escalation Vulnerability (CVE-2019-1232) MS Rating: Important

A privilege escalation vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.

Microsoft Compatibility Appraiser Privilege Escalation Vulnerability (CVE-2019-1267) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic hardlink attack. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Winlogon Privilege Escalation Vulnerability (CVE-2019-1268) MS Rating: Important

An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code.

Windows Privilege Escalation Vulnerability (CVE-2019-1278) MS Rating: Important

A privilege escalation vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

Windows SMB Client Driver Information Disclosure Vulnerability (CVE-2019-1293) MS Rating: Important

An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory.

Security Update for Jet Database Engine

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1240) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1241) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1242) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1243) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1246) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1247) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1248) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1249) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1250) MS Rating: Important

Security Update for Exchange

Microsoft Exchange Denial of Service Vulnerability (CVE-2019-1233) MS Rating: Important

A denial of service vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.

Microsoft Exchange Spoofing Vulnerability (CVE-2019-1266) MS Rating: Important

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker who successfully exploited the vulnerability could perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information.

Security Update for .NET

.NET Framework Privilege Escalation Vulnerability (CVE-2019-1142) MS Rating: Important

A privilege escalation vulnerability exists when the . NET Framework common language runtime (CLR) allows file creation in arbitrary locations.

.NET Core Denial of Service Vulnerability (CVE-2019-1301) MS Rating: Important

A denial of service vulnerability exists when . NET Core improperly handles web requests.

ASP.NET Core Privilege Escalation Vulnerability (CVE-2019-1302) MS Rating: Important

A privilege escalation vulnerability exists when a ASP. NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests.

Security Update for Microsoft Lync Server

Lync 2013 Information Disclosure Vulnerability (CVE-2019-1209) MS Rating: Important

An information disclosure vulnerability exists in Lync 2013. An attacker who exploited it could read arbitrary files on the victim's machine.

Security Update for Team Foundation Server

Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability (CVE-2019-1306) MS Rating: Critical

A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly. An attacker who successfully exploited this vulnerability could execute code on the server in the context of the TFS or ADO service account.

Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-1305) MS Rating: Important

A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

Security Update for Yammer for Android

Microsoft Yammer Security Bypass Vulnerability (CVE-2019-1265) MS Rating: Important

A security-bypass vulnerability exists when Microsoft Yammer App for Android or iOS fails to apply the correct Intune MAM Policy. This could allow an attacker to perform functions that are restricted by Intune Policy.

Security Update for Rome SDK

Rome SDK Information Disclosure Vulnerability (CVE-2019-1231) MS Rating: Important

An Information Disclosure vulnerability exists in the way Rome SDK handles server SSL/TLS certificate validation. This vulnerability allows an unauthenticated attacker to establish connection with an invalid SSL/TLS server certificate.

Microsoft Patch Tuesday – August 2019
This month the vendor has patched 93 vulnerabilities, 27 of which are rated Critical.
This month Microsoft has patched 93 vulnerabilities, 27 of which are rated Critical.

As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the August 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Microsoft Edge
ChakraCore
Microsoft Office
Microsoft Windows
Microsoft Hyper-V
Graphics Device Interface (GDI)
Jet Database Engine
Visual Studio
The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1131) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1133) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1139) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1140) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1141) MS Rating: Critical

Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-1183) MS Rating: Critical

Internet Explorer Remote Code Execution Vulnerability (CVE-2019-1194) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1195) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1196) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1197) MS Rating: Critical

Microsoft Edge Information Disclosure Vulnerability (CVE-2019-1030) MS Rating: Important

A security bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins and improperly handles browser cookies. An attacker who successfully exploited this vulnerability could trick a browser into overwriting a secure cookie with an insecure cookie.

MS XML Remote Code Execution Vulnerability (CVE-2019-1057) MS Rating: Important

Microsoft Browsers Security Bypass Vulnerability (CVE-2019-1192) MS Rating: Important

A security bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored.

Internet Explorer Memory Corruption Vulnerability (CVE-2019-1193) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Cumulative Security Update for Microsoft Office

Microsoft Outlook Memory Corruption Vulnerability (CVE-2019-1199) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Microsoft Outlook Remote Code Execution Vulnerability (CVE-2019-1200) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1201) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

Microsoft SharePoint Information Disclosure Vulnerability (CVE-2019-1202) MS Rating: Important

An information disclosure vulnerabilty exists in the way Microsoft SharePoint handles session objects. A locally authenticated attacker who successfully exploited the vulnerability could hijack the session of another user.

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1203) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Outlook Privilege Escalation Vulnerability (CVE-2019-1204) MS Rating: Important

A privilege escalation vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB).

Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1205) MS Rating: Important

Outlook iOS Spoofing Vulnerability (CVE-2019-1218) MS Rating: Important

A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim.

Cumulative Security Update for Microsoft Windows Kernel

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-0965) MS Rating: Critical

Hyper-V Remote Code Execution Vulnerability (CVE-2019-0720) MS Rating: Critical

Windows Kernel Privilege Escalation Vulnerability (CVE-2019-1159) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2019-1169) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-1227) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-1228) MS Rating: Important

Cumulative Security Update for Microsoft Hyper-V

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0714) MS Rating: Important

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0715) MS Rating: Important

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0717) MS Rating: Important

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0718) MS Rating: Important

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0723) MS Rating: Important

Security Update for Microsoft Graphics

Microsoft Graphics Remote Code Execution Vulnerability (CVE-2019-1149) MS Rating: Critical

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system.

Microsoft Graphics Remote Code Execution Vulnerability (CVE-2019-1150) MS Rating: Critical

Microsoft Graphics Remote Code Execution Vulnerability (CVE-2019-1151) MS Rating: Critical

Microsoft Graphics Remote Code Execution Vulnerability (CVE-2019-1152) MS Rating: Critical

Microsoft Graphics Remote Code Execution Vulnerability (CVE-2019-1144) MS Rating: Critical

Microsoft Graphics Remote Code Execution Vulnerability (CVE-2019-1145) MS Rating: Critical

Microsoft Graphics Component Information Disclosure Vulnerability (CVE-2019-1078) MS Rating: Important

An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Windows Graphics Component Information Disclosure Vulnerability (CVE-2019-1143) MS Rating: Important

Microsoft Graphics Component Information Disclosure Vulnerability (CVE-2019-1148) MS Rating: Important

An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Microsoft Graphics Component Information Disclosure Vulnerability (CVE-2019-1153) MS Rating: Important

Windows Graphics Component Information Disclosure Vulnerability (CVE-2019-1154) MS Rating: Important

Windows Graphics Component Information Disclosure Vulnerability (CVE-2019-1158) MS Rating: Important

Windows Kernel Elevation of Privilege Vulnerability (CVE-2019-1164) MS Rating: Important

Security Update for Microsoft Windows

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-1226) MS Rating: Critical

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction.

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-1222) MS Rating: Critical

Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-1213) MS Rating: Critical

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited the vulnerability could run arbitrary code on the DHCP server.

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-1181) MS Rating: Critical

LNK Remote Code Execution Vulnerability (CVE-2019-1188) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a . LNK file is processed.

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-1182) MS Rating: Critical

Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0736) MS Rating: Critical

A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.

Windows Denial of Service Vulnerability (CVE-2019-0716) MS Rating: Important

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

Microsoft Defender Privilege Escalation Vulnerability (CVE-2019-1161) MS Rating: Important

A privilege escalation vulnerability exists when the MpSigStub. exe for Defender allows file deletion in arbitrary locations.

Windows ALPC Privilege Escalation Vulnerability (CVE-2019-1162) MS Rating: Important

Windows File Signature Security Bypass Vulnerability (CVE-2019-1163) MS Rating: Important

A security bypass exists when Windows incorrectly validates CAB file signatures. An attacker who successfully exploited this vulnerability could inject code into a CAB file without invalidating the file's signature.

Microsoft Windows p2pimsvc Privilege Escalation Vulnerability (CVE-2019-1168) MS Rating: Important

A privilege escalation exists in the p2pimsvc service where an attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit this vulnerability, an attacker would first have to log on to the system.

Windows Shell Privilege Escalation Vulnerability (CVE-2019-1170) MS Rating: Important

A privilege escalation vulnerability exists when reparse points are created by sandboxed processes allowing sandbox escape. An attacker who successfully exploited the vulnerability could use the sandbox escape to elevate privileges on an affected system.

SymCrypt Information Disclosure Vulnerability (CVE-2019-1171) MS Rating: Important

An information disclosure vulnerability exists in SymCrypt during the OAEP decryption stage. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Windows Information Disclosure Vulnerability (CVE-2019-1172) MS Rating: Important

An information disclosure vulnerability exists in Azure Active Directory (AAD) Microsoft Account (MSA) during the login request session. An attacker who successfully exploited the vulnerability could take over a user's account.

Windows Privilege Escalation Vulnerability (CVE-2019-1173) MS Rating: Important

A privilege escalation vulnerability exists in the way that the PsmServiceExtHost. dll handles objects in memory.

Windows Privilege Escalation Vulnerability (CVE-2019-1174) MS Rating: Important

A privilege escalation vulnerability exists in the way that the PsmServiceExtHost. dll handles objects in memory.

Windows Privilege Escalation Vulnerability (CVE-2019-1175) MS Rating: Important

A privilege escalation vulnerability exists in the way that the psmsrv. dll handles objects in memory.

DirectX Privilege Escalation Vulnerability (CVE-2019-1176) MS Rating: Important

A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Windows Privilege Escalation Vulnerability (CVE-2019-1177) MS Rating: Important

A privilege escalation vulnerability exists in the way that the rpcss. dll handles objects in memory.

Windows Privilege Escalation Vulnerability (CVE-2019-1178) MS Rating: Important

A privilege escalation vulnerability exists in the way that the ssdpsrv. dll handles objects in memory.

Windows Privilege Escalation Vulnerability (CVE-2019-1179) MS Rating: Important

A privilege escalation vulnerability exists in the way that the unistore. dll handles objects in memory.

Windows Privilege Escalation Vulnerability (CVE-2019-1180) MS Rating: Important

A privilege escalation vulnerability exists in the way that the wcmsvc. dll handles objects in memory.

Windows Privilege Escalation Vulnerability (CVE-2019-1184) MS Rating: Important

A privilege escalation vulnerability exists when Windows Core Shell COM Server Registrar improperly handles COM calls. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.

Windows Subsystem for Linux Privilege Escalation Vulnerability (CVE-2019-1185) MS Rating: Important

A privilege escalation vulnerability exists due to a stack corruption in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Privilege Escalation Vulnerability (CVE-2019-1186) MS Rating: Important

A privilege escalation vulnerability exists in the way that the wcmsvc. dll handles objects in memory.

XmlLite runtime Denial of Service Vulnerability (CVE-2019-1187) MS Rating: Important

A denial of service vulnerability exists when the XmlLite runtime (XmlLite. dll) improperly parses XML input.

Windows Image Privilege Escalation Vulnerability (CVE-2019-1190) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Windows kernel image handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1198) MS Rating: Important

A privilege escalation exists in SyncController. dll.

Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-1206) MS Rating: Important

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could cause the DHCP service to become nonresponsive.

Windows DHCP Server Denial of Service Vulnerability (CVE-2019-1212) MS Rating: Important

A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploited the vulnerability could cause the DHCP server service to stop responding.

Bluetooth Key Length Enforcement (CVE-2019-9506) MS Rating: Important

Executive Summary Microsoft is aware of the Bluetooth BR/EDR (basic rate/enhanced data rate, known as "Bluetooth Classic") key negotiation vulnerability that exists at the hardware specification level of any BR/EDR Bluetooth device. An attacker could potentially be able to negotiate the offered key length down to 1 byte of entropy, from a maximum of 16 bytes.

HTTP/2 Server Denial of Service Vulnerability (CVE-2019-9511) MS Rating: Important

A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests.

HTTP/2 Server Denial of Service Vulnerability (CVE-2019-9513) MS Rating: Important

A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests.

HTTP/2 Server Denial of Service Vulnerability (CVE-2019-9514) MS Rating: Important

A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests.

Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability (CVE-2019-1223) MS Rating: Important

Remote Desktop Protocol Server Information Disclosure Vulnerability (CVE-2019-1224) MS Rating: Important

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system.

Remote Desktop Protocol Server Information Disclosure Vulnerability (CVE-2019-1225) MS Rating: Important

Dynamics On-Premise Elevation of Privilege Vulnerability (CVE-2019-1229) MS Rating: Important

An elevation of privilege vulnerability exists in Dynamics On-Premise v9. An attacker who successfully exploited the vulnerability could leverage a customizer privilege within Dynamics to gain control of the Web Role hosting the Dynamics installation.

HTTP/2 Server Denial of Service Vulnerability (CVE-2019-9512) MS Rating: Important

A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests.

HTTP/2 Server Denial of Service Vulnerability (CVE-2019-9518) MS Rating: Important

A denial of service vulnerability exists in the HTTP/2 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP/2 requests.

Security Update for Jet Database Engine

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1155) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1156) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1157) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1146) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1147) MS Rating: Important

Security Update for Visual Studio

Git for Visual Studio Privilege Escalation Vulnerability (CVE-2019-1211) MS Rating: Important

A privilege escalation vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user.

Microsoft Patch Tuesday – July 2019
This month the vendor has patched 77 vulnerabilities, 16 of which are rated Critical.
As always, customers are advised to follow these security best practices:

Microsoft's summary of the July 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Microsoft Edge
ChakraCore
Microsoft Office
Microsoft .NET
Microsoft Windows
DirectWrite
Graphics Device Interface (GDI)
Microsoft SQL Server
Team Foundation Server
Microsoft Exchange Server
Azure
Microsoft Visual Studio

The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

Microsoft Browser Memory Corruption Vulnerability (CVE-2019-1104) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Internet Explorer Memory Corruption Vulnerability (CVE-2019-1063) MS Rating: Critical

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1001) MS Rating: Critical

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1004) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1056) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1059) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1062) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1092) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1103) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1106) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1107) MS Rating: Critical

Cumulative Security Update for Microsoft Office

Microsoft Office Spoofing Vulnerability (CVE-2019-1109) MS Rating: Important

A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents. An attacker who successfully exploited this vulnerability could read or write information in Office documents.

Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1110) MS Rating: Important

Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1111) MS Rating: Important

Microsoft Excel Information Disclosure Vulnerability (CVE-2019-1112) MS Rating: Important

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1134) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Cumulative Security Update for Microsoft .NET

.NET Denial of Service Vulnerability (CVE-2019-1083) MS Rating: Critical

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET web application.

.NET Framework Remote Code Execution Vulnerability (CVE-2019-1113) MS Rating: Important

A remote code execution vulnerability exists in . NET software when the software fails to check the source markup of a file.

ASP.NET Core Spoofing Vulnerability (CVE-2019-1075) MS Rating: Important

A spoofing vulnerability exists in ASP. NET Core that could lead to an open redirect. An attacker who successfully exploited the vulnerability could redirect a targeted user to a malicious website.

Cumulative Security Update for Microsoft Windows Kernel

Windows Kernel Information Disclosure Vulnerability (CVE-2019-1071) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-1073) MS Rating: Important

Win32k Information Disclosure Vulnerability (CVE-2019-1096) MS Rating: Important

An information disclosure vulnerability exists when the Win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

Win32k Privilege Escalation Vulnerability (CVE-2019-1132) MS Rating: Important

Windows Kernel Privilege Escalation Vulnerability (CVE-2019-1067) MS Rating: Moderate

Cumulative Security Update for Microsoft Windows

Windows DNS Server Denial of Service Vulnerability (CVE-2019-0811) MS Rating: Critical

A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries. An attacker who successfully exploited this vulnerability could cause the DNS Server service to become non-responsive.

Windows Error Reporting Privilege Escalation Vulnerability (CVE-2019-1037) MS Rating: Critical

A privilege escalation vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0785) MS Rating: Important

SymCrypt Denial of Service Vulnerability (CVE-2019-0865) MS Rating: Important

A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature. An attacker could exploit the vulnerability by creating a specially crafted connection or message.

Microsoft 'splwow64' Privilege Escalation Vulnerability (CVE-2019-0880) MS Rating: Important

A local Privilege Escalation Vulnerability exists in how splwow64. exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0887) MS Rating: Important

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system.

Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2019-1108) MS Rating: Important

An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0966) MS Rating: Important

ADFS Security Feature Bypass Vulnerability (CVE-2019-0975) MS Rating: Important

A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses.

ADFS Security Feature Bypass Vulnerability (CVE-2019-1126) MS Rating: Important

A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy. To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.

DirectX Privilege Escalation Vulnerability (CVE-2019-0999) MS Rating: Important

A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

WCF/WIF SAML Token Authentication Bypass Vulnerability (CVE-2019-1006) MS Rating: Important

An Authentication Bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys. This vulnerability allows an attacker to impersonate another user, which can lead to elevation of privileges.

Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1074) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could potentially access unauthorized information.

Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1082) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft Windows where a certain dll, with Local Service privilege, is vulnerable to race planting a customized dll. An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.

Windows WLAN Service Privilege Escalation Vulnerability (CVE-2019-1085) MS Rating: Important

A privilege escalation vulnerability exists in the way that the wlansvc.dll handles objects in memory.

Windows Audio Service Privilege Escalation Vulnerability (CVE-2019-1086) MS Rating: Important

A privilege escalation vulnerability exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

Windows Audio Service Privilege Escalation Vulnerability (CVE-2019-1087) MS Rating: Important

A privilege escalation vulnerability exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

Windows Audio Service Privilege Escalation Vulnerability (CVE-2019-1088) MS Rating: Important

A privilege escalation vulnerability exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

Windows RPCSS Privilege Escalation Vulnerability (CVE-2019-1089) MS Rating: Important

A privilege escalation vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request.

Windows 'dnsrlvr.dll' Privilege Escalation Vulnerability (CVE-2019-1090) MS Rating: Important

A privilege escalation vulnerability exists in the way that the 'dnsrslvr.dll' handles objects in memory.

Microsoft 'unistore.dll' Information Disclosure Vulnerability (CVE-2019-1091) MS Rating: Important

An information disclosure vulnerability exists when 'Unistore.dll' fails to properly handle objects in memory.

Windows Privilege Escalation Vulnerability (CVE-2019-1129) MS Rating: Important

Windows Privilege Escalation Vulnerability (CVE-2019-1130) MS Rating: Important

Docker Privilege Escalation Vulnerability (CVE-2018-15664) MS Rating: Important

A privilege escalation vulnerability in the Docker runtime wherein a malicious container can acquire full read or write access to the host operating system where that container is running.

Security Update for Microsoft DirectWrite

DirectWrite Remote Code Execution Vulnerability (CVE-2019-1117) MS Rating: Important

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

DirectWrite Remote Code Execution Vulnerability (CVE-2019-1118) MS Rating: Important

DirectWrite Remote Code Execution Vulnerability (CVE-2019-1119) MS Rating: Important

DirectWrite Remote Code Execution Vulnerability (CVE-2019-1120) MS Rating: Important

DirectWrite Remote Code Execution Vulnerability (CVE-2019-1121) MS Rating: Important

DirectWrite Remote Code Execution Vulnerability (CVE-2019-1122) MS Rating: Important

DirectWrite Remote Code Execution Vulnerability (CVE-2019-1123) MS Rating: Important

DirectWrite Remote Code Execution Vulnerability (CVE-2019-1124) MS Rating: Important

DirectWrite Remote Code Execution Vulnerability (CVE-2019-1127) MS Rating: Important

DirectWrite Remote Code Execution Vulnerability (CVE-2019-1128) MS Rating: Important

DirectWrite Information Disclosure Vulnerability (CVE-2019-1097) MS Rating: Important

DirectWrite Information Disclosure Vulnerability (CVE-2019-1093) MS Rating: Important

Security Update for Windows Graphics Device Interface (GDI)

Windows GDI Information Disclosure Vulnerability (CVE-2019-1116) MS Rating: Critical

Windows GDI Information Disclosure Vulnerability (CVE-2019-1094) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1095) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1098) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1099) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1100) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1101) MS Rating: Important

GDI+ Remote Code Execution Vulnerability (CVE-2019-1102) MS Rating: Important

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

Security Update for Microsoft SQL Server

Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2019-1068) MS Rating: Important

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions. An attacker who successfully exploited this vulnerability could execute code in the context of the SQL Server Database Engine service account.

Security Update for Microsoft Exchange

Microsoft Exchange Information Disclosure Vulnerability (CVE-2019-1084) MS Rating: Important

An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An attacker could exploit this vulnerability by creating entities with invalid display names, and add such entities to conversations without being noticed.

Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2019-1136) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server.

Microsoft Exchange Server Spoofing Vulnerability (CVE-2019-1137) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected server.

Security Update for Azure and Team Foundation Server

Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-1076) MS Rating: Important

Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability (CVE-2019-1072) MS Rating: Important

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input. An attacker who successfully exploited the vulnerability could execute code on the target server in the context of the DevOps or TFS service account.

Azure Automation Privilege Escalation Vulnerability (CVE-2019-0962) MS Rating: Critical

A privilege escalation vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role. This vulnerability could potentially allow members of an organization to access Key Vault secrets through a runbook, even if these members would personally not have access to that Key Vault.

Security Update for Microsoft Visual Studio

Visual Studio Privilege Escalation Vulnerability (CVE-2019-1077) MS Rating: Important

A privilege escalation vulnerability exists when the Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited this vulnerability overwrite arbitrary files with XML content in the security context of the local system.

Visual Studio Information Disclosure Vulnerability (CVE-2019-1079) MS Rating: Important

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.

Microsoft Patch Tuesday – June 2019
This month the vendor has patched 88 vulnerabilities, 20 of which are rated Critical.
As always, customers are advised to follow these security best practices:

Microsoft's summary of the June 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Microsoft Edge
ChakraCore
Microsoft Office
Microsoft Windows
Windows Hyper-V
Graphics Device Interface (GDI)
Jet Database Engine
Skype for Business and Lync Server
Azure

The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

Microsoft Edge Security Feature Bypass Vulnerability (CVE-2019-1054) MS Rating: Important

A security bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). An attacker can exploit this issue by hosting a malicious website or sending the targeted user a specially crafted .url file that is designed to exploit the bypass.

Microsoft Browser Memory Corruption Vulnerability (CVE-2019-1038) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0989) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0991) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0992) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0993) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1002) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1003) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1024) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1051) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1052) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0920) MS Rating: Critical

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0988) MS Rating: Critical

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Scripting Engine Information Disclosure Vulnerability (CVE-2019-0990) MS Rating: Critical

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker can exploit this issue to obtain information to further compromise the user's system.

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1055) MS Rating: Critical

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1080) MS Rating: Critical

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2019-1005) MS Rating: Important

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Scripting Engine Information Disclosure Vulnerability (CVE-2019-1023) MS Rating: Important

Microsoft Browser Information Disclosure Vulnerability (CVE-2019-1081) MS Rating: Important

An information disclosure vulnerability exists when the Microsoft browsers do not properly handle objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system.

Cumulative Security Update for Microsoft Office

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1031) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1032) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1033) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1036) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1034) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker can exploit this issue to use a specially crafted file to perform actions in the security context of the current user.

Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1035) MS Rating: Important

Cumulative Security Update for Microsoft Windows Kernel

Win32k Elevation of Privilege Vulnerability (CVE-2019-0960) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode.

Win32k Elevation of Privilege Vulnerability (CVE-2019-1014) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode.

Win32k Elevation of Privilege Vulnerability (CVE-2019-1017) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode.

Windows Kernel Information Disclosure Vulnerability (CVE-2019-1039) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker can exploit this issue to obtain information to further compromise the user's system.

Windows Kernel Elevation of Privilege Vulnerability (CVE-2019-1041) MS Rating: Important

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode.

Windows Secure Kernel Mode Security Feature Bypass Vulnerability (CVE-2019-1044) MS Rating: Important

A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker can exploit this issue to violate virtual trust levels (VTL).

Windows Kernel Elevation of Privilege Vulnerability (CVE-2019-1065) MS Rating: Important

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode.

Cumulative Security Update for Microsoft Windows Hyper-V

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-0620) MS Rating: Critical

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker requires to run a specially crafted application on a guest operating system that causes the Hyper-V host operating system to execute arbitrary code.

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-0722) MS Rating: Critical

A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker requires to run a specially crafted application on a guest operating system that causes the Hyper-V host operating system to execute arbitrary code.

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0713) MS Rating: Important

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-0709) MS Rating: Critical

Windows Hyper-V Denial Of Service Vulnerability (CVE-2019-0710) MS Rating: Important

Windows Hyper-V Denial Of Service Vulnerability (CVE-2019-0711) MS Rating: Important

Cumulative Security Update for Microsoft Windows Jet Database Engine

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0904) MS Rating: Important

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this issue to execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0905) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0906) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0907) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0908) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0909) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0974) MS Rating: Important

Cumulative Security Update for Microsoft Windows Graphics Device Interface (GDI)

Windows GDI Information Disclosure Vulnerability (CVE-2019-1009) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

Windows GDI Information Disclosure Vulnerability (CVE-2019-1010) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1011) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1012) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1013) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1015) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1016) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1046) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1047) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1048) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1049) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-1050) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-0968) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-0977) MS Rating: Important

Cumulative Security Update for Microsoft Windows

Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1021) MS Rating: Important

A privilege escalation exists in Windows Audio Service. An attacker can exploit this issue to run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker requires to run a specially crafted application that could exploit the vulnerability.

Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1022) MS Rating: Important

Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1026) MS Rating: Important

Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1027) MS Rating: Important

Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1028) MS Rating: Important

Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1007) MS Rating: Important

ActiveX Data Objects (ADO) Remote Code Execution Vulnerability (CVE-2019-0888) MS Rating: Critical

A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker can exploit this issue to execute arbitrary code with the victim user's privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website.

Microsoft Speech API Remote Code Execution Vulnerability (CVE-2019-0985) MS Rating: Critical

A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language.

Microsoft IIS Server Denial of Service Vulnerability (CVE-2019-0941) MS Rating: Important

A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker can exploit this issue to perform a temporary denial of service against pages configured to use request filtering. To exploit this vulnerability, an attacker could send a specially crafted request to a page utilizing request filtering.

Windows ALPC Elevation of Privilege Vulnerability (CVE-2019-0943) MS Rating: Important

A privilege escalation vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker can exploit this issue to run arbitrary code in the security context of the local system. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.

Windows Event Viewer Information Disclosure Vulnerability (CVE-2019-0948) MS Rating: Moderate

An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker can exploit this issue to read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2019-0959) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker can exploit this issue to run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.

Local Security Authority Subsystem Service Denial of Service Vulnerability (CVE-2019-0972) MS Rating: Important

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system.

Windows Installer Elevation of Privilege Vulnerability (CVE-2019-0973) MS Rating: Important

A privilege escalation vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges.

Windows Storage Service Elevation of Privilege Vulnerability (CVE-2019-0983) MS Rating: Important

A privilege escalation vulnerability exists when the Storage Service improperly handles file operations. An attacker can exploit this issue to gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application.

Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2019-0984) MS Rating: Important

Windows User Profile Service Elevation of Privilege Vulnerability (CVE-2019-0986) MS Rating: Important

A privilege escalation vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker can exploit this issue to delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing.

Windows Storage Service Elevation of Privilege Vulnerability (CVE-2019-0998) MS Rating: Important

DirectX Elevation of Privilege Vulnerability (CVE-2019-1018) MS Rating: Important

A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Microsoft Windows Security Feature Bypass Vulnerability (CVE-2019-1019) MS Rating: Important

A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker can exploit this issue to access another machine using the original user privileges.

Windows Denial of Service Vulnerability (CVE-2019-1025) MS Rating: Important

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker can exploit this issue to cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share.

Windows NTLM Tampering Vulnerability (CVE-2019-1040) MS Rating: Important

A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker can exploit this issue to gain the ability to downgrade NTLM security features. To exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker could then modify flags of the NTLM packet without invalidating the signature.

Comctl32 Remote Code Execution Vulnerability (CVE-2019-1043) MS Rating: Important

A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system.

Windows Network File System Elevation of Privilege Vulnerability (CVE-2019-1045) MS Rating: Important

A privilege escalation vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker can exploit this issue to execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

Windows Shell Elevation of Privilege Vulnerability (CVE-2019-1053) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker can exploit this issue to elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require unprivileged execution on the victim system.

Windows Elevation of Privilege Vulnerability (CVE-2019-1064) MS Rating: Important

A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker can exploit this issue to run processes in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

Task Scheduler Elevation of Privilege Vulnerability (CVE-2019-1069) MS Rating: Important

A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker can exploit this issue to gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system.

Security Update for Skype for Business and Lync Server

Skype for Business and Lync Server Denial of Service Vulnerability (CVE-2019-1029) MS Rating: Important

A denial of service vulnerability exists in Skype for Business. An attacker can exploit this issue to cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights.

Security Update for Azure

Azure DevOps Server Spoofing Vulnerability (CVE-2019-0996) MS Rating: Important

A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker can exploit this issue to bypass OAuth protections and register an application on behalf of the targeted user. To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attacker would then need to convince a targeted user to click a link to the malicious page.

Microsoft Patch Tuesday – May 2019
This month the vendor has patched 79 vulnerabilities, 22 of which are rated Critical.
As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
IMPORTANT: Due to the severity of CVE-2019-0708, and the high likelihood of exploitation, Symantec recommends that customers apply patches immediately. If immediate patching is not possible, customers should take the following steps:

Disable Remote Desktop Services if not required
Block TCP port 3389 at the firewall
Enable Network Level Protection
UPDATE 05-22-2019: Symantec has released the following IPS signatures to detect and block attempts to exploit CVE-2019-0708:

31527 (OS Attack: Microsoft Windows Desktop Services RCE CVE-2019-0708)
31529 (OS Attack: Microsoft Windows Desktop Services RCE CVE-2019-0708 2)
Microsoft's summary of the May 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Microsoft Edge
ChakraCore
Microsoft Office
Microsoft .NET
Microsoft Windows
Microsoft Remote Desktop Services
Graphics Device Interface (GDI)
Jet Database Engine
Team Foundation Server
Skype for Android
Azure
NuGet

The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0911) MS Rating: Critical

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0912) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0913) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0914) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0915) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0916) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0917) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0918) MS Rating: Critical

Internet Explorer Spoofing Vulnerability (CVE-2019-0921) MS Rating: Important

A spoofing vulnerability exists when Internet Explorer improperly handles URLs. An attacker who successfully exploits this vulnerability could trick a user by redirecting the user to a specially crafted website.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0922) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0923) MS Rating: Important

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0924) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0925) MS Rating: Critical

Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0926) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0927) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2019-0929) MS Rating: Critical

Internet Explorer Information Disclosure Vulnerability (CVE-2019-0930) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploits this vulnerability could obtain information to further compromise the user's system.

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0884) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0937) MS Rating: Critical

Microsoft Edge Privilege Escalation Vulnerability (CVE-2019-0938) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker who successfully exploits this vulnerability could gain elevated privileges and break out of the Edge AppContainer sandbox.

Microsoft Browser Memory Corruption Vulnerability (CVE-2019-0940) MS Rating: Critical

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. This vulnerability may corrupt memory in such a way that could allow an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0933) MS Rating: Critical

Internet Explorer Security Bypass Vulnerability (CVE-2019-0995) MS Rating: Important

A security bypass vulnerability exists when 'urlmon.dll' improperly handles certain Mark of the Web queries. The vulnerability allows Internet Explorer to bypass Mark of the Web warnings or restrictions for files downloaded or created in a specific way.

Cumulative Security Update for Microsoft Office

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0945) MS Rating: Important

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploits this vulnerability could execute arbitrary code on a victim system.

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0946) MS Rating: Important

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0947) MS Rating: Important

Microsoft SharePoint Spoofing Vulnerability (CVE-2019-0949) MS Rating: Important

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft SharePoint Spoofing Vulnerability (CVE-2019-0950) MS Rating: Important

Microsoft SharePoint Spoofing Vulnerability (CVE-2019-0951) MS Rating: Important

Microsoft SharePoint Server Remote Code Execution Vulnerability (CVE-2019-0952) MS Rating: Important

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.NET web controls.

Microsoft Word Remote Code Execution Vulnerability (CVE-2019-0953) MS Rating: Critical

A remote code execution vulnerability exists in Microsoft Word when it fails to properly handle objects in memory. An attacker who successfully exploits the vulnerability could use a specially crafted file to perform actions in the security context of the current user.

Microsoft SharePoint Server Information Disclosure Vulnerability (CVE-2019-0956) MS Rating: Important

An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2019-0957) MS Rating: Important

A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2019-0958) MS Rating: Important

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-0963) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Cumulative Security Update for Microsoft .NET

.NET Framework and .NET Core Denial of Service Vulnerability (CVE-2019-0820) MS Rating: Important

A denial of service (DoS) vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings. An attacker who successfully exploits this vulnerability could cause a denial of service against a .NET application.

.NET Framework Denial of Service Vulnerability (CVE-2019-0864) MS Rating: Important

A denial of service (DoS) vulnerability exists when .NET Framework improperly handles objects in heap memory. An attacker who successfully exploits this vulnerability could cause a denial of service against a .NET application.

ASP.NET Core Denial of Service Vulnerability (CVE-2019-0980) MS Rating: Important

A denial of service (DoS) vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploits this vulnerability could cause a denial of service against an ASP.NET Core web application.

ASP.NET Core Denial of Service Vulnerability (CVE-2019-0981) MS Rating: Important

A denial of service vulnerability (DoS) exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploits this vulnerability could cause a denial of service against an ASP.NET Core web application.

ASP.NET Denial of Service Vulnerability (CVE-2019-0982) MS Rating: Important

A denial of service (DoS) vulnerability exists when ASP.NET improperly handles web requests. An attacker who successfully exploits this vulnerability could cause a denial of service against an ASP.NET web application.

NuGet Package Manager Tampering Vulnerability (CVE-2019-0976) MS Rating: Important

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure. An attacker who successfully exploits this vulnerability could potentially modify files and folders that are unpacked on a system.

Cumulative Security Update for Microsoft Windows Kernel

Windows Kernel Privilege Escalation Vulnerability (CVE-2019-0881) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Kernel improperly handles key enumeration. An attacker who successfully exploits the vulnerability could gain elevated privileges on a targeted system.

Win32k Privilege Escalation Vulnerability (CVE-2019-0892) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode.

Cumulative Security Update for Microsoft Windows

Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0725) MS Rating: Critical

A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets. An attacker who successfully exploits this vulnerability could run arbitrary code on the DHCP server.

Windows NDIS Privilege Escalation Vulnerability (CVE-2019-0707) MS Rating: Important

A privilege escalation vulnerability exists in the Network Driver Interface Specification (NDIS) when 'ndis.sys' fails to check the length of a buffer prior to copying memory to it.

Diagnostic Hub Standard Collector,Visual Studio Standard Collector Privilege Escalation Vulnerability (CVE-2019-0727) MS Rating: Important

A privilege escalation vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system.

Windows Defender Application Control Security Bypass Vulnerability (CVE-2019-0733) MS Rating: Important

A security bypass vulnerability exists in Windows Defender Application Control (WDAC) which could allow an attacker to bypass WDAC enforcement. An attacker who successfully exploits this vulnerability could circumvent Windows PowerShell Constrained Language Mode on the machine.

Windows Privilege Escalation Vulnerability (CVE-2019-0734) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully decode and replace authentication requests using Kerberos, allowing an attacker to be validated as an Administrator. The update addresses this vulnerability by changing how these requests are validated.

Microsoft SQL Server Analysis Services Information Disclosure Vulnerability (CVE-2019-0819) MS Rating: Important

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions. An attacker who successfully exploits the vulnerability could query tables or columns for which they do not have access rights.

Windows Error Reporting Privilege Escalation Vulnerability (CVE-2019-0863) MS Rating: Important

A privilege escalation vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode.

Windows OLE Remote Code Execution Vulnerability (CVE-2019-0885) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input. An attacker could exploit the vulnerability to execute malicious code.

Windows Hyper-V Information Disclosure Vulnerability (CVE-2019-0886) MS Rating: Important

Windows Storage Service Privilege Escalation Vulnerability (CVE-2019-0931) MS Rating: Important

A privilege escalation vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploits this vulnerability could gain elevated privileges on the victim system.

Windows Privilege Escalation Vulnerability (CVE-2019-0936) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploits this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions.

Unified Write Filter Privilege Escalation Vulnerability (CVE-2019-0942) MS Rating: Important

A privilege escalation vulnerability exists in the Unified Write Filter (UWF) feature for Windows 10 when it improperly restricts access to the registry. An attacker who successfully exploits the vulnerability could make changes to the registry keys protected by UWF without having administrator privileges.

Microsoft Dynamics On-Premise Security Bypass Vulnerability (CVE-2019-1008) MS Rating: Important

A security bypass vulnerability exists in Dynamics On Premise. An attacker who successfully exploits the vulnerability could send attachment types that are blocked by the email attachment system.

Security Update for Microsoft Remote Desktop Services

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708) MS Rating: Critical

A remote code execution vulnerability exists in Remote Desktop Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction.

Security Update for Windows Graphics Device Interface (GDI)

GDI+ Remote Code Execution Vulnerability (CVE-2019-0903) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory. An attacker who successfully exploits this vulnerability could take control of the affected system.

Windows GDI Information Disclosure Vulnerability (CVE-2019-0758) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploits the vulnerability could obtain information to further compromise the user's system.

Windows GDI Information Disclosure Vulnerability (CVE-2019-0882) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-0961) MS Rating: Important

Security Update for Skype for Android

Skype for Android Information Disclosure Vulnerability (CVE-2019-0932) MS Rating: Important

An information disclosure vulnerability exists in Skype for Android. An attacker who successfully exploits this vulnerability could listen to the conversation of a Skype for Android user without the user's knowledge.

Security Update for Jet Database Engine

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0889) MS Rating: Important

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploits this vulnerability could execute arbitrary code on a victim system.

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0890) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0891) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0893) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0894) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0895) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0896) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0897) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0898) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0899) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0900) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0901) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0902) MS Rating: Important

Security Update for Azure and Team Foundation Server

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0872) MS Rating: Important

A cross-site scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server, which will get executed in the context of the user every time a user visits the compromised page.

Microsoft Azure AD Connect Privilege Escalation Vulnerability (CVE-2019-1000) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft Azure Active Directory Connect build 1.3.20.0, which allows an attacker to execute two PowerShell cmdlets in the context of a privileged account, and perform privileged actions.

Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability (CVE-2019-0971) MS Rating: Important

An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server. An attacker who successfully exploits this vulnerability could execute malicious code on a vulnerable server.

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0979) MS Rating: Important

A cross-site scripting (XSS) vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user-provided input. An authenticated attacker could exploit this vulnerability by sending a specially crafted payload to an Azure DevOps server or a Team Foundation server, which will get executed in the context of the user every time a user visits the compromised page.

Microsoft Patch Tuesday – April 2019
This month the vendor has patched 74 vulnerabilities, 14 of which are rated Critical.
As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the April 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Microsoft Edge
ChakraCore
Microsoft Office
Microsoft Exchange
Microsoft Windows
XML Core Service
Graphics Device Interface (GDI)
LUA File Virtualization Filter Driver (Luafv.sys)
Jet Database Engine
Azure DevOps Server
Team Foundation Server
ASP.NET
Open Enclave Software Development Kit

The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0739) MS Rating: Critical

A memory-corruption vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0753) MS Rating: Critical

A memory-corruption vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0806) MS Rating: Critical

A memory-corruption vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0810) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0812) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0860) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0861) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0829) MS Rating: Critical

Microsoft Edge Information Disclosure Vulnerability (CVE-2019-0833) MS Rating: Important

An information disclosure vulnerability exists in the way that Microsoft Edge handles objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system.

Microsoft Browsers Tampering Vulnerability (CVE-2019-0764) MS Rating: Important

A tampering vulnerability exists when Microsoft browsers fails to properly validate input under specific conditions. An attacker can exploit this issue to pass custom command line parameters.

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0752) MS Rating: Important

Microsoft Scripting Engine Information Disclosure Vulnerability (CVE-2019-0835) MS Rating: Important

An information disclosure vulnerability exists when the scripting engine handles objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system.

Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0842) MS Rating: Important

A remote code execution vulnerability exists in the way that the VBScript scripting engine handles objects in memory. An attacker can exploit this issue to execute arbitrary code in the context of the current user. Successful exploitation of this vulnerability would allow an attacker to gain the same user rights as the current user.

Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0862) MS Rating: Important

VBScript Remote Code Execution Vulnerability (CVE-2019-0794) MS Rating: Important

A remote code execution vulnerability exists in the way that the VBScript scripting engine handles objects in memory. An attacker can exploit this issue to gain access to the affected system. Successful exploitation of this vulnerability requires an attacker to host a specially crafted website designed to invoke VBScript through a web browser.

Cumulative Security Update for Microsoft Office

Office Remote Code Execution Vulnerability (CVE-2019-0801) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files. Successful exploitation of this vulnerability requires an attacker to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0823) MS Rating: Important

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file that causes arbitrary code execution on the affected system.

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0824) MS Rating: Important

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0825) MS Rating: Important

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0826) MS Rating: Important

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0827) MS Rating: Important

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-0830) MS Rating: Important

A cross-site-scripting vulnerability exists when Microsoft SharePoint Server fails to properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-0831) MS Rating: Important

Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-0828) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker can exploit this vulnerability to run arbitrary code in the context of the current user.

Cumulative Security Update for Microsoft Exchange

Microsoft Exchange Spoofing Vulnerability (CVE-2019-0817) MS Rating: Important

A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests. An attacker can exploit this vulnerability to perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or the vulnerability could be used as a pivot to chain an attack with other vulnerabilities in web services. Successful exploitation of this vulnerability requires an attacker to send a specially crafted email containing a malicious link to a user, or use a chat client to social-engineer a user into clicking the malicious link.

Microsoft Exchange Spoofing Vulnerability (CVE-2019-0858) MS Rating: Important

Cumulative Security Update for Microsoft Windows Kernel

Win32k Elevation of Privilege Vulnerability (CVE-2019-0685) MS Rating: Important

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control of an affected system.

Win32k Elevation of Privilege Vulnerability (CVE-2019-0859) MS Rating: Important

Win32k Elevation of Privilege Vulnerability (CVE-2019-0803) MS Rating: Important

Win32k Information Disclosure Vulnerability (CVE-2019-0814) MS Rating: Important

An information disclosure vulnerability exists when the Win32k component fails to properly provide kernel information. An attacker can exploit this issue to obtain information to further compromise the user's system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0840) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

Win32k Information Disclosure Vulnerability (CVE-2019-0848) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0844) MS Rating: Important

Cumulative Security Update for Microsoft Windows

SMB Server Elevation of Privilege Vulnerability (CVE-2019-0786) MS Rating: Critical

A privilege escalation vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine. An attacker can exploit this vulnerability to bypass certain security checks in the operating system.

Windows IOleCvt Interface Remote Code Execution Vulnerability (CVE-2019-0845) MS Rating: Critical

A remote code execution vulnerability exists when the IOleCvt interface renders ASP web page content. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user's system. Successful exploitation of this vulnerability requires an attacker to host a specially crafted website designed to render malicious ASP pages through a web browser.

Windows Admin Center Elevation of Privilege Vulnerability (CVE-2019-0813) MS Rating: Important

A privilege escalation vulnerability exists when Windows Admin Center improperly impersonates operations in certain situations. An attacker can exploit this vulnerability to gain elevated privileges.

Windows Security Feature Bypass Vulnerability (CVE-2019-0732) MS Rating: Important

A security bypass vulnerability exists in Windows because Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to circumvent a User Mode Code Integrity (UMCI) policy on the machine to bypass Device Guard. Successful exploitation of this vulnerability requires an attacker to first access the local machine, and then run a malicious program.

Windows TCP/IP Information Disclosure Vulnerability (CVE-2019-0688) MS Rating: Important

An information disclosure vulnerability exists when the Windows TCP/IP stack fails to properly handle fragmented IP packets. An attacker can exploit this vulnerability to obtain information to further compromise the user's system. Successful exploitation of this vulnerability requires an attacker to send specially crafted fragmented IP packets to a remote Windows computer.

DirectX Information Disclosure Vulnerability (CVE-2019-0837) MS Rating: Important

An information disclosure vulnerability exists when DirectX fails to properly handle objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system. An authenticated attacker can exploit this vulnerability by running a specially crafted application.

Windows Information Disclosure Vulnerability (CVE-2019-0838) MS Rating: Important

An information disclosure vulnerability exists when Windows Task Scheduler improperly discloses credentials to Windows Credential Manager. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.

Windows Information Disclosure Vulnerability (CVE-2019-0839) MS Rating: Important

An information disclosure vulnerability exists when the Terminal Services component improperly discloses the contents of its memory. An attacker can exploit this vulnerability to obtain information to further compromise a user's system. Successful exploitation of this vulnerability requires an attacker to log on to an affected system and run a specially crafted application.

NTFS Elevation of Privilege Vulnerability (CVE-2019-0841) MS Rating: Important

A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) fails to properly handle hard links. An attacker can exploit this vulnerability to run processes in an elevated context. An attacker could then install programs and view, change, or delete data. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control of an affected system.

Windows Remote Code Execution Vulnerability (CVE-2019-0856) MS Rating: Important

A remote code execution vulnerability exists when Windows fails to properly handle objects in memory. An attacker who successfully exploits these vulnerabilities could take control of an affected system. Successful exploitation of the vulnerabilities require an attacker to first log on to the target system and then run a specially crafted application.

Windows CSRSS Elevation of Privilege Vulnerability (CVE-2019-0735) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory. An attacker can exploit this vulnerability to run arbitrary code.

Security Update for Microsoft XML Core Services

MS XML Remote Code Execution Vulnerability (CVE-2019-0791) MS Rating: Critical

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker can exploit this vulnerability to run malicious code remotely to take control of the user's system. Successful exploitation of the vulnerability requires an attacker to host a specially crafted website designed to invoke MSXML through a web browser.

MS XML Remote Code Execution Vulnerability (CVE-2019-0792) MS Rating: Critical

MS XML Remote Code Execution Vulnerability (CVE-2019-0793) MS Rating: Critical

MS XML Remote Code Execution Vulnerability (CVE-2019-0790) MS Rating: Important

MS XML Remote Code Execution Vulnerability (CVE-2019-0795) MS Rating: Important

Security Update for Windows Graphics Device Interface (GDI)

GDI+ Remote Code Execution Vulnerability (CVE-2019-0853) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker can exploit this vulnerability to take control of the affected system.

Windows GDI Information Disclosure Vulnerability (CVE-2019-0802) MS Rating: Important

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system. An attacker can exploit this vulnerability by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage.

Windows GDI Information Disclosure Vulnerability (CVE-2019-0849) MS Rating: Important

Microsoft Graphics Components Remote Code Execution Vulnerability (CVE-2019-0822) MS Rating: Important

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a target system. Successful exploitation of this vulnerability requires an attacker to open a specially crafted file.

Security Update for Windows LUA File Virtualization Filter Driver (Luafv.sys)

Windows LUAFV Elevation of Privilege Vulnerability (CVE-2019-0730) MS Rating: Important

A privilege escalation vulnerability exists when Windows fails to properly handle calls to the LUAFV driver (luafv.sys). An attacker can exploit this vulnerability to run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Successful exploitation of this vulnerability requires an attacker to first log on to the system. An attacker could then run a specially crafted application that can exploit this vulnerability and take control over an affected system.

Windows LUAFV Elevation of Privilege Vulnerability (CVE-2019-0731) MS Rating: Important

Windows LUAFV Elevation of Privilege Vulnerability (CVE-2019-0796) MS Rating: Important

Windows LUAFV Elevation of Privilege Vulnerability (CVE-2019-0805) MS Rating: Important

Windows LUAFV Elevation of Privilege Vulnerability (CVE-2019-0836) MS Rating: Important

Security Update for Jet Database Engine

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0846) MS Rating: Important

A remote code execution vulnerability exists when the Windows Jet Database Engine fails to properly handle objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system. An attacker can exploit this vulnerability by enticing a victim to open a specially crafted file.

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0847) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0851) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0877) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0879) MS Rating: Important

Security Update for Azure DevOps Server and Team Foundation Server

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0866) MS Rating: Important

A cross-site scripting vulnerability exists when Azure DevOps Server and Team Foundation Server do not properly sanitize user-provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0867) MS Rating: Important

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0868) MS Rating: Important

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0870) MS Rating: Important

Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0871) MS Rating: Important

Azure DevOps Server Elevation of Privilege Vulnerability (CVE-2019-0875) MS Rating: Important

A privilege escalation vulnerability exists when Azure DevOps Server 2019 does not properly enforce project permissions. An attacker can exploit this issue to add GitHub repos to a project without having the proper access granted to their account.

Azure DevOps Server Cross-site Scripting Vulnerability (CVE-2019-0874) MS Rating: Important

A cross-site scripting vulnerability exists when Azure DevOps Server does not properly sanitize user provided input. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

Azure DevOps Server Spoofing Vulnerability (CVE-2019-0857) MS Rating: Important

A spoofing vulnerability that could allow a security bypass exists in Azure DevOps Server when it does not properly sanitize user-provided input. An attacker who exploits the vulnerability could trick a user into loading a page containing malicious content. An authenticated attacker can exploit this vulnerability by sending a specially crafted payload to the Team Foundation Server, which would get executed in the context of the user every time a user visits the compromised page. To exploit the bypass, an attacker can leverage any external source in the script-src to embed malicious script by bypassing Content Security Policy (CSP).

Azure DevOps Server HTML Injection Vulnerability (CVE-2019-0869) MS Rating: Important

A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests. An attacker can exploit this vulnerability to perform script or content injection attacks, and attempt to trick the user into disclosing sensitive information. An attacker could also redirect the user to a malicious website that could spoof content or the vulnerability could be used as a pivot to chain an attack with other vulnerabilities in web services. Successful exploitation of this vulnerability requires an attacker to create a popup to harvest information or present a user with a malicious link.

Security Update for Microsoft ASP.NET

ASP.NET Core Denial of Service Vulnerability (CVE-2019-0815) MS Rating: Important

A denial of service (DoS) vulnerability exists when ASP.NET Core fails to properly handle web requests. An attacker can exploit this vulnerability to cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker can exploit this vulnerability by issuing specially crafted requests to the .NET Core application.

Security Update for Open Enclave Software Development Kit

Open Enclave SDK Information Disclosure Vulnerability (CVE-2019-0876) MS Rating: Important

An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory. An attacker can exploit this vulnerability to obtain information stored in the Enclave. Successful exploitation of this vulnerability requires an attacker to successfully compromise the host application running the enclave. The attacker can then pivot to the enclave and exploit this vulnerability without user interaction.

Microsoft Patch Tuesday – March 2019
This month the vendor has patched 64 vulnerabilities, 17 of which are rated Critical.
As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the March 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Microsoft Edge
ChakraCore
Microsoft Office
Microsoft Windows
Jet Database Engine
Visual Studio
Windows Hyper-V
Team Foundation Server
Skype for Business and Lync
The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0592) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0609) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0639) MS Rating: Critical

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0666) MS Rating: Critical

Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0667) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0680) MS Rating: Critical

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Internet Explorer Memory Corruption Vulnerability (CVE-2019-0763) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0769) MS Rating: Critical

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0770) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0771) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0773) MS Rating: Critical

Microsoft Edge Privilege Escalation Vulnerability (CVE-2019-0678) MS Rating: Important

A privilege escalation vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain. In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0746) MS Rating: Important

Internet Explorer Security Bypass Vulnerability (CVE-2019-0768) MS Rating: Important

A security bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted.

Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0772) MS Rating: Important

Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0779) MS Rating: Important

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Microsoft Browser Memory Corruption Vulnerability (CVE-2019-0780) MS Rating: Important

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0783) MS Rating: Important

Microsoft Browsers Security Bypass Vulnerability (CVE-2019-0762) MS Rating: Important

A security bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Site cookie restrictions, and to allow requests that should otherwise be ignored.

Microsoft Edge Security Bypass Vulnerability (CVE-2019-0612) MS Rating: Important

A security bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Windows VBScript Engine Remote Code Execution Vulnerability (CVE-2019-0665) MS Rating: Important

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0611) MS Rating: Important

Cumulative Security Update for Microsoft Office

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0748) MS Rating: Important

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-0778) MS Rating: Important

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Cumulative Security Update for Microsoft Windows Kernel

Windows Kernel Privilege Escalation Vulnerability (CVE-2019-0696) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0702) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0755) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0767) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0775) MS Rating: Important

Win32k Information Disclosure Vulnerability (CVE-2019-0776) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0782) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2019-0797) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2019-0808) MS Rating: Important

Cumulative Security Update for Microsoft Windows

Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0697) MS Rating: Critical

Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0698) MS Rating: Critical

Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0726) MS Rating: Critical

MS XML Remote Code Execution Vulnerability (CVE-2019-0756) MS Rating: Critical

Windows ActiveX Remote Code Execution Vulnerability (CVE-2019-0784) MS Rating: Critical

A remote code execution vulnerability exists in the way that the ActiveX Data objects (ADO) handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Windows Deployment Services TFTP Server Remote Code Execution Vulnerability (CVE-2019-0603) MS Rating: Critical

A remote code execution vulnerability exists in the way that Windows Deployment Services TFTP Server handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system.

Windows GDI Information Disclosure Vulnerability (CVE-2019-0614) MS Rating: Important

Windows Subsystem for Linux Privilege Escalation Vulnerability (CVE-2019-0682) MS Rating: Important

A privilege escalation vulnerability exists due to an integer overflow in Windows Subsystem for Linux. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Active Directory Privilege Escalation Vulnerability (CVE-2019-0683) MS Rating: Important

A privilege escalation vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest. To exploit this vulnerability, an attacker would first need to compromise an Active Directory forest.

Windows Subsystem for Linux Privilege Escalation Vulnerability (CVE-2019-0689) MS Rating: Important

Windows Subsystem for Linux Privilege Escalation Vulnerability (CVE-2019-0692) MS Rating: Important

Windows Subsystem for Linux Privilege Escalation Vulnerability (CVE-2019-0693) MS Rating: Important

Windows Subsystem for Linux Privilege Escalation Vulnerability (CVE-2019-0694) MS Rating: Important

Windows SMB Information Disclosure Vulnerability (CVE-2019-0703) MS Rating: Important

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests. An authenticated attacker who successfully exploited this vulnerability could craft a special packet, which could lead to information disclosure from the server.

Windows SMB Information Disclosure Vulnerability (CVE-2019-0821) MS Rating: Important

Windows SMB Information Disclosure Vulnerability (CVE-2019-0704) MS Rating: Important

Windows Denial of Service Vulnerability (CVE-2019-0754) MS Rating: Important

A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

NuGet Package Manager Tampering Vulnerability (CVE-2019-0757) MS Rating: Important

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure. An attacker who successfully exploited this vulnerability could potentially modify files and folders that are unpackaged on a system.

Windows Print Spooler Information Disclosure Vulnerability (CVE-2019-0759) MS Rating: Important

An information disclosure vulnerability exists when the Windows Print Spooler does not properly handle objects in memory. An attacker who successfully exploited this vulnerability could use the information to further exploit the victim system.

Internet Explorer Security Bypass Vulnerability (CVE-2019-0761) MS Rating: Important

A security bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended.

Comctl32 Remote Code Execution Vulnerability (CVE-2019-0765) MS Rating: Important

A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory.

Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-0766) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-0774) MS Rating: Important

Security Update for Jet Database Engine

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0617) MS Rating: Important

Security Update for Microsoft Windows Hyper-V

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0690) MS Rating: Important

Hyper-V Denial of Service Vulnerability (CVE-2019-0695) MS Rating: Important

Hyper-V Denial of Service Vulnerability (CVE-2019-0701) MS Rating: Important

Security Update for Visual Studio

Visual Studio Remote Code Execution Vulnerability (CVE-2019-0809) MS Rating: Important

A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (.DLL) files. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the current user.

Security Update for Team Foundation Server

Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0777) MS Rating: Low

Security Update for Skype for Business and Lync

Skype for Business and Lync Spoofing Vulnerability (CVE-2019-0798) MS Rating: Important

Security Update for Azure

Azure SSH Keypairs Security Bypass Vulnerability (CVE-2019-0816) MS Rating: Moderate

A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init. Extraneous Microsoft service public keys can be unexpectedly added to the VM authorized keys file in the limited scenarios.

Microsoft Patch Tuesday – February 2019
This month the vendor has patched 74 vulnerabilities, 20 of which are rated Critical.
As always, customers are advised to follow these security best practices:

Install vendor patches as soon as they are available.
Run all software with the least privileges required while still maintaining functionality.
Avoid handling files from unknown or questionable sources.
Never visit sites of unknown or questionable integrity.
Block external access at the network perimeter to all key systems unless specific access is required.
Microsoft's summary of the February 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Microsoft Edge
ChakraCore
Microsoft Office
Microsoft Exchange
Microsoft Windows
Jet Database Engine
Microsoft .NET
Visual Studio
Windows Hyper-V
Access Connectivity Engine
Azure IoT Java SDK
Team Foundation Server

The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0590) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0591) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0593) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0605) MS Rating: Critical

Internet Explorer Memory Corruption Vulnerability (CVE-2019-0606) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0607) MS Rating: Critical

Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0634) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0640) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0642) MS Rating: Critical

Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0644) MS Rating: Critical

Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0645) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0650) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0651) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0652) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0655) MS Rating: Critical

Scripting Engine Memory Corruption Vulnerability (CVE-2019-0610) MS Rating: Important

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0648) MS Rating: Important

An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object was created. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0649) MS Rating: Important

A vulnerability exists in Microsoft Chakra JIT server. An attacker who successfully exploited this vulnerability could gain elevated privileges. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Microsoft Browser Spoofing Vulnerability (CVE-2019-0654) MS Rating: Important

A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Scripting Engine Information Disclosure Vulnerability (CVE-2019-0658) MS Rating: Important

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user system. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Internet Explorer Information Disclosure Vulnerability (CVE-2019-0676) MS Rating: Important

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Microsoft Edge Security Bypass Vulnerability (CVE-2019-0641) MS Rating: Moderate

A security bypass vulnerability exists in Microsoft Edge handles whitelisting. Edge depends on a default whitelist of sites where Adobe Flash will load without user interaction. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Microsoft Edge Information Disclosure Vulnerability (CVE-2019-0643) MS Rating: Moderate

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests. An attacker who successfully exploited this vulnerability could determine the origin of all webpages in the affected browser. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

Cumulative Security Update for Microsoft Office

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0594) MS Rating: Critical

Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604) MS Rating: Critical

Microsoft Office Security Bypass Vulnerability (CVE-2019-0540) MS Rating: Important

A security bypass vulnerability exists when Microsoft Office does not validate URLs. An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials.

Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2019-0668) MS Rating: Important

A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Excel Information Disclosure Vulnerability (CVE-2019-0669) MS Rating: Important

Microsoft SharePoint Spoofing Vulnerability (CVE-2019-0670) MS Rating: Moderate

A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could trick a user by redirecting the user to a specially crafted website.

Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0671) MS Rating: Important

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0672) MS Rating: Important

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0673) MS Rating: Important

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0674) MS Rating: Important

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

Access Connectivity Engine Remote Code Execution Vulnerability (CVE-2019-0675) MS Rating: Important

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

Cumulative Security Update for Microsoft Exchange

Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2019-0686) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2019-0724) MS Rating: Important

A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

Cumulative Security Update for Microsoft Windows Kernel

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0621) MS Rating: Important

Win32k Privilege Escalation Vulnerability (CVE-2019-0623) MS Rating: Important

Win32k Information Disclosure Vulnerability (CVE-2019-0628) MS Rating: Important

Windows Kernel Privilege Escalation Vulnerability (CVE-2019-0656) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0661) MS Rating: Important

Cumulative Security Update for Microsoft Windows

GDI+ Remote Code Execution Vulnerability (CVE-2019-0618) MS Rating: Critical

Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0626) MS Rating: Critical

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP server. An attacker who successfully exploited this vulnerability could run arbitrary code on the DHCP server.

GDI+ Remote Code Execution Vulnerability (CVE-2019-0662) MS Rating: Critical

HID Information Disclosure Vulnerability (CVE-2019-0600) MS Rating: Important

An information disclosure vulnerability exists when the Human Interface Devices (HID) component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the victim system.

HID Information Disclosure Vulnerability (CVE-2019-0601) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-0602) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-0615) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-0616) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-0619) MS Rating: Important

Windows Security Bypass Vulnerability (CVE-2019-0627) MS Rating: Important

A security bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine.

Windows SMB Remote Code Execution Vulnerability (CVE-2019-0630) MS Rating: Important

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests.

Windows Security Bypass Vulnerability (CVE-2019-0631) MS Rating: Important

Windows Security Bypass Vulnerability (CVE-2019-0632) MS Rating: Important

Windows SMB Remote Code Execution Vulnerability (CVE-2019-0633) MS Rating: Important

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests.

Windows Information Disclosure Vulnerability (CVE-2019-0636) MS Rating: Important

An information vulnerability exists when Windows improperly discloses file information. Successful exploitation of the vulnerability could allow the attacker to read the contents of files on disk.

Windows Defender Firewall Security Bypass Vulnerability (CVE-2019-0637) MS Rating: Important

A security bypass vulnerability exists when Windows Defender Firewall incorrectly applies firewall profiles to cellular network connections. This vulnerability occurs when Windows is connected to both an Ethernet network and a cellular network.

Windows Storage Service Privilege Escalation Vulnerability (CVE-2019-0659) MS Rating: Important

A privilege escalation vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system.

Windows GDI Information Disclosure Vulnerability (CVE-2019-0660) MS Rating: Important

Windows GDI Information Disclosure Vulnerability (CVE-2019-0664) MS Rating: Important

Security Update for Jet Database Engine

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0595) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0596) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0597) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0598) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0599) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0625) MS Rating: Important

Security Update for Microsoft .NET

.NET Framework Remote Code Execution Vulnerability (CVE-2019-0613) MS Rating: Important

A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.

.NET Spoofing Vulnerability (CVE-2019-0657) MS Rating: Important

A vulnerability exists in certain .NET Framework APIs and Visual Studio in the way they parse URLs.

Security Update for Visual Studio

Visual Studio Code Remote Code Execution Vulnerability (CVE-2019-0728) MS Rating: Important

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Security Update for Team Foundation Server

Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0742) MS Rating: Important

A Cross-site Scripting (CSS) vulnerability exists when Team Foundation Server does not properly sanitize user-provided input.

Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-0743) MS Rating: Important

A Cross-site Scripting (CSS) vulnerability exists when Team Foundation Server does not properly sanitize user-provided input.

Security Update for Microsoft Windows Hyper-V

Windows Hyper-V Information Disclosure Vulnerability (CVE-2019-0635) MS Rating: Important

Security Update for Azure IoT Java SDK

Azure IoT Java SDK Privilege Escalation Vulnerability (CVE-2019-0729) MS Rating: Important

A privilege escalation vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key.

Azure IoT Java SDK Information Disclosure Vulnerability (CVE-2019-0741) MS Rating: Important

An information disclosure vulnerability exists in the way Azure IoT Java SDK logs sensitive information. An attacker can exploit this vulnerability if a user has exposed the logs on the internet and can use this information to compromise the device.

Microsoft Patch Tuesday – January 2019
This month the vendor has patched 49 vulnerabilities, 7 of which are rated Critical.
As always, customers are advised to follow these security best practices:

Microsoft's summary of the January 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

This month's update covers vulnerabilities in:

Internet Explorer
Microsoft Edge
ChakraCore
Microsoft Office
Microsoft Exchange
Microsoft Windows
Jet Database Engine
Microsoft ASP.NET
Visual Studio
Skype for Android

The following is a breakdown of the issues being addressed this month:

Cumulative Security Update for Microsoft Browsers

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0539) MS Rating: Critical

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. An attacker can exploit the vulnerability to corrupt memory and execute arbitrary code in the context of the current user.

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0567) MS Rating: Critical

Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0568) MS Rating: Critical

Microsoft Edge Memory Corruption Vulnerability (CVE-2019-0565) MS Rating: Critical

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. An attacker can exploit the vulnerability to corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user.

Microsoft Edge Privilege Escalation Vulnerability (CVE-2019-0566) MS Rating: Important

A privilege escalation vulnerability exists in the Microsoft Edge Browser Broker COM object. An attacker can exploit the vulnerability to use the Browser Broker COM object to elevate privileges on an affected system.

Internet Explorer Remote Code Execution Vulnerability (CVE-2019-0541) MS Rating: Important

A remote code execution vulnerability exists in the way that Internet Explorer (IE) improperly validates input. An attacker could execute arbitrary code in the context of the current user.

Cumulative Security Update for Microsoft Office

Microsoft XmlDocument Privilege Escalation Vulnerability (CVE-2019-0555) MS Rating: Important

A privilege escalation vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser. An attacker can exploit this vulnerability to gain elevated privileges and break out of the Edge AppContainer sandbox.

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-0556) MS Rating: Important

A cross-site scripting vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-0557) MS Rating: Important

Microsoft Office SharePoint XSS Vulnerability (CVE-2019-0558) MS Rating: Important

Microsoft Outlook Information Disclosure Vulnerability (CVE-2019-0559) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Outlook improperly handles certain types of messages. An attacker can exploit this vulnerability to gather information about the victim.

Microsoft Office Information Disclosure Vulnerability (CVE-2019-0560) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory. An attacker can exploit the vulnerability to use the information to compromise the user's computer or data.

Microsoft Word Information Disclosure Vulnerability (CVE-2019-0561) MS Rating: Important

An information disclosure vulnerability exists when Microsoft Word macro buttons are used improperly. An attacker can exploit this vulnerability to read arbitrary files from a targeted system.

Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2019-0562) MS Rating: Important

A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

Microsoft Word Remote Code Execution Vulnerability (CVE-2019-0585) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker can exploit the vulnerability to use a specially crafted file to perform actions in the security context of the current user.

Cumulative Security Update for Microsoft Exchange

Microsoft Exchange Memory Corruption Vulnerability (CVE-2019-0586) MS Rating: Important

A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory. An attacker can exploit the vulnerability to run arbitrary code in the context of the System user.

Microsoft Exchange Information Disclosure Vulnerability (CVE-2019-0588) MS Rating: Important

An information disclosure vulnerability exists when the Microsoft Exchange PowerShell API grants calendar contributors more view permissions than intended. To exploit this vulnerability, an attacker would need to be granted contributor access to an Exchange Calendar by an administrator via PowerShell.

Cumulative Security Update for Microsoft Windows Kernel

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0536) MS Rating: Important

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0549) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0554) MS Rating: Important

Windows Kernel Information Disclosure Vulnerability (CVE-2019-0569) MS Rating: Important

Cumulative Security Update for Microsoft Windows

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-0550) MS Rating: Critical

Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-0551) MS Rating: Critical

Windows DHCP Client Remote Code Execution Vulnerability (CVE-2019-0547) MS Rating: Critical

A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker can exploit the vulnerability to run arbitrary code on the client machine.

Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-0543) MS Rating: Important

A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker can exploit this vulnerability to run processes in an elevated context.

Windows COM Privilege Escalation Vulnerability (CVE-2019-0552) MS Rating: Important

A privilege escalation exists in Windows COM Desktop Broker. An attacker can exploit the vulnerability to run arbitrary code with elevated privileges.

Windows Subsystem for Linux Information Disclosure Vulnerability (CVE-2019-0553) MS Rating: Important

An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory. An attacker can exploit this vulnerability to obtain information to further compromise the user's system.

Windows Runtime Privilege Escalation Vulnerability (CVE-2019-0570) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Runtime improperly handles objects in memory. An attacker can exploit this vulnerability to run arbitrary code in an elevated context.

Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2019-0571) MS Rating: Important

A privilege escalation vulnerability exists when the Windows Data Sharing Service improperly handles file operations. An attacker can exploit this vulnerability to run processes in an elevated context.

Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2019-0572) MS Rating: Important

Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2019-0573) MS Rating: Important

Windows Data Sharing Service Privilege Escalation Vulnerability (CVE-2019-0574) MS Rating: Important

Security Update for Jet Database Engine

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0538) MS Rating: Important

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this vulnerability to execute arbitrary code on a victim system by enticing a victim to open a specially crafted file.

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0575) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0576) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0577) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0578) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0579) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0580) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0581) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0582) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0583) MS Rating: Important

Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0584) MS Rating: Important

Security Update for Microsoft ASP.NET

ASP.NET Information Disclosure Vulnerability (CVE-2019-0545) MS Rating: Important

An information disclosure vulnerability exists in ASP.NET and ASP.NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations. An attacker can exploit the vulnerability to retrieve content, which is normally restricted, from a web application.

ASP.NET Core Denial of Service Vulnerability (CVE-2019-0548) MS Rating: Important

A denial-of-service (DoS) vulnerability exists when ASP.NET Core improperly handles web requests. An attacker can exploit this vulnerability by issuing specially crafted requests to the .NET Core application to cause a denial of service against an ASP.NET Core web application.

ASP.NET Core Denial of Service Vulnerability (CVE-2019-0564) MS Rating: Important

Security Update for Visual Studio

Microsoft Visual Studio Information Disclosure Vulnerability (CVE-2019-0537) MS Rating: Important

An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file. An attacker can exploit this vulnerability by tricking a user into opening a malicious .vscontent file using a vulnerable version of Visual Studio to view arbitrary file contents from the computer where the victim launched Visual Studio.

Visual Studio Remote Code Execution Vulnerability (CVE-2019-0546) MS Rating: Moderate

A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project. An attacker can exploit the vulnerability to run arbitrary code in the context of the current user.

Security Update for Skype for Android

Skype for Android Elevation of Privilege Vulnerability (CVE-2019-0622) MS Rating: Moderate

A privilege escalation vulnerability exists when Skype for Android fails to properly handle specific authentication requests. An attacker with physical access to the phone can exploit this vulnerability to bypass Android's lockscreen and access a victim's personal information.