Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MSFT July 2019 Patch Tuesday

Published: 2019-07-09
Last Updated: 2019-07-09 18:45:11 UTC
by John Bambenek (Version: 1)
1 comment(s)

July 2019 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Denial of Service Vulnerability
CVE-2019-1083 No No Less Likely Less Likely Important    
.NET Framework Remote Code Execution Vulnerability
CVE-2019-1113 No No More Likely More Likely Critical    
ADFS Security Feature Bypass Vulnerability
CVE-2019-0975 No No Less Likely Less Likely Important 4.3 3.9
CVE-2019-1126 No No Less Likely Less Likely Important 5.3 4.8
ASP.NET Core Spoofing Vulnerability
CVE-2019-1075 No No Less Likely Less Likely Moderate    
Azure Automation Elevation of Privilege Vulnerability
CVE-2019-0962 Yes No Less Likely Less Likely Important    
Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability
CVE-2019-1072 No No Less Likely Less Likely Critical    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-1062 No No - - Critical 4.2 3.8
CVE-2019-1092 No No - - Critical 4.2 3.8
CVE-2019-1103 No No - - Critical 4.2 3.8
CVE-2019-1106 No No - - Critical 4.2 3.8
CVE-2019-1107 No No - - Critical 4.2 3.8
DirectWrite Information Disclosure Vulnerability
CVE-2019-1093 No No Less Likely Less Likely Important 5.5 5.0
CVE-2019-1097 No No Less Likely Less Likely Important 5.5 5.0
DirectWrite Remote Code Execution Vulnerability
CVE-2019-1117 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1118 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1119 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1120 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1121 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1122 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1123 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1124 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1127 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1128 No No Less Likely Less Likely Important 7.8 7.0
DirectX Elevation of Privilege Vulnerability
CVE-2019-0999 No No - - Important 7.8 7.0
Docker Elevation of Privilege Vulnerability
CVE-2018-15664 Yes No Less Likely Less Likely Important    
GDI+ Remote Code Execution Vulnerability
CVE-2019-1102 No No Less Likely Less Likely Critical 8.4 7.6
Internet Explorer Memory Corruption Vulnerability
CVE-2019-1063 No No More Likely More Likely Critical 6.4 5.8
Latest Servicing Stack Updates
ADV990001 No No - - Critical    
Microsoft Browser Memory Corruption Vulnerability
CVE-2019-1104 No No More Likely More Likely Critical 6.4 5.8
Microsoft Excel Information Disclosure Vulnerability
CVE-2019-1112 No No More Likely More Likely Important    
Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-1110 No No Less Likely Less Likely Important    
CVE-2019-1111 No No Less Likely Less Likely Important    
Microsoft Exchange Information Disclosure Vulnerability
CVE-2019-1084 No No Less Likely Less Likely Important    
Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2019-1136 No No Less Likely Less Likely Important    
Microsoft Exchange Server Spoofing Vulnerability
CVE-2019-1137 No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-1134 No No Less Likely Less Likely Important    
Microsoft Office Spoofing Vulnerability
CVE-2019-1109 No No Less Likely Less Likely Important    
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2019-1068 Yes No Less Likely Less Likely Important    
Microsoft Windows Elevation of Privilege Vulnerability
CVE-2019-1074 No No More Likely More Likely Important 5.3 5.3
CVE-2019-1082 No No - - Important 7.7 7.7
Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2019-0880 No Yes Detected More Likely Important 7.0 6.3
Microsoft unistore.dll Information Disclosure Vulnerability
CVE-2019-1091 No No Less Likely Less Likely Important 5.5 5.0
Outlook on the web Cross-Site Scripting Vulnerability
ADV190021 No No - - Important    
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2019-1108 No No More Likely More Likely Important 6.5 5.9
Remote Desktop Services Remote Code Execution Vulnerability
CVE-2019-0887 Yes No More Likely More Likely Important 8.0 7.2
Scripting Engine Memory Corruption Vulnerability
CVE-2019-1056 No No - - Critical 6.4 5.8
CVE-2019-1059 No No Less Likely Less Likely Critical 6.4 5.8
CVE-2019-1001 No No More Likely More Likely Critical 6.4 5.8
CVE-2019-1004 No No More Likely More Likely Critical 6.4 5.8
SymCrypt Denial of Service Vulnerability
CVE-2019-0865 Yes No Less Likely Less Likely Important 7.5 6.7
Team Foundation Server Cross-site Scripting Vulnerability
CVE-2019-1076 No No Less Likely Less Likely Important    
Visual Studio Elevation of Privilege Vulnerability
CVE-2019-1077 No No Less Likely Less Likely Important    
Visual Studio Information Disclosure Vulnerability
CVE-2019-1079 No No Less Likely Less Likely Important    
WCF/WIF SAML Token Authentication Bypass Vulnerability
CVE-2019-1006 No No Less Likely Less Likely Important    
Win32k Elevation of Privilege Vulnerability
CVE-2019-1132 No Yes - - Important 7.8 7.2
Win32k Information Disclosure Vulnerability
CVE-2019-1096 No No Less Likely Less Likely Important 5.5 5.0
Windows Audio Service Elevation of Privilege Vulnerability
CVE-2019-1086 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1087 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1088 No No Less Likely Less Likely Important 7.8 7.0
Windows DHCP Server Remote Code Execution Vulnerability
CVE-2019-0785 No No Less Likely Less Likely Critical 9.8 8.8
Windows DNS Server Denial of Service Vulnerability
CVE-2019-0811 No No Less Likely Less Likely Important 7.5 6.7
Windows Elevation of Privilege Vulnerability
CVE-2019-1129 Yes No More Likely More Likely Important 7.8 7.0
CVE-2019-1130 No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2019-1037 No No Less Likely Less Likely Important 7.0 6.3
Windows GDI Information Disclosure Vulnerability
CVE-2019-1094 No No Less Likely Less Likely Important 5.5 5.0
CVE-2019-1095 No No Less Likely Less Likely Important 5.5 5.0
CVE-2019-1098 No No - - Important 5.5 5.0
CVE-2019-1099 No No - - Important 5.5 5.0
CVE-2019-1100 No No - - Important 5.5 5.0
CVE-2019-1101 No No - - Important 5.5 5.0
CVE-2019-1116 No No - - Important 5.5 5.0
Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0966 No No Less Likely Less Likely Important 6.8 6.1
Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-1067 No No More Likely More Likely Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2019-1071 No No More Likely More Likely Important 5.5 5.0
CVE-2019-1073 No No More Likely More Likely Important 5.5 5.0
Windows RPCSS Elevation of Privilege Vulnerability
CVE-2019-1089 No No More Likely More Likely Important 7.8 7.0
Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2019-1085 No No Less Likely Less Likely Important 7.8 7.0
Windows dnsrlvr.dll Elevation of Privilege Vulnerability
CVE-2019-1090 No No Less Likely Less Likely Important 7.8 7.0

 

--
John Bambenek
bambenek \at\ gmail /dot/ com
ThreatSTOP

1 comment(s)
Diary Archives