Posted on Leave a comment

MSFT July 2019 Patch Tuesday, (Tue, Jul 9th)

July 2019 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Denial of Service Vulnerability
%%cve:2019-1083%% No No Less Likely Less Likely Important    
.NET Framework Remote Code Execution Vulnerability
%%cve:2019-1113%% No No More Likely More Likely Critical    
ADFS Security Feature Bypass Vulnerability
%%cve:2019-0975%% No No Less Likely Less Likely Important 4.3 3.9
%%cve:2019-1126%% No No Less Likely Less Likely Important 5.3 4.8
ASP.NET Core Spoofing Vulnerability
%%cve:2019-1075%% No No Less Likely Less Likely Moderate    
Azure Automation Elevation of Privilege Vulnerability
%%cve:2019-0962%% Yes No Less Likely Less Likely Important    
Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability
%%cve:2019-1072%% No No Less Likely Less Likely Critical    
Chakra Scripting Engine Memory Corruption Vulnerability
%%cve:2019-1062%% No No Critical 4.2 3.8
%%cve:2019-1092%% No No Critical 4.2 3.8
%%cve:2019-1103%% No No Critical 4.2 3.8
%%cve:2019-1106%% No No Critical 4.2 3.8
%%cve:2019-1107%% No No Critical 4.2 3.8
DirectWrite Information Disclosure Vulnerability
%%cve:2019-1093%% No No Less Likely Less Likely Important 5.5 5.0
%%cve:2019-1097%% No No Less Likely Less Likely Important 5.5 5.0
DirectWrite Remote Code Execution Vulnerability
%%cve:2019-1117%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-1118%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-1119%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-1120%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-1121%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-1122%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-1123%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-1124%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-1127%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-1128%% No No Less Likely Less Likely Important 7.8 7.0
DirectX Elevation of Privilege Vulnerability
%%cve:2019-0999%% No No Important 7.8 7.0
Docker Elevation of Privilege Vulnerability
%%cve:2018-15664%% Yes No Less Likely Less Likely Important    
GDI+ Remote Code Execution Vulnerability
%%cve:2019-1102%% No No Less Likely Less Likely Critical 8.4 7.6
Internet Explorer Memory Corruption Vulnerability
%%cve:2019-1063%% No No More Likely More Likely Critical 6.4 5.8
Latest Servicing Stack Updates
ADV990001 No No Critical    
Microsoft Browser Memory Corruption Vulnerability
%%cve:2019-1104%% No No More Likely More Likely Critical 6.4 5.8
Microsoft Excel Information Disclosure Vulnerability
%%cve:2019-1112%% No No More Likely More Likely Important    
Microsoft Excel Remote Code Execution Vulnerability
%%cve:2019-1110%% No No Less Likely Less Likely Important    
%%cve:2019-1111%% No No Less Likely Less Likely Important    
Microsoft Exchange Information Disclosure Vulnerability
%%cve:2019-1084%% No No Less Likely Less Likely Important    
Microsoft Exchange Server Elevation of Privilege Vulnerability
%%cve:2019-1136%% No No Less Likely Less Likely Important    
Microsoft Exchange Server Spoofing Vulnerability
%%cve:2019-1137%% No No Less Likely Less Likely Important    
Microsoft Office SharePoint XSS Vulnerability
%%cve:2019-1134%% No No Less Likely Less Likely Important    
Microsoft Office Spoofing Vulnerability
%%cve:2019-1109%% No No Less Likely Less Likely Important    
Microsoft SQL Server Remote Code Execution Vulnerability
%%cve:2019-1068%% Yes No Less Likely Less Likely Important    
Microsoft Windows Elevation of Privilege Vulnerability
%%cve:2019-1074%% No No More Likely More Likely Important 5.3 5.3
%%cve:2019-1082%% No No Important 7.7 7.7
Microsoft splwow64 Elevation of Privilege Vulnerability
%%cve:2019-0880%% No Yes Detected More Likely Important 7.0 6.3
Microsoft unistore.dll Information Disclosure Vulnerability
%%cve:2019-1091%% No No Less Likely Less Likely Important 5.5 5.0
Outlook on the web Cross-Site Scripting Vulnerability
ADV190021 No No Important    
Remote Desktop Protocol Client Information Disclosure Vulnerability
%%cve:2019-1108%% No No More Likely More Likely Important 6.5 5.9
Remote Desktop Services Remote Code Execution Vulnerability
%%cve:2019-0887%% Yes No More Likely More Likely Important 8.0 7.2
Scripting Engine Memory Corruption Vulnerability
%%cve:2019-1056%% No No Critical 6.4 5.8
%%cve:2019-1059%% No No Less Likely Less Likely Critical 6.4 5.8
%%cve:2019-1001%% No No More Likely More Likely Critical 6.4 5.8
%%cve:2019-1004%% No No More Likely More Likely Critical 6.4 5.8
SymCrypt Denial of Service Vulnerability
%%cve:2019-0865%% Yes No Less Likely Less Likely Important 7.5 6.7
Team Foundation Server Cross-site Scripting Vulnerability
%%cve:2019-1076%% No No Less Likely Less Likely Important    
Visual Studio Elevation of Privilege Vulnerability
%%cve:2019-1077%% No No Less Likely Less Likely Important    
Visual Studio Information Disclosure Vulnerability
%%cve:2019-1079%% No No Less Likely Less Likely Important    
WCF/WIF SAML Token Authentication Bypass Vulnerability
%%cve:2019-1006%% No No Less Likely Less Likely Important    
Win32k Elevation of Privilege Vulnerability
%%cve:2019-1132%% No Yes Important 7.8 7.2
Win32k Information Disclosure Vulnerability
%%cve:2019-1096%% No No Less Likely Less Likely Important 5.5 5.0
Windows Audio Service Elevation of Privilege Vulnerability
%%cve:2019-1086%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-1087%% No No Less Likely Less Likely Important 7.8 7.0
%%cve:2019-1088%% No No Less Likely Less Likely Important 7.8 7.0
Windows DHCP Server Remote Code Execution Vulnerability
%%cve:2019-0785%% No No Less Likely Less Likely Critical 9.8 8.8
Windows DNS Server Denial of Service Vulnerability
%%cve:2019-0811%% No No Less Likely Less Likely Important 7.5 6.7
Windows Elevation of Privilege Vulnerability
%%cve:2019-1129%% Yes No More Likely More Likely Important 7.8 7.0
%%cve:2019-1130%% No No Less Likely Less Likely Important 7.8 7.0
Windows Error Reporting Elevation of Privilege Vulnerability
%%cve:2019-1037%% No No Less Likely Less Likely Important 7.0 6.3
Windows GDI Information Disclosure Vulnerability
%%cve:2019-1094%% No No Less Likely Less Likely Important 5.5 5.0
%%cve:2019-1095%% No No Less Likely Less Likely Important 5.5 5.0
%%cve:2019-1098%% No No Important 5.5 5.0
%%cve:2019-1099%% No No Important 5.5 5.0
%%cve:2019-1100%% No No Important 5.5 5.0
%%cve:2019-1101%% No No Important 5.5 5.0
%%cve:2019-1116%% No No Important 5.5 5.0
Windows Hyper-V Denial of Service Vulnerability
%%cve:2019-0966%% No No Less Likely Less Likely Important 6.8 6.1
Windows Kernel Elevation of Privilege Vulnerability
%%cve:2019-1067%% No No More Likely More Likely Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
%%cve:2019-1071%% No No More Likely More Likely Important 5.5 5.0
%%cve:2019-1073%% No No More Likely More Likely Important 5.5 5.0
Windows RPCSS Elevation of Privilege Vulnerability
%%cve:2019-1089%% No No More Likely More Likely Important 7.8 7.0
Windows WLAN Service Elevation of Privilege Vulnerability
%%cve:2019-1085%% No No Less Likely Less Likely Important 7.8 7.0
Windows dnsrlvr.dll Elevation of Privilege Vulnerability
%%cve:2019-1090%% No No Less Likely Less Likely Important 7.8 7.0

 


John Bambenek
bambenek at gmail /dot/ com
ThreatSTOP

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

What are your thoughts?