Microsoft’s Security Patches for August Fix 95 Security Vulnerabilities Threat Alert

Microsoft’s Security Patches for August Fix 95 Security Vulnerabilities Threat Alert

August 20, 2019 | Adeline Zhang

Overview 

Microsoft released August 2019 security patches on Tuesday that fix 95 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Active Directory, HTTP/2, Microsoft Bluetooth Driver, Microsoft Browsers, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Malware Protection Engine, Microsoft NTFS, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft XML, Microsoft XML Core Services, Online Services, Visual Studio, Windows – Linux, Windows DHCP Client, Windows DHCP Server, Windows Hyper-V, Windows Kernel, Windows RDP, Windows Scripting, Windows Shell, and Windows SymCrypt.

Details can be found in the following table.

Product CVE ID CVE Title Severity Level
Active Directory ADV190023 Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
HTTP/2 CVE-2019-9511 HTTP/2 Server Denial-of-Service Vulnerability Important
HTTP/2 CVE-2019-9512 HTTP/2 Server Denial-of-Service Vulnerability Important
HTTP/2 CVE-2019-9513 HTTP/2 Server Denial-of-Service Vulnerability Important
HTTP/2 CVE-2019-9514 HTTP/2 Server Denial-of-Service Vulnerability Important
HTTP/2 CVE-2019-9518 HTTP/2 Server Denial-of-Service Vulnerability Important
Microsoft Bluetooth Driver CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerability Important
Microsoft Browsers CVE-2019-1192 Microsoft Browsers Security Feature Bypass Vulnerability Important
Microsoft Browsers CVE-2019-1193 Microsoft Browser Memory Corruption Vulnerability Low
Microsoft Dynamics CVE-2019-1229 Dynamics On-Premise Privilege Escalation Vulnerability Important
Microsoft Edge CVE-2019-1030 Microsoft Edge Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1078 Microsoft Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1143 Windows Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1144 Microsoft Graphics Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2019-1145 Microsoft Graphics Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2019-1148 Windows Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1149 Microsoft Graphics Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2019-1150 Microsoft Graphics Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2019-1151 Microsoft Graphics Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2019-1152 Microsoft Graphics Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2019-1153 Windows Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1154 Windows Graphics Component Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1158 Windows Graphics Component Information Disclosure Vulnerability Important
Microsoft JET Database Engine CVE-2019-1146 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1147 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1155 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1156 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1157 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Malware Protection Engine CVE-2019-1161 Microsoft Defender Privilege Escalation Vulnerability Important
Microsoft NTFS CVE-2019-1170 Windows NTFS Privilege Escalation Vulnerability Important
Microsoft Office CVE-2019-1199 Microsoft Outlook Memory Corruption Vulnerability Critical
Microsoft Office CVE-2019-1200 Microsoft Outlook Memory Corruption Vulnerability Critical
Microsoft Office CVE-2019-1201 Microsoft Word Remote Code Execution Vulnerability Critical
Microsoft Office CVE-2019-1204 Microsoft Outlook Memory Corruption Vulnerability Important
Microsoft Office CVE-2019-1205 Microsoft Word Remote Code Execution Vulnerability Critical
Microsoft Office CVE-2019-1218 Outlook iOS Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2019-1202 Microsoft SharePoint Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2019-1203 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Scripting Engine CVE-2019-1131 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1133 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1139 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1140 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1141 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1194 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1195 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1196 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1197 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2019-1172 Windows Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-1173 Windows Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-1174 Windows Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-1175 Windows Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-1178 Windows Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-1179 Windows Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-1180 Windows Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-0716 Windows Denial-of-Service Vulnerability Important
Microsoft Windows CVE-2019-1162 Windows ALPC Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1163 Windows File Signature Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-1168 Microsoft Windows p2pimsvc Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1176 DirectX Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1177 Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1186 Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1188 LNK Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2019-1198 Microsoft Windows Privilege Escalation Vulnerability Important
Microsoft XML CVE-2019-1187 XmlLite Runtime Denial-of-Service Vulnerability Important
Microsoft XML Core Services CVE-2019-1057 MS XML Remote Code Execution Vulnerability Important
Online Services ADV190014 Microsoft Live Accounts Privilege Escalation Vulnerability Important
Visual Studio CVE-2019-1211 Git for Visual Studio Privilege Escalation Vulnerability Important
Windows – Linux CVE-2019-1185 Windows Subsystem for Linux Privilege Escalation Vulnerability Important
Windows DHCP Client CVE-2019-0736 Windows DHCP Client Remote Code Execution Vulnerability Critical
Windows DHCP Server CVE-2019-1206 Windows DHCP Server Denial-of-Service Vulnerability Important
Windows DHCP Server CVE-2019-1212 Windows DHCP Server Denial-of-Service Vulnerability Important
Windows DHCP Server CVE-2019-1213 Windows DHCP Server Remote Code Execution Vulnerability Critical
Windows Hyper-V CVE-2019-0965 Windows Hyper-V Remote Code Execution Vulnerability Critical
Windows Hyper-V CVE-2019-0714 Windows Hyper-V Denial-of-Service Vulnerability Important
Windows Hyper-V CVE-2019-0715 Windows Hyper-V Denial-of-Service Vulnerability Important
Windows Hyper-V CVE-2019-0717 Windows Hyper-V Denial-of-Service Vulnerability Important
Windows Hyper-V CVE-2019-0718 Windows Hyper-V Denial-of-Service Vulnerability Important
Windows Hyper-V CVE-2019-0720 Hyper-V Remote Code Execution Vulnerability Critical
Windows Hyper-V CVE-2019-0723 Windows Hyper-V Denial-of-Service Vulnerability Important
Windows Kernel CVE-2019-1159 Windows Kernel Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-1164 Windows Kernel Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-1169 Win32k Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-1190 Windows Image Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-1227 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1228 Windows Kernel Information Disclosure Vulnerability Important
Windows RDP CVE-2019-1181 Microsoft Windows Remote Code Execution Vulnerability Critical
Windows RDP CVE-2019-1182 Microsoft Windows Remote Code Execution Vulnerability Critical
Windows RDP CVE-2019-1222 Microsoft Windows Remote Code Execution Vulnerability Critical
Windows RDP CVE-2019-1223 Windows Remote Desktop Protocol (RDP) Denial-of-Service Vulnerability Important
Windows RDP CVE-2019-1224 Remote Desktop Protocol Server Information Disclosure Vulnerability Important
Windows RDP CVE-2019-1225 Remote Desktop Protocol Server Information Disclosure Vulnerability Important
Windows RDP CVE-2019-1226 Microsoft Windows Remote Code Execution Vulnerability Critical
Windows Scripting CVE-2019-1183 Windows VBScript Engine Remote Code Execution Vulnerability Critical
Windows Shell CVE-2019-1184 Windows Privilege Escalation Vulnerability Important
Windows SymCrypt CVE-2019-1171 SymCrypt Information Disclosure Vulnerability Important

 

Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.

Download: ‘s Security Patches for August Fix 95 Security Vulnerabilities Threat Alert