Microsoft Released September Patches to Fix 81 Security Vulnerabilities Threat Alert

Microsoft Released September Patches to Fix 81 Security Vulnerabilities Threat Alert

setembro 27, 2019 | Adeline Zhang

Overview  

Microsoft released the Spetember 2019 security patch on Tuesday that fixes 81 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, .NET Framework, Active Directory, Adobe Flash Player, ASP.NET, Common Log File System Driver, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Yammer, Project Rome, Servicing Stack Updates, Skype for Business and Microsoft Lync, Team Foundation Server, Visual Studio, Windows Hyper-V, Windows Kernel, and Windows RDP.

Details can be found in the following table.

Product CVE ID CVE Title Severity Level
.NET Core CVE-2019-1301 .NET Core Denial-of-Service Vulnerability Important
.NET Framework CVE-2019-1142 .NET Framework Privilege Escalation Vulnerability Important
Active Directory CVE-2019-1273 Active Directory Federation Services XSS Vulnerability Important
Adobe Flash Player ADV190022 September 2019 Adobe Flash Security Update Critical
ASP.NET CVE-2019-1302 ASP.NET Core Elevation Of Privilege Vulnerability Important
Common Log File System Driver CVE-2019-1214 Windows Common Log File System Driver Privilege Escalation Vulnerability Important
Common Log File System Driver CVE-2019-1282 Windows Common Log File System Driver Information Disclosure Vulnerability Important
Microsoft Browsers CVE-2019-1220 Microsoft Browser Security Feature Bypass Vulnerability Important
Microsoft Edge CVE-2019-1299 Microsoft Edge based on Edge HTML Information Disclosure Vulnerability Important
Microsoft Exchange Server CVE-2019-1233 Microsoft Exchange Denial-of-Service Vulnerability Important
Microsoft Exchange Server CVE-2019-1266 Microsoft Exchange Spoofing Vulnerability Important
Microsoft Graphics Component CVE-2019-1216 DirectX Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1244 DirectWrite Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1245 DirectWrite Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1251 DirectWrite Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1252 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1283 Microsoft Graphics Components Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1284 DirectX Privilege Escalation Vulnerability Important
Microsoft Graphics Component CVE-2019-1286 Windows GDI Information Disclosure Vulnerability Important
Microsoft JET Database Engine CVE-2019-1240 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1241 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1242 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1243 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1246 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1247 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1248 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1249 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1250 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-1297 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-1263 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office CVE-2019-1264 Microsoft Office Security Feature Bypass Vulnerability Important
Microsoft Office SharePoint CVE-2019-1257 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2019-1259 Microsoft SharePoint Spoofing Vulnerability Moderate
Microsoft Office SharePoint CVE-2019-1260 Microsoft SharePoint Privilege Escalation Vulnerability Important
Microsoft Office SharePoint CVE-2019-1261 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2019-1262 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-1295 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2019-1296 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1138 Chakra Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-1208 VBScript Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1217 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1221 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1236 VBScript Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1237 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1298 Chakra Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-1300 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2019-1215 Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1219 Windows Transaction Manager Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-1267 Microsoft Compatibility Appraiser Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1268 Winlogon Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1269 Windows ALPC Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1270 Microsoft Windows Store Installer Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1271 Windows Media Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1272 Windows ALPC Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1235 Windows Text Service Framework Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1253 Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1277 Windows Audio Service Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1278 Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1280 LNK Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2019-1287 Windows Network Connectivity Assistant Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1289 Windows Update Delivery Optimization Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1292 Windows Denial-of-Service Vulnerability Important
Microsoft Windows CVE-2019-1294 Windows Secure Boot Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-1303 Windows Privilege Escalation Vulnerability Important
Microsoft Yammer CVE-2019-1265 Microsoft Yammer Security Feature Bypass Vulnerability Important
Project Rome CVE-2019-1231 Rome SDK Information Disclosure Vlunerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Skype for Business and Microsoft Lync CVE-2019-1209 Lync 2013 Information Disclosure Vlunerability Important
Team Foundation Server CVE-2019-1305 Team Foundation Server Cross-site Scripting Vulnerability Important
Team Foundation Server CVE-2019-1306 Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability Critical
Visual Studio CVE-2019-1232 Diagnostics Hub Standard Collector Service Privilege Escalation Vulnerability Important
Windows Hyper-V CVE-2019-0928 Windows Hyper-V Denial-of-Service Vulnerability Important
Windows Hyper-V CVE-2019-1254 Windows Hyper-V Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1274 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1256 Win32k Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-1285 Win32k Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-1293 Windows SMB Client Driver Information Disclosure Vulnerability Important
Windows RDP CVE-2019-0787 Remote Desktop Client Remote Code Execution Vulnerability Critical
Windows RDP CVE-2019-0788 Remote Desktop Client Remote Code Execution Vulnerability Critical
Windows RDP CVE-2019-1290 Remote Desktop Client Remote Code Execution Vulnerability Critical
Windows RDP CVE-2019-1291 Remote Desktop Client Remote Code Execution Vulnerability Critical


Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.

Download: Microsoft Released September Patches to Fix 81 Security Vulnerabilities Threat Alert