Overview
Microsoft released August 2019 security patches on Tuesday that fix 95 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Active Directory, HTTP/2, Microsoft Bluetooth Driver, Microsoft Browsers, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Malware Protection Engine, Microsoft NTFS, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft XML, Microsoft XML Core Services, Online Services, Visual Studio, Windows – Linux, Windows DHCP Client, Windows DHCP Server, Windows Hyper-V, Windows Kernel, Windows RDP, Windows Scripting, Windows Shell, and Windows SymCrypt.
Details can be found in the following table.
| Product | CVE ID | CVE Title | Severity Level |
| Active Directory | ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing | |
| HTTP/2 | CVE-2019-9511 | HTTP/2 Server Denial-of-Service Vulnerability | Important |
| HTTP/2 | CVE-2019-9512 | HTTP/2 Server Denial-of-Service Vulnerability | Important |
| HTTP/2 | CVE-2019-9513 | HTTP/2 Server Denial-of-Service Vulnerability | Important |
| HTTP/2 | CVE-2019-9514 | HTTP/2 Server Denial-of-Service Vulnerability | Important |
| HTTP/2 | CVE-2019-9518 | HTTP/2 Server Denial-of-Service Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2019-9506 | Encryption Key Negotiation of Bluetooth Vulnerability | Important |
| Microsoft Browsers | CVE-2019-1192 | Microsoft Browsers Security Feature Bypass Vulnerability | Important |
| Microsoft Browsers | CVE-2019-1193 | Microsoft Browser Memory Corruption Vulnerability | Low |
| Microsoft Dynamics | CVE-2019-1229 | Dynamics On-Premise Privilege Escalation Vulnerability | Important |
| Microsoft Edge | CVE-2019-1030 | Microsoft Edge Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1078 | Microsoft Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1143 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1144 | Microsoft Graphics Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2019-1145 | Microsoft Graphics Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2019-1148 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1149 | Microsoft Graphics Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2019-1150 | Microsoft Graphics Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2019-1151 | Microsoft Graphics Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2019-1152 | Microsoft Graphics Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2019-1153 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1154 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1158 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1146 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1147 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1155 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1156 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1157 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft Malware Protection Engine | CVE-2019-1161 | Microsoft Defender Privilege Escalation Vulnerability | Important |
| Microsoft NTFS | CVE-2019-1170 | Windows NTFS Privilege Escalation Vulnerability | Important |
| Microsoft Office | CVE-2019-1199 | Microsoft Outlook Memory Corruption Vulnerability | Critical |
| Microsoft Office | CVE-2019-1200 | Microsoft Outlook Memory Corruption Vulnerability | Critical |
| Microsoft Office | CVE-2019-1201 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2019-1204 | Microsoft Outlook Memory Corruption Vulnerability | Important |
| Microsoft Office | CVE-2019-1205 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2019-1218 | Outlook iOS Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1202 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1203 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2019-1131 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1133 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1139 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1140 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1141 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1194 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1195 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1196 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1197 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Windows | CVE-2019-1172 | Windows Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2019-1173 | Windows Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2019-1174 | Windows Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2019-1175 | Windows Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2019-1178 | Windows Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2019-1179 | Windows Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2019-1180 | Windows Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2019-0716 | Windows Denial-of-Service Vulnerability | Important |
| Microsoft Windows | CVE-2019-1162 | Windows ALPC Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2019-1163 | Windows File Signature Security Feature Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2019-1168 | Microsoft Windows p2pimsvc Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2019-1176 | DirectX Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2019-1177 | Windows Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2019-1186 | Windows Privilege Escalation Vulnerability | Important |
| Microsoft Windows | CVE-2019-1188 | LNK Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2019-1198 | Microsoft Windows Privilege Escalation Vulnerability | Important |
| Microsoft XML | CVE-2019-1187 | XmlLite Runtime Denial-of-Service Vulnerability | Important |
| Microsoft XML Core Services | CVE-2019-1057 | MS XML Remote Code Execution Vulnerability | Important |
| Online Services | ADV190014 | Microsoft Live Accounts Privilege Escalation Vulnerability | Important |
| Visual Studio | CVE-2019-1211 | Git for Visual Studio Privilege Escalation Vulnerability | Important |
| Windows – Linux | CVE-2019-1185 | Windows Subsystem for Linux Privilege Escalation Vulnerability | Important |
| Windows DHCP Client | CVE-2019-0736 | Windows DHCP Client Remote Code Execution Vulnerability | Critical |
| Windows DHCP Server | CVE-2019-1206 | Windows DHCP Server Denial-of-Service Vulnerability | Important |
| Windows DHCP Server | CVE-2019-1212 | Windows DHCP Server Denial-of-Service Vulnerability | Important |
| Windows DHCP Server | CVE-2019-1213 | Windows DHCP Server Remote Code Execution Vulnerability | Critical |
| Windows Hyper-V | CVE-2019-0965 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Windows Hyper-V | CVE-2019-0714 | Windows Hyper-V Denial-of-Service Vulnerability | Important |
| Windows Hyper-V | CVE-2019-0715 | Windows Hyper-V Denial-of-Service Vulnerability | Important |
| Windows Hyper-V | CVE-2019-0717 | Windows Hyper-V Denial-of-Service Vulnerability | Important |
| Windows Hyper-V | CVE-2019-0718 | Windows Hyper-V Denial-of-Service Vulnerability | Important |
| Windows Hyper-V | CVE-2019-0720 | Hyper-V Remote Code Execution Vulnerability | Critical |
| Windows Hyper-V | CVE-2019-0723 | Windows Hyper-V Denial-of-Service Vulnerability | Important |
| Windows Kernel | CVE-2019-1159 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2019-1164 | Windows Kernel Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2019-1169 | Win32k Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2019-1190 | Windows Image Privilege Escalation Vulnerability | Important |
| Windows Kernel | CVE-2019-1227 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2019-1228 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows RDP | CVE-2019-1181 | Microsoft Windows Remote Code Execution Vulnerability | Critical |
| Windows RDP | CVE-2019-1182 | Microsoft Windows Remote Code Execution Vulnerability | Critical |
| Windows RDP | CVE-2019-1222 | Microsoft Windows Remote Code Execution Vulnerability | Critical |
| Windows RDP | CVE-2019-1223 | Windows Remote Desktop Protocol (RDP) Denial-of-Service Vulnerability | Important |
| Windows RDP | CVE-2019-1224 | Remote Desktop Protocol Server Information Disclosure Vulnerability | Important |
| Windows RDP | CVE-2019-1225 | Remote Desktop Protocol Server Information Disclosure Vulnerability | Important |
| Windows RDP | CVE-2019-1226 | Microsoft Windows Remote Code Execution Vulnerability | Critical |
| Windows Scripting | CVE-2019-1183 | Windows VBScript Engine Remote Code Execution Vulnerability | Critical |
| Windows Shell | CVE-2019-1184 | Windows Privilege Escalation Vulnerability | Important |
| Windows SymCrypt | CVE-2019-1171 | SymCrypt Information Disclosure Vulnerability | Important |
Recommended Mitigation Measures
Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.
Statement
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.
About NSFOCUS
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.
NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).
A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.
Download: ‘s Security Patches for August Fix 95 Security Vulnerabilities Threat Alert
