Microsoft’s Security Patches for July 2019 Fix 79 Security Vulnerabilities

Microsoft’s Security Patches for July 2019 Fix 79 Security Vulnerabilities

julho 16, 2019 | Mina Hao

Overview

Microsoft released July 2019 security updates on Tuesday which fix 79 vulnerabilities ranging from simple spoofing attacks to remote code execution. Such security updates cover the following products: .NET Framework, ASP.NET, Azure, Azure DevOps, Internet Explorer, Microsoft Browsers, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Windows DNS, Open Source Software, Servicing Stack Updates, SQL Server, Visual Studio, Windows Kernel, Windows Media, Windows RDP, and Windows Shell.

Details can be found in the following table.

Product CVE ID CVE Title Severity Level
.NET Framework CVE-2019-1113 .NET Framework Remote Code Execution Vulnerability Critical
.NET Framework CVE-2019-1006 WCF/WIF SAML Token Authentication Bypass Vulnerability Important
.NET Framework CVE-2019-1083 .NET Framework Denial-of-Service Vulnerability Important
ASP.NET CVE-2019-1075 ASP.NET Core Spoofing Vulnerability Moderate
Azure CVE-2019-0962 Azure Automation Privilege Escalation Vulnerability Important
Azure DevOps CVE-2019-1072 Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability Critical
Azure DevOps CVE-2019-1076 Team Foundation Server Cross-Site Scripting Vulnerability Important
Internet Explorer CVE-2019-1063 Internet Explorer Memory Corruption Vulnerability Critical
Microsoft Browsers CVE-2019-1104 Microsoft Browser Memory Corruption Vulnerability Critical
Microsoft Exchange Server CVE-2019-1136 Microsoft Exchange Server Privilege Escalation Vulnerability Important
Microsoft Exchange Server CVE-2019-1137 Microsoft Exchange Server Spoofing Vulnerability Important
Microsoft Exchange Server ADV190021 Outlook on the Web Cross-Site Scripting Vulnerability Important
Microsoft Graphics Component CVE-2019-1093 DirectWrite Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1094 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1095 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1096 Win32k Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1097 DirectWrite Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1098 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1100 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1101 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1102 Windows GDI+ Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2019-1116 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1117 DirectWrite Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2019-1118 DirectWrite Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2019-1119 DirectWrite Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2019-1120 DirectWrite Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2019-1121 DirectWrite Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2019-1122 DirectWrite Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2019-1123 DirectWrite Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2019-1124 DirectWrite Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2019-1127 DirectWrite Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2019-1128 DirectWrite Remote Code Execution Vulnerability Important
Microsoft Graphics Component CVE-2019-0999 DirectX Privilege Escalation Vulnerability Important
Microsoft Office CVE-2019-1109 Microsoft Office Spoofing Vulnerability Important
Microsoft Office CVE-2019-1110 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-1111 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-1112 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office CVE-2019-1084 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2019-1134 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Scripting Engine CVE-2019-1056 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1059 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1062 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1092 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1103 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1106 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1107 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1001 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1004 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2019-0865 SymCrypt Denial-of-Service Vulnerability Important
Microsoft Windows CVE-2019-0887 Microsoft Windows Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2019-0966 Windows Hyper-V Denial-of-Service Vulnerability Important
Microsoft Windows CVE-2019-0975 ADFS Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-1126 ADFS Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-0785 Windows DHCP Server Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2019-0880 Microsoft splwow64 Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1037 Windows Error Reporting Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1067 Windows Kernel Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1074 Microsoft Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1082 Microsoft Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1091 Microsoft unistore.dll Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-1129 Microsoft Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1130 Microsoft Windows Privilege Escalation Vulnerability Important
Microsoft Windows DNS CVE-2019-0811 Windows DNS Server Denial-of-Service Vulnerability Important
Microsoft Windows DNS CVE-2019-1090 Windows dnsrlvr.dll Privilege Escalation Vulnerability Important
Open Source Software CVE-2018-15664 Docker Privilege Escalation Vulnerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
SQL Server CVE-2019-1068 Microsoft SQL Server Remote Code Execution Vulnerability Important
Visual Studio CVE-2019-1077 Visual Studio Privilege Escalation Vulnerability Important
Visual Studio CVE-2019-1079 Visual Studio Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-1071 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1073 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1089 Windows RPCSS Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-1132 Win32k Privilege Escalation Vulnerability Important
Windows Media CVE-2019-1085 Windows WLAN Service Privilege Escalation Vulnerability Important
Windows Media CVE-2019-1086 Windows Audio Service Privilege Escalation Vulnerability Important
Windows Media CVE-2019-1087 Windows Audio Service Privilege Escalation Vulnerability Important
Windows Media CVE-2019-1088 Windows Audio Service Privilege Escalation Vulnerability Important
Windows RDP CVE-2019-1108 Remote Desktop Protocol Client Information Disclosure Vulnerability Important
Windows Shell CVE-2019-1099 Windows GDI Information Disclosure Vulnerability Important

 

Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

https://www.nsfocusglobal.com.

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

Download: ‘s Security Patches for July 2019 Fix 79 Security Vulnerabilities