Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0077
Microsoft Windows Security Update
13 March 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Windows
Operating System: Windows 10
Windows 7
Windows 8.1
Windows Server 2008
Windows Server 2012
Windows Server 2016
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Administrator Compromise -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Console/Physical
Resolution: Patch/Upgrade
CVE Names: CVE-2019-0821 CVE-2019-0808 CVE-2019-0797
CVE-2019-0784 CVE-2019-0782 CVE-2019-0776
CVE-2019-0775 CVE-2019-0774 CVE-2019-0772
CVE-2019-0767 CVE-2019-0766 CVE-2019-0765
CVE-2019-0759 CVE-2019-0756 CVE-2019-0755
CVE-2019-0754 CVE-2019-0726 CVE-2019-0704
CVE-2019-0703 CVE-2019-0702 CVE-2019-0701
CVE-2019-0698 CVE-2019-0697 CVE-2019-0696
CVE-2019-0695 CVE-2019-0694 CVE-2019-0693
CVE-2019-0692 CVE-2019-0690 CVE-2019-0689
CVE-2019-0683 CVE-2019-0682 CVE-2019-0664
CVE-2019-0663 CVE-2019-0662 CVE-2019-0661
CVE-2019-0660 CVE-2019-0659 CVE-2019-0656
CVE-2019-0637 CVE-2019-0636 CVE-2019-0635
CVE-2019-0633 CVE-2019-0632 CVE-2019-0631
CVE-2019-0630 CVE-2019-0628 CVE-2019-0627
CVE-2019-0626 CVE-2019-0625 CVE-2019-0623
CVE-2019-0621 CVE-2019-0619 CVE-2019-0618
CVE-2019-0617 CVE-2019-0616 CVE-2019-0615
CVE-2019-0614 CVE-2019-0603 CVE-2019-0602
CVE-2019-0601 CVE-2019-0600 CVE-2019-0599
CVE-2019-0598 CVE-2019-0597 CVE-2019-0596
CVE-2019-0595
Member content until: Friday, April 12 2019
Reference: ASB-2019.0054
ASB-2019.0051
ASB-2019.0049
OVERVIEW
Microsoft has released its monthly security patch update for the month
of March 2019.
This update resolves 70 vulnerabilities across the following products:
[1]
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for 64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows 8.1 for 32-bit systems
Windows 8.1 for x64-based systems
Windows RT 8.1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2019
Windows Server 2019 (Server Core installation)
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
ADV190005 Defense in Depth None
ADV190006 None None
ADV190009 Defense in Depth None
CVE-2019-0595 Remote Code Execution Important
CVE-2019-0596 Remote Code Execution Important
CVE-2019-0597 Remote Code Execution Important
CVE-2019-0598 Remote Code Execution Important
CVE-2019-0599 Remote Code Execution Important
CVE-2019-0600 Information Disclosure Important
CVE-2019-0601 Information Disclosure Important
CVE-2019-0602 Information Disclosure Important
CVE-2019-0603 Remote Code Execution Critical
CVE-2019-0614 Information Disclosure Important
CVE-2019-0615 Information Disclosure Important
CVE-2019-0616 Information Disclosure Important
CVE-2019-0617 Remote Code Execution Important
CVE-2019-0618 Remote Code Execution Critical
CVE-2019-0619 Information Disclosure Important
CVE-2019-0621 Information Disclosure Important
CVE-2019-0623 Elevation of Privilege Important
CVE-2019-0625 Remote Code Execution Important
CVE-2019-0626 Remote Code Execution Critical
CVE-2019-0627 Security Feature Bypass Important
CVE-2019-0628 Information Disclosure Important
CVE-2019-0630 Remote Code Execution Important
CVE-2019-0631 Security Feature Bypass Important
CVE-2019-0632 Security Feature Bypass Important
CVE-2019-0633 Remote Code Execution Important
CVE-2019-0635 Information Disclosure Important
CVE-2019-0636 Information Disclosure Important
CVE-2019-0637 Security Feature Bypass Important
CVE-2019-0656 Elevation of Privilege Important
CVE-2019-0659 Elevation of Privilege Important
CVE-2019-0660 Information Disclosure Important
CVE-2019-0661 Information Disclosure Important
CVE-2019-0662 Remote Code Execution Critical
CVE-2019-0663 Information Disclosure Important
CVE-2019-0664 Information Disclosure Important
CVE-2019-0682 Elevation of Privilege Important
CVE-2019-0683 Elevation of Privilege Important
CVE-2019-0689 Elevation of Privilege Important
CVE-2019-0690 Denial of Service Important
CVE-2019-0692 Elevation of Privilege Important
CVE-2019-0693 Elevation of Privilege Important
CVE-2019-0694 Elevation of Privilege Important
CVE-2019-0695 Denial of Service Important
CVE-2019-0696 Elevation of Privilege Important
CVE-2019-0697 Remote Code Execution Critical
CVE-2019-0698 Remote Code Execution Critical
CVE-2019-0701 Denial of Service Important
CVE-2019-0702 Information Disclosure Important
CVE-2019-0703 Information Disclosure Important
CVE-2019-0704 Information Disclosure Important
CVE-2019-0726 Remote Code Execution Critical
CVE-2019-0754 Denial of Service Important
CVE-2019-0755 Information Disclosure Important
CVE-2019-0756 Remote Code Execution Critical
CVE-2019-0759 Information Disclosure Important
CVE-2019-0765 Remote Code Execution Important
CVE-2019-0766 Elevation of Privilege Important
CVE-2019-0767 Information Disclosure Important
CVE-2019-0772 Remote Code Execution Important
CVE-2019-0774 Information Disclosure Important
CVE-2019-0775 Information Disclosure Important
CVE-2019-0776 Information Disclosure Important
CVE-2019-0782 Information Disclosure Important
CVE-2019-0784 Remote Code Execution Critical
CVE-2019-0797 Elevation of Privilege Important
CVE-2019-0808 Elevation of Privilege Important
CVE-2019-0821 Information Disclosure Important
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Cataloge for the following Knowledge
Base articles. [1].
KB4486996, KB4486993, KB4487020, KB4487021, KB4489868
KB4487023, KB4487025, KB4487026, KB4487028, KB4487029
KB4487000, KB4487006, KB4487017, KB4489871, KB4486564
KB4486563, KB4489884, KB4489885, KB4489886, KB4489880
KB4489881, KB4489882, KB4489883, KB4487019, KB4489878
KB4474419, KB4489876, KB4487011, KB4489872, KB4487044
KB4489891, KB4489899, KB4487018
REFERENCES
[1] Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXIhWAWaOgq3Tt24GAQgV8RAAp6wkoOvQw5DGzV1Hqdp6NFvezjF2vf2K
XvDKBEBbBySR1cdQZJ4EQARZJEWEaqLtIQ0p2fTFOHuq7y+++IR1tQhe8aTVnT96
13pnOlyiH9qBG1kk3Y/KcP3pAbG6WFoQgCyzptb/FAR/321QwRL2xFhVkGC16S5O
DZu+pzzcSaTRYmZzmrpOmq6Nph8yKFn6NTnE1kNRZZXVN6dTmOOXLqLYj8pl3O4O
6eai9xOtPRp3VMk8I/WR09egQhTgXG2JdNKTNreFX9as5SPIgA6iaTvgBxFMb4Wu
mEHQIJhV4QAFSpvfTciuEab3oVXGVyEObu05d8CL6fnqmPk60D6JKq7dGFABDlnO
NuSTXyxgVoZSQbfs50EteR99IEpabzMIhHTBqAFSAEIt23gKOY2CYqqjrIABzeSX
BEjWEUwGSFLnJ8jOJPjOBA+2zZ+q5U4ADbWlUguW14xbKdUPXLc8Wona7B9iKhyx
YPaqbiup7EgyhXXbt8NWxIKVR2lwt7DRLdN/5OMdQov4XllLNEHLtpw9OulNClW7
jTVBoaQt3sA0TAlk5hhtsBkDsO9luwRjNdC+OBdyPNTKVeBJVTRri4CEcx2IUQ7L
9Jp6uBnHu337zXMdvffErteN5gVrDR61pqeV4T5Sl3fEmkswAf/ENLEKEFw48lHo
JBy2SpuaWaM=
=/Dhe
-----END PGP SIGNATURE-----