Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0257 Multiple vulnerabilities have been identified in Microsoft Windows 11 September 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Administrator Compromise -- Existing Account Increased Privileges -- Existing Account Access Privileged Data -- Existing Account Overwrite Arbitrary Files -- Existing Account Cross-site Scripting -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-1303 CVE-2019-1294 CVE-2019-1293 CVE-2019-1292 CVE-2019-1291 CVE-2019-1290 CVE-2019-1289 CVE-2019-1287 CVE-2019-1286 CVE-2019-1285 CVE-2019-1284 CVE-2019-1283 CVE-2019-1282 CVE-2019-1280 CVE-2019-1278 CVE-2019-1277 CVE-2019-1274 CVE-2019-1273 CVE-2019-1272 CVE-2019-1271 CVE-2019-1270 CVE-2019-1269 CVE-2019-1268 CVE-2019-1267 CVE-2019-1256 CVE-2019-1254 CVE-2019-1253 CVE-2019-1252 CVE-2019-1251 CVE-2019-1250 CVE-2019-1249 CVE-2019-1248 CVE-2019-1247 CVE-2019-1246 CVE-2019-1245 CVE-2019-1244 CVE-2019-1243 CVE-2019-1242 CVE-2019-1241 CVE-2019-1240 CVE-2019-1235 CVE-2019-1232 CVE-2019-1219 CVE-2019-1216 CVE-2019-1215 CVE-2019-1214 CVE-2019-0928 CVE-2019-0788 CVE-2019-0787 Member content until: Friday, October 11 2019 OVERVIEW Microsoft has released its monthly security patch update for the month of September 2019. [1] This update resolves 49 vulnerabilities across the following products: Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for 64-based Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2019-0787 Remote Code Execution Critical CVE-2019-0788 Remote Code Execution Critical CVE-2019-0928 Denial of Service Important CVE-2019-1214 Elevation of Privilege Important CVE-2019-1215 Elevation of Privilege Important CVE-2019-1216 Information Disclosure Important CVE-2019-1219 Information Disclosure Important CVE-2019-1232 Elevation of Privilege Important CVE-2019-1235 Elevation of Privilege Important CVE-2019-1240 Remote Code Execution Important CVE-2019-1241 Remote Code Execution Important CVE-2019-1242 Remote Code Execution Important CVE-2019-1243 Remote Code Execution Important CVE-2019-1244 Information Disclosure Important CVE-2019-1245 Information Disclosure Important CVE-2019-1246 Remote Code Execution Important CVE-2019-1247 Remote Code Execution Important CVE-2019-1248 Remote Code Execution Important CVE-2019-1249 Remote Code Execution Important CVE-2019-1250 Remote Code Execution Important CVE-2019-1251 Information Disclosure Important CVE-2019-1252 Information Disclosure Important CVE-2019-1253 Elevation of Privilege Important CVE-2019-1254 Information Disclosure Important CVE-2019-1256 Elevation of Privilege Important CVE-2019-1267 Elevation of Privilege Important CVE-2019-1268 Elevation of Privilege Important CVE-2019-1269 Elevation of Privilege Important CVE-2019-1270 Elevation of Privilege Important CVE-2019-1271 Elevation of Privilege Important CVE-2019-1272 Elevation of Privilege Important CVE-2019-1273 Spoofing Important CVE-2019-1274 Information Disclosure Important CVE-2019-1277 Elevation of Privilege Important CVE-2019-1278 Elevation of Privilege Important CVE-2019-1280 Remote Code Execution Critical CVE-2019-1282 Information Disclosure Important CVE-2019-1283 Information Disclosure Important CVE-2019-1284 Elevation of Privilege Important CVE-2019-1285 Elevation of Privilege Important CVE-2019-1286 Information Disclosure Important CVE-2019-1287 Elevation of Privilege Important CVE-2019-1289 Elevation of Privilege Important CVE-2019-1290 Remote Code Execution Critical CVE-2019-1291 Remote Code Execution Critical CVE-2019-1292 Denial of Service Important CVE-2019-1293 Information Disclosure Important CVE-2019-1294 Security Feature Bypass Important CVE-2019-1303 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1] KB4516068, KB4516066, KB4516044, KB4516026, KB4516058 KB4516051, KB4512578, KB4516033, KB4516064, KB4516065 KB4515384, KB4516067, KB4516062, KB4516070, KB4516055 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXXhCBWaOgq3Tt24GAQieSw//VVtBzjm/jxV6fXoT1dQsf/bxTvUro8KE 7UedUuNHX202cRCYkAqew8gkP63Qt1c1yqz0u4MDpAOQnJKryL/xkB9nWIAQiidU ef6r5HpwdRJmW4Kv0vvR9txdlQ9qVxQ05ClWlnmcJPfX3CoeUOQ1JufNjin4FZ6T l/IpPTSGz4gd4JUC0sYJ8dGPsCs5lAtmiFFLuCK1/uA9nvigtu7Ifcqj/P1lBs5c XnEu3Y2de75DHPYESL1NvVbK7MGHo5NAm14HnLtjVBVa4FIcTPV5MoVNzIF59hah nZK2BsDciIr0S5VUPEVSEKb4EkKvvbQwqEUVr6wL1x1XsQDD6YBXck4hzFcrlogw vvEtIUNifJfMLLwzUvHmhLzITrRk/I3JmdQenACNx1K6WdXUMzvUPXqRh4/ZGyUc p7aIaUS/ioGoxJnF6ygOt64gjAU00tnXQ+ZfPf/SxFFlYTrMuYSxQ9tY55CI0iam 66icBW+prCKlsOhgr6U9ZosdyNUNzUU73WLNrzlo5JtOxkzU4QvxlUZCQ3wtByk3 Xh0q4rP9cY0wIsnBnZlS5vpTX0hR2rilU+wqebygVGUt1lf1lNKiCUBwz32QqHx/ 4E7OHmLkCMymIXFXOW0XqbcRi/xk3rA8QxX64c7NaqVfArIk0FigRUrGVAgzgatd Gk/dUYW+6CU= =qHtm -----END PGP SIGNATURE-----