Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0274 Security update for Microsoft Development Tools 9 October 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Azure App Service on Azure Stack ChakraCore Open Enclave SDK SQL Server Management Studio Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-1376 CVE-2019-1372 CVE-2019-1369 CVE-2019-1366 CVE-2019-1335 CVE-2019-1313 CVE-2019-1308 CVE-2019-1307 Member content until: Friday, November 8 2019 OVERVIEW Microsoft has released its monthly security patch update for the month of October 2019. This update resolves 8 vulnerabilities across the following products: [1] Azure App Service on Azure Stack ChakraCore Open Enclave SDK SQL Server Management Studio 18.3 SQL Server Management Studio 18.3.1 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2019-1307 Remote Code Execution Critical CVE-2019-1308 Remote Code Execution Critical CVE-2019-1313 Information Disclosure Important CVE-2019-1335 Remote Code Execution Critical CVE-2019-1366 Remote Code Execution Critical CVE-2019-1369 Information Disclosure Important CVE-2019-1372 Remote Code Execution Critical CVE-2019-1376 Information Disclosure Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXZ1mz2aOgq3Tt24GAQgQLg/+Nn/30cu7pAOsihBYIYVuZ83V1rXH4PV+ ZiOeOujP3Mdj4dXugOzRZ8b7kYvUiKVZ+t0I8rQQiwz37JfnKd4dN9zdi1BB9d4z cxfVoQ4Dw5KGxKHOm+uWsQ27H2PGpAHXbNHKQdIXw+7aOD90iq4X1htSBSXlkE43 QiZ3HPDa/+hRq4OjHCrTKCPzuBeU1mPrEENhf8j1TVHZ71NIBh0SzGbbeJ8tSzQC 6fEVPx3JsrwuwDZtIF++rR0FsB624BPSmx6Uk9T05408VG4jXX4n1GcO/nE0SDeu 1atuWarDSoi5QOkpYJQ5823gwEjnqWPj3hPoo4sPlCDAoPjEmOUBiVWm8D7rluc2 v7D03eHXCq44nSSWdsYCNbmoCdsgjOfrBG/0P1x4pg8GuhHK/VsX8YG7lfET+ADD xWW7T2S5IL1MFRnW+8vqbJuByg40E97Tlz/O7fapu2D5+Ez8FUSmxAiqifmIAJCv HHf4Uqy2Z5CKzi7ciY637Noa6uZojFavWMYlJ2SLbxU8mop5yULL2tDyHXX5gdTH 24QH3Z8/kYTrf8z/tH/jGz62LNQUWknWxGVUEPLJB8ZNcSJPO0oNFM1nUw0IwO0N IlrjDTgQ4gspwYYO100IMZZBAqKHxwkodPwOe/2adOlKHX0DXqzm5IwWS63/faua U+5psD7u0cc= =g3IU -----END PGP SIGNATURE-----