Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0335 Security Update for Development Tools 13 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ChakraCore Microsoft Visual Studio Open Enclave SDK Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Remote with User Interaction Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-1428 CVE-2019-1427 CVE-2019-1426 CVE-2019-1425 CVE-2019-1370 Member content until: Friday, December 13 2019 Reference: ASB-2019.0308 ESB-2019.4170 ESB-2019.4163 ESB-2019.4106 ESB-2019.3999 OVERVIEW Microsoft has released its monthly security patch update for the month of November 2019. This update resolves 5 vulnerabilities across the following products: [1] ChakraCore Microsoft Visual Studio 2017 version 15.9 Microsoft Visual Studio 2019 version 16.0 Microsoft Visual Studio 2019 version 16.3 Open Enclave SDK IMPACT Microsoft has given the following details regarding these vulnerabilities. [1] Details Impact Severity CVE-2019-1370 Information Disclosure Important CVE-2019-1425 Elevation of Privilege Important CVE-2019-1426 Remote Code Execution Critical CVE-2019-1427 Remote Code Execution Critical CVE-2019-1428 Remote Code Execution Critical MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue [1]. REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXcuuDGaOgq3Tt24GAQj7CRAAm3O9B+dVClm5TqCIghTWdLvzjQwP6PfI tSTSuTUXx1RgI9+jC1a2gAdZTqFbtBMxF40l9kOwBQ0ecxJvt3yx+R5YjUZSk7RE Ke5D1JoZd5ENldqL+aeEQSViNg/m2XIYjcTtZYVzBDso2EVXv9hFXIpnpdLaY73a uzpxFkNNxGlMVebl02NOzQM5qbHWslXCtvya5AJ+sKfMflH0+Iy9kYMhZVuFsYu+ skdncuSfMpma9wNghx9vgwRjo9O+NQvQz4fRHXsk8fp4PgNXONdrRk9G7M1PbgTM WuNG/6NE73nrqfeg44da84FaszvjvwFtU7+mzBjEjAmSKFJ2HRcpOaOMSoOeDBlH xxDp85axJUP0JnfAudMPOYgSN5DUi4iUPirj90OscroVE3uhjlzl2F01vSgT/X3S 0DRpTiZ88BMdT3pUtNp5BUVoOtr1YHtfMsvTRSv69FNy8J7vDWSeAyPNJHlv39RX fh6Y6U4OoXqkysGWxZNFLKBc0LAMBzKXhcd9kze/Pbp36JNqgyy+VSRO6auEw/+A RkaulVX4LwybJaemieU+4O5dkzoExDnNjSVXgUz3n0q17rkKNWwpgBguRmrMXCsC i024p4kkpwHWQqJEePrRf0zRe+1sC1L2QV+IMl4bN+SBGcvf74fWAG2ZoubN4OKT vooOaTWge7Q= =scN6 -----END PGP SIGNATURE-----