Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0344 Security update for Microsoft Windows 11 December 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Windows Operating System: Windows Impact/Access: Administrator Compromise -- Existing Account Execute Arbitrary Code/Commands -- Remote with User Interaction Increased Privileges -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Unauthorised Access -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-1489 CVE-2019-1488 CVE-2019-1484 CVE-2019-1483 CVE-2019-1481 CVE-2019-1480 CVE-2019-1478 CVE-2019-1477 CVE-2019-1476 CVE-2019-1474 CVE-2019-1472 CVE-2019-1471 CVE-2019-1470 CVE-2019-1469 CVE-2019-1468 CVE-2019-1467 CVE-2019-1466 CVE-2019-1465 CVE-2019-1458 CVE-2019-1453 Member content until: Friday, January 10 2020 Reference: ESB-2019.4584 ESB-2019.3185 ESB-2019.3047 OVERVIEW Microsoft has released its monthly security patch update for the month of December 2019. This update resolves 20 vulnerabilities across the following products: [1] Microsoft Windows XP Service Pack 3 Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 Version 1909 for 32-bit Systems Windows 10 Version 1909 for ARM64-based Systems Windows 10 Version 1909 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2019-1453 Denial of Service Important CVE-2019-1458 Elevation of Privilege Important CVE-2019-1465 Information Disclosure Important CVE-2019-1466 Information Disclosure Important CVE-2019-1467 Information Disclosure Important CVE-2019-1468 Remote Code Execution Critical CVE-2019-1469 Information Disclosure Important CVE-2019-1470 Information Disclosure Important CVE-2019-1471 Remote Code Execution Critical CVE-2019-1472 Information Disclosure Important CVE-2019-1474 Information Disclosure Important CVE-2019-1476 Elevation of Privilege Important CVE-2019-1477 Elevation of Privilege Important CVE-2019-1478 Elevation of Privilege Important CVE-2019-1480 Information Disclosure Important CVE-2019-1481 Information Disclosure Important CVE-2019-1483 Elevation of Privilege Important CVE-2019-1484 Remote Code Execution Important CVE-2019-1488 Security Feature Bypass Important CVE-2019-1489 Information Disclosure Important [1] MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB4530681, KB4530702, KB4530717, KB4530715, KB4530698 KB4530714, KB4530689, KB4530734, KB4530719, KB4530695 KB4530692, KB4530730, KB4530691, KB4530684 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXfCKiWaOgq3Tt24GAQieEw/8C9O+AvuXUYMaXpfK4frpM05Rc8oALmnv 4o90ucHQA/cxtIJObduW4+HrGbCoMpJePtCWkVYrXs44tfYwvrm2wb4WC9oOJdGh 6PG6FN+QPK6TWo1EOyw3QZJjw50tP/IWFg2bKf292rnGzfgjigEfj3fHqSIh3JQj NaaBvjiaHb2PQeQUUIsRd2XPRSmf9G4TkVNhQ2OnZa6UYEgIx7rsi9tx0QHlKIIM BJrHyEIzhTDQGGiO2eUSa0eGZOraSpyF2vEyX25FBwNhbKFf0+dTFv6lvtnpTHqB gPIq3nOwcS907WoaIHdGtRYgchjUACbihiJG6+M84lHBkCok8iVAaDkDvklqDLyQ D0xyLpcIJ721x+U4ff0Nj5uTjAXjstUJ8UnmiOj4qZ6dOLiappCq3Krrq4yAlFL2 tcZWObR+HX8o/e/LeqUY5oA1aNAH6sEdLlAmrXP9A/oA/mRDVLiHAc3w/eAQIdEb dvpTgSBz8C4DXmqq7RjJJKXuXtxsZcIhCoQVzjLpesq+0SxV5EfGrkHGSyb5jcU5 tAYvQcfYw2RI/Y0lnMhkS5CC7vO45iuniSt6PxjiZ97zrvKp/uCOE1p5A0RzE05/ dtIYtUYMytw6+BtriwB7CMdDjuPCxMJdTGnbx9iKedKTZ3Rkhyh4dyi7nBZX6tkT YdQNFSxv8Ys= =Qyrz -----END PGP SIGNATURE-----