Himanshu MehtaSenior Threat Analysis Engineer
Posted: 31 Min ReadThreat Intelligence

Microsoft Patch Tuesday – June 2019

This month the vendor has patched 88 vulnerabilities, 20 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

 

Microsoft's summary of the June 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

 

This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • ChakraCore
  • Microsoft Office
  • Microsoft Windows
  • Windows Hyper-V
  • Graphics Device Interface (GDI)
  • Jet Database Engine
  • Skype for Business and Lync Server
  • Azure

 

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for Microsoft Browsers

    Microsoft Edge Security Feature Bypass Vulnerability (CVE-2019-1054) MS Rating: Important

    A security bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). An attacker can exploit this issue by hosting a malicious website or sending the targeted user a specially crafted .url file that is designed to exploit the bypass.

     

    Microsoft Browser Memory Corruption Vulnerability (CVE-2019-1038) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0989) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0991) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0992) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-0993) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1002) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1003) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1024) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1051) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1052) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0920) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-0988) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Scripting Engine Information Disclosure Vulnerability (CVE-2019-0990) MS Rating: Critical

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker can exploit this issue to obtain information to further compromise the user's system.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-1055) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-1080) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-1005) MS Rating: Important

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

     

    Scripting Engine Information Disclosure Vulnerability (CVE-2019-1023) MS Rating: Important

    An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker can exploit this issue to obtain information to further compromise the user's system.

     

    Microsoft Browser Information Disclosure Vulnerability (CVE-2019-1081) MS Rating: Important

    An information disclosure vulnerability exists when the Microsoft browsers do not properly handle objects in memory. An attacker can exploit this issue to obtain information to further compromise the user's system.

     

  2. Cumulative Security Update for Microsoft Office

    Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1031) MS Rating: Important

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1032) MS Rating: Important

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1033) MS Rating: Important

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1036) MS Rating: Important

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1034) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker can exploit this issue to use a specially crafted file to perform actions in the security context of the current user.

     

    Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1035) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker can exploit this issue to use a specially crafted file to perform actions in the security context of the current user.

     

  3. Cumulative Security Update for Microsoft Windows Kernel

    Win32k Elevation of Privilege Vulnerability (CVE-2019-0960) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode.

     

    Win32k Elevation of Privilege Vulnerability (CVE-2019-1014) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode.

     

    Win32k Elevation of Privilege Vulnerability (CVE-2019-1017) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-1039) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory. To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker can exploit this issue to obtain information to further compromise the user's system.

     

    Windows Kernel Elevation of Privilege Vulnerability (CVE-2019-1041) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode.

     

    Windows Secure Kernel Mode Security Feature Bypass Vulnerability (CVE-2019-1044) MS Rating: Important

    A security feature bypass vulnerability exists when Windows Secure Kernel Mode fails to properly handle objects in memory. To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system. An attacker can exploit this issue to violate virtual trust levels (VTL).

     

    Windows Kernel Elevation of Privilege Vulnerability (CVE-2019-1065) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode.

     

  4. Cumulative Security Update for Microsoft Windows Hyper-V

    Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-0620) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker requires to run a specially crafted application on a guest operating system that causes the Hyper-V host operating system to execute arbitrary code.

     

    Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-0722) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker requires to run a specially crafted application on a guest operating system that causes the Hyper-V host operating system to execute arbitrary code.

     

    Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0713) MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.

     

    Windows Hyper-V Remote Code Execution Vulnerability (CVE-2019-0709) MS Rating: Critical

    A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker can exploit this issue to execute arbitrary code on the host operating system.

     

    Windows Hyper-V Denial Of Service Vulnerability (CVE-2019-0710) MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.

     

    Windows Hyper-V Denial Of Service Vulnerability (CVE-2019-0711) MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.

     

  5. Cumulative Security Update for Microsoft Windows Jet Database Engine

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0904) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this issue to execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0905) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this issue to execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0906) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this issue to execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0907) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this issue to execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0908) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this issue to execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0909) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this issue to execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-0974) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker can exploit this issue to execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file.

     

  6. Cumulative Security Update for Microsoft Windows Graphics Device Interface (GDI)

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1009) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1010) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1011) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1012) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1013) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1015) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1016) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1046) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1047) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1048) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1049) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1050) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-0968) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-0977) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker can exploit this issue by convincing a user to open a specially crafted document, or by convincing a user to visit an untrusted webpage to obtain information to further compromise the user's system.

     

  7. Cumulative Security Update for Microsoft Windows

    Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1021) MS Rating: Important

    A privilege escalation exists in Windows Audio Service. An attacker can exploit this issue to run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker requires to run a specially crafted application that could exploit the vulnerability.

     

    Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1022) MS Rating: Important

    A privilege escalation exists in Windows Audio Service. An attacker can exploit this issue to run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker requires to run a specially crafted application that could exploit the vulnerability.

     

    Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1026) MS Rating: Important

    A privilege escalation exists in Windows Audio Service. An attacker can exploit this issue to run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker requires to run a specially crafted application that could exploit the vulnerability.

     

    Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1027) MS Rating: Important

    A privilege escalation exists in Windows Audio Service. An attacker can exploit this issue to run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker requires to run a specially crafted application that could exploit the vulnerability.

     

    Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1028) MS Rating: Important

    A privilege escalation exists in Windows Audio Service. An attacker can exploit this issue to run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker requires to run a specially crafted application that could exploit the vulnerability.

     

    Windows Audio Service Elevation of Privilege Vulnerability (CVE-2019-1007) MS Rating: Important

    A privilege escalation exists in Windows Audio Service. An attacker can exploit this issue to run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker requires to run a specially crafted application that could exploit the vulnerability.

     

    ActiveX Data Objects (ADO) Remote Code Execution Vulnerability (CVE-2019-0888) MS Rating: Critical

    A remote code execution vulnerability exists in the way that ActiveX Data Objects (ADO) handle objects in memory. An attacker can exploit this issue to execute arbitrary code with the victim user's privileges. An attacker could craft a website that exploits the vulnerability and then convince a victim user to visit the website.

     

    Microsoft Speech API Remote Code Execution Vulnerability (CVE-2019-0985) MS Rating: Critical

    A remote code execution vulnerability exists when the Microsoft Speech API (SAPI) improperly handles text-to-speech (TTS) input. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. To exploit the vulnerability, an attacker would need to convince a user to open a specially crafted document containing TTS content invoked through a scripting language.

     

    Microsoft IIS Server Denial of Service Vulnerability (CVE-2019-0941) MS Rating: Important

    A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker can exploit this issue to perform a temporary denial of service against pages configured to use request filtering. To exploit this vulnerability, an attacker could send a specially crafted request to a page utilizing request filtering.

     

    Windows ALPC Elevation of Privilege Vulnerability (CVE-2019-0943) MS Rating: Important

    A privilege escalation vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker can exploit this issue to run arbitrary code in the security context of the local system. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.

     

    Windows Event Viewer Information Disclosure Vulnerability (CVE-2019-0948) MS Rating: Moderate

    An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker can exploit this issue to read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file.

     

    Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2019-0959) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker can exploit this issue to run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.

     

    Local Security Authority Subsystem Service Denial of Service Vulnerability (CVE-2019-0972) MS Rating: Important

    This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request. A remote attacker who successfully exploited this vulnerability could cause a denial of service on the target system's LSASS service, which triggers an automatic reboot of the system.

     

    Windows Installer Elevation of Privilege Vulnerability (CVE-2019-0973) MS Rating: Important

    A privilege escalation vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges.

     

    Windows Storage Service Elevation of Privilege Vulnerability (CVE-2019-0983) MS Rating: Important

    A privilege escalation vulnerability exists when the Storage Service improperly handles file operations. An attacker can exploit this issue to gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application.

     

    Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2019-0984) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker can exploit this issue to run processes in an elevated context. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system

     

    Windows User Profile Service Elevation of Privilege Vulnerability (CVE-2019-0986) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker can exploit this issue to delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing.

     

    Windows Storage Service Elevation of Privilege Vulnerability (CVE-2019-0998) MS Rating: Important

    A privilege escalation vulnerability exists when the Storage Service improperly handles file operations. An attacker can exploit this issue to gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution on the victim system, then run a specially crafted application.

     

    DirectX Elevation of Privilege Vulnerability (CVE-2019-1018) MS Rating: Important

    A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker can exploit this issue to run arbitrary code in kernel mode. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

     

    Microsoft Windows Security Feature Bypass Vulnerability (CVE-2019-1019) MS Rating: Important

    A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker can exploit this issue to access another machine using the original user privileges.

     

    Windows Denial of Service Vulnerability (CVE-2019-1025) MS Rating: Important

    A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker can exploit this issue to cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application or to convince a user to open a specific file on a network share.

     

    Windows NTLM Tampering Vulnerability (CVE-2019-1040) MS Rating: Important

    A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker can exploit this issue to gain the ability to downgrade NTLM security features. To exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker could then modify flags of the NTLM packet without invalidating the signature.

     

    Comctl32 Remote Code Execution Vulnerability (CVE-2019-1043) MS Rating: Important

    A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system.

     

    Windows Network File System Elevation of Privilege Vulnerability (CVE-2019-1045) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the Windows Network File System (NFS) handles objects in memory. An attacker can exploit this issue to execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

     

    Windows Shell Elevation of Privilege Vulnerability (CVE-2019-1053) MS Rating: Important

    A privilege escalation vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker can exploit this issue to elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require unprivileged execution on the victim system.

     

    Windows Elevation of Privilege Vulnerability (CVE-2019-1064) MS Rating: Important

    A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker can exploit this issue to run processes in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

     

    Task Scheduler Elevation of Privilege Vulnerability (CVE-2019-1069) MS Rating: Important

    A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker can exploit this issue to gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system.

     

  8. Security Update for Skype for Business and Lync Server

    Skype for Business and Lync Server Denial of Service Vulnerability (CVE-2019-1029) MS Rating: Important

    A denial of service vulnerability exists in Skype for Business. An attacker can exploit this issue to cause Skype for Business to stop responding. Note that the denial of service would not allow an attacker to execute code or to elevate the attacker's user rights.

     

  9. Security Update for Azure

    Azure DevOps Server Spoofing Vulnerability (CVE-2019-0996) MS Rating: Important

    A spoofing vulnerability exists in Azure DevOps Server when it improperly handles requests to authorize applications, resulting in a cross-site request forgery. An attacker can exploit this issue to bypass OAuth protections and register an application on behalf of the targeted user. To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request. The attacker would then need to convince a targeted user to click a link to the malicious page.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Himanshu Mehta

Senior Threat Analysis Engineer

Himanshu is a senior member of Symantec's Cyber Security Services organization. An active contributor to numerous security communities, he frequently provides insight on vulnerabilities and shares his knowledge by writing reports, blogs, and journals.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.