Microsoft 10 września 2019 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 79 poprawek bezpieczeństwa, w tym 17 oznaczonych jako krytyczne.

Aktualizacje naprawiają luki m.in. w:

  • .NET Framework
  • Adobe Flash Player
  • Microsoft Office SharePoint
  • Microsoft Scripting Engine
  • Microsoft Windows
  • Team Foundation Server
  • Windows RDP

Najistotniejsze podatności dotyczą m.in. RDP i TSF:

CVE-2019-0787CVE-2019-0788CVE-2019-1290CVE-2019-1291 – podatności w Windows RDP umożliwiają zdalne wykonanie kodu podczas połączenia ze złośliwym serwerem.

CVE-2019-1235 – luka w Windows Text Service Framework (TSF) umożliwia atakującemu wykonanie poleceń lub uzyskanie dostępu do danych wejściowych przez zainfekowany edytor IME. Dotyczy to tylko systemów, w których zainstalowano edytor IME.

Poniżej przedstawiamy szczegółowe zestawienie aktualizacji:

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Core Denial of Service Vulnerability
CVE-2019-1301 No No Less Likely Less Likely Important
.NET Framework Elevation of Privilege Vulnerability
CVE-2019-1142 No No Less Likely Less Likely Important
ASP.NET Core Elevation Of Privilege Vulnerability
CVE-2019-1302 No No Less Likely Less Likely Important
Active Directory Federation Services XSS Vulnerability
CVE-2019-1273 No No Less Likely Less Likely Important 8.2 7.4
Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability
CVE-2019-1306 No No Less Likely Less Likely Critical
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-1138 No No Critical 4.2 3.8
CVE-2019-1217 No No Critical 4.2 3.8
CVE-2019-1237 No No Less Likely Less Likely Critical 4.2 3.8
CVE-2019-1298 No No Critical 4.2 3.8
CVE-2019-1300 No No Critical 4.2 3.8
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2019-1232 No No Less Likely Less Likely Important 7.8 7.0
DirectWrite Information Disclosure Vulnerability
CVE-2019-1244 No No Less Likely Less Likely Important 6.5 5.9
CVE-2019-1245 No No Less Likely Less Likely Important 6.5 5.9
CVE-2019-1251 No No Less Likely Less Likely Important 5.5 5.0
DirectX Elevation of Privilege Vulnerability
CVE-2019-1284 No No Important 7.8 7.0
DirectX Information Disclosure Vulnerability
CVE-2019-1216 No No Important 5.5 5.1
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1240 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1241 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1242 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1243 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1246 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1247 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1248 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1249 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1250 No No Less Likely Less Likely Important 7.8 7.0
LNK Remote Code Execution Vulnerability
CVE-2019-1280 No No Less Likely Less Likely Critical 7.3 6.6
Latest Servicing Stack Updates
ADV990001 No No Critical
Lync 2013 Information Disclosure Vulnerability
CVE-2019-1209 No No Important
Microsoft Browser Security Feature Bypass Vulnerability
CVE-2019-1220 No No Less Likely Less Likely Important 2.4 2.2
Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability
CVE-2019-1267 No No Less Likely Less Likely Important 7.3 6.6
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
CVE-2019-1299 No No Important 4.3 3.9
Microsoft Excel Information Disclosure Vulnerability
CVE-2019-1263 No No Less Likely Less Likely Important
Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-1297 No No Less Likely Less Likely Important
Microsoft Exchange Denial of Service Vulnerability
CVE-2019-1233 No No Less Likely Less Likely Important
Microsoft Exchange Spoofing Vulnerability
CVE-2019-1266 No No Less Likely Less Likely Important
Microsoft Graphics Components Information Disclosure Vulnerability
CVE-2019-1283 No No Important 5.5 5.0
Microsoft Office Security Feature Bypass Vulnerability
CVE-2019-1264 No No Important
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-1262 No No Important
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2019-1260 No No Less Likely Less Likely Important
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2019-1257 No No More Likely More Likely Critical
CVE-2019-1295 No No More Likely More Likely Critical
CVE-2019-1296 No No More Likely More Likely Critical
Microsoft SharePoint Spoofing Vulnerability
CVE-2019-1259 No No Moderate
CVE-2019-1261 No No Less Likely Less Likely Important
Microsoft Windows Store Installer Elevation of Privilege Vulnerability
CVE-2019-1270 No No Less Likely Less Likely Important 6.3 5.7
Microsoft Yammer Security Feature Bypass Vulnerability
CVE-2019-1265 No No Less Likely Less Likely Important
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2019-0787 No No More Likely More Likely Critical 7.5 6.7
CVE-2019-0788 No No More Likely More Likely Critical 7.5 6.7
CVE-2019-1290 No No More Likely More Likely Critical 7.5 6.7
CVE-2019-1291 No No More Likely More Likely Critical 7.5 6.7
Rome SDK Information Disclosure Vulnerability
CVE-2019-1231 No No Less Likely Less Likely Important
Scripting Engine Memory Corruption Vulnerability
CVE-2019-1221 No No Critical 6.4 5.8
September 2019 Adobe Flash Security Update
ADV190022 No No Less Likely Less Likely Critical
Team Foundation Server Cross-site Scripting Vulnerability
CVE-2019-1305 No No Less Likely Less Likely Important
VBScript Remote Code Execution Vulnerability
CVE-2019-1208 No No Less Likely Less Likely Critical 6.4 5.8
CVE-2019-1236 No No Less Likely Less Likely Critical 6.4 5.8
Win32k Elevation of Privilege Vulnerability
CVE-2019-1256 No No More Likely Unlikely Important 7.8 7.0
CVE-2019-1285 No No More Likely More Likely Important 7.8 7.0
Windows ALPC Elevation of Privilege Vulnerability
CVE-2019-1269 No No Less Likely Less Likely Important 6.3 5.7
CVE-2019-1272 No No Less Likely Less Likely Important 6.3 5.7
Windows Audio Service Elevation of Privilege Vulnerability
CVE-2019-1277 No No Less Likely Less Likely Important 7.8 7.0
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2019-1214 No Yes More Likely Unlikely Important 7.8 7.0
Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2019-1282 No No Less Likely Less Likely Important 5.5 5.0
Windows Denial of Service Vulnerability
CVE-2019-1292 No No Less Likely Less Likely Important 5.8 5.2
Windows Elevation of Privilege Vulnerability
CVE-2019-1215 No Yes More Likely More Likely Important 7.8 7.0
CVE-2019-1253 Yes No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1278 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1303 No No Less Likely Less Likely Important
Windows GDI Information Disclosure Vulnerability
CVE-2019-1252 No No Less Likely Less Likely Important 5.5 5.0
CVE-2019-1286 No No Less Likely Less Likely Important 5.5 5.0
Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0928 No No Important 5.4 4.9
Windows Hyper-V Information Disclosure Vulnerability
CVE-2019-1254 No No Less Likely Less Likely Important 5.5 5.0
Windows Kernel Information Disclosure Vulnerability
CVE-2019-1274 No No Less Likely Less Likely Important 6.3 5.7
Windows Media Elevation of Privilege Vulnerability
CVE-2019-1271 No No Less Likely Less Likely Important 7.0 6.3
Windows Network Connectivity Assistant Elevation of Privilege Vulnerability
CVE-2019-1287 No No Less Likely Less Likely Important 7.8 7.0
Windows SMB Client Driver Information Disclosure Vulnerability
CVE-2019-1293 No No Less Likely Less Likely Important 5.5 5.0
Windows Secure Boot Security Feature Bypass Vulnerability
CVE-2019-1294 Yes No Less Likely Less Likely Important 5.3 4.8
Windows Text Service Framework Elevation of Privilege Vulnerability
CVE-2019-1235 Yes No Less Likely Less Likely Important 7.8 7.0
Windows Transaction Manager Information Disclosure Vulnerability
CVE-2019-1219 No No More Likely More Likely Important 5.5 5.0
Windows Update Delivery Optimization Elevation of Privilege Vulnerability
CVE-2019-1289 No No Less Likely Less Likely Important 7.0 6.3
Winlogon Elevation of Privilege Vulnerability
CVE-2019-1268 No No Less Likely Less Likely Important 6.5 5.9