Webinar Library
Welcome to this July Patch Tuesday Bulletin. This month there are 78 unique CVE’s, 6 that are publicly disclosed, 1 involved in active attacks, and 1 advisory outlining mitigations. CVE-2019-0880 outlines an elevation of privilege vulnerability in splwow64 that has been exploited in the wild. This vulnerability does not allow code execution itself but can be leveraged with other vulnerabilities to achieve code execution. Windows hosts, Azure, and SQL servers are affected by vulnerabilities (CVE-2019-0865, CVE-2019-0887, CVE-2019-0962, CVE-2019-1129, CVE-2018-15664, CVE-2019-1068) that have been publicly disclosed. These vulnerabilities will be important to track and remediate due to the public nature. Finally, ADV190021 outlines a mitigation for a cross site scripting vulnerability in Outlook on the Web. Exploiting this vulnerability requires an SVG image so Microsoft recommends blocking SVG images.
Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.
So, without further ado, here’s the chart of MS patches this month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited
Vulnerability Info
Windows
Windows 7, 8.1, RT 8.1, 10
Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
Critical
CVE-2019-0785
CVE-2019-0811
CVE-2019-0865
CVE-2019-0880
CVE-2019-0887
CVE-2019-0962
CVE-2019-0966
CVE-2019-0975
CVE-2019-0999
CVE-2019-1006
CVE-2019-1037
CVE-2019-1067
CVE-2019-1071
CVE-2019-1073
CVE-2019-1074
CVE-2019-1082
CVE-2019-1084
CVE-2019-1085
CVE-2019-1086
CVE-2019-1087
CVE-2019-1088
CVE-2019-1089
CVE-2019-1090
CVE-2019-1091
CVE-2019-1093
CVE-2019-1094
CVE-2019-1095
CVE-2019-1096
CVE-2019-1097
CVE-2019-1098
CVE-2019-1099
CVE-2019-1100
CVE-2019-1101
CVE-2019-1102
CVE-2019-1108
CVE-2019-1116
CVE-2019-1117
CVE-2019-1118
CVE-2019-1119
CVE-2019-1120
CVE-2019-1129
CVE-2019-1130
CVE-2019-1132
CVE-2019-1121
CVE-2019-1122
CVE-2019-1123
CVE-2019-1124
CVE-2019-1126
CVE-2019-1127
CVE-2019-1128
ADV190020
*Workaround: No
**Public: Yes
Exploited: Yes
Remote Code Execution
Denial of Service
Elevation of Privilege
Security Feature Bypass
Information Disclosure
Internet Explorer
IE 9, 10, 11
CVE-2019-1001
CVE-2019-1004
CVE-2019-1056
CVE-2019-1059
CVE-2019-1063
CVE-2019-1104
**Public: No
Exploited: No
Edge
All
CVE-2019-1062
CVE-2019-1092
CVE-2019-1103
CVE-2019-1106
CVE-2019-1107
Office, Office Services, and Web Apps
Excel 2010, 2013, 2016
Lync 2013, Basic 2013
Office 2010, 2013, 2016, 2016 for Mac, 2019, 2019 for Mac
Outlook 2010, 2013, 2016, Android, iOS
SharePoint Enterprise 2013, Enterprise 2016, Foundation 2010, Foundation 2013, Server 2019
Office 365 ProPlus
Skype for Business 2016
Important
CVE-2019-1109
CVE-2019-1110
CVE-2019-1111
CVE-2019-1112
CVE-2019-1134
CVE-2019-1105
Spoofing
Azure DevOps / Team Foundation Server
Server 2019.0.1
CVE-2019-1072
CVE-2019-1076
.NET Framework
.NET 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
CVE-2019-1083
CVE-2019-1113
Azure
IoT Edge
Kubernetes Service
CVE-2018-15664
SQL Server
Server 2014, 2016, 2017
CVE-2019-1068
ASP.NET
Core 2.1, 2.2
Moderate
CVE-2019-1075
Visual Studio
Visual Studio 2010, 2012, 2013, 2015, 2017, 2019
CVE-2019-1077
CVE-2019-1079
Exchange Server
Server 2010, 2013, 2016, 2019
ADV190021
CVE-2019-1136
CVE-2019-1137
*Workaround: Yes
We will not share your address. Unsubscribe anytime. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.