Webinar Library
Welcome to this August Patch Tuesday Bulletin. This month there are 94 unique CVE’s, 0 exploited or disclosed, and 7 with workarounds or mitigations. While there are no attacks or disclosed vulnerabilities there are some important vulnerabilities to review. There are two critical vulnerabilities very similar to the ‘BlueKeep’ vulnerability and possibly wormable. Review CVE-2019-1181 and CVE-2019-1182 to ensure updates are applied. Both vulnerabilities have mitigations and workarounds that may help add a level of security to systems in the event updates cannot be deployed fast enough. CVE-2019-9506 is an interesting vulnerability that affects Bluetooth enabled devices. An attacker would need specialized hardware and must be within typical Bluetooth range to attack the device. The update adds enforcement of Bluetooth key length, but enforcement is not enabled by default. Follow directions in the Microsoft advisory for this CVE for instructions to enable enforcement. Finally, there is a denial of service vulnerability in CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518. A workaround exists for these vulnerabilities in the event updates cannot be deployed in a timely manner.
Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.
So, without further ado, here’s the chart of MS patches this month.
Patch data provided by:
Technology
Products Affected
Severity
Reference
Workaround/ Exploited
Vulnerability Info
Windows
Windows 7, 8.1, RT 8.1, 10
Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
Critical
CVE-2019-0714
CVE-2019-0715
CVE-2019-0716
CVE-2019-0717
CVE-2019-0718
CVE-2019-0720
CVE-2019-0723
CVE-2019-0736
CVE-2019-0965
CVE-2019-1057
CVE-2019-1078
CVE-2019-1125
CVE-2019-1143
CVE-2019-1144
CVE-2019-1145
CVE-2019-1146
CVE-2019-1147
CVE-2019-1148
CVE-2019-1149
CVE-2019-1150
CVE-2019-1151
CVE-2019-1152
CVE-2019-1153
CVE-2019-1154
CVE-2019-1155
CVE-2019-1156
CVE-2019-1157
CVE-2019-1158
CVE-2019-1159
CVE-2019-1161
CVE-2019-1162
CVE-2019-1163
CVE-2019-1164
CVE-2019-1168
CVE-2019-1169
CVE-2019-1170
CVE-2019-1171
CVE-2019-1172
CVE-2019-1173
CVE-2019-1174
CVE-2019-1175
CVE-2019-1176
CVE-2019-1177
CVE-2019-1178
CVE-2019-1179
CVE-2019-1180
CVE-2019-1181*
CVE-2019-1182*
CVE-2019-1183
CVE-2019-1184
CVE-2019-1185
CVE-2019-1186
CVE-2019-1187
CVE-2019-1188
CVE-2019-1190
CVE-2019-1198
CVE-2019-1206
CVE-2019-1212
CVE-2019-1213
CVE-2019-1222
CVE-2019-1223
CVE-2019-1224
CVE-2019-1225
CVE-2019-1226
CVE-2019-1227
CVE-2019-1228
CVE-2019-9506
CVE-2019-9511*
CVE-2019-9512*
CVE-2019-9513*
CVE-2019-9514*
CVE-2019-9518*
*Workaround: Yes
**Public: No
Exploited: No
Denial of Service
Elevation of Privilege
Information Disclosure
Remote Code Execution
Tampering
Security Feature Bypass
Internet Explorer
IE 9, 10, 11
CVE-2019-1133
CVE-2019-1192
CVE-2019-1193
CVE-2019-1194
*Workaround: No
Edge
All
CVE-2019-1030
CVE-2019-1131
CVE-2019-1139
CVE-2019-1140
CVE-2019-1141
CVE-2019-1195
CVE-2019-1196
CVE-2019-1197
ChakraCore
Office, Office Services, and Web Apps
Office 2010, 2013, 2016, 2016 for Mac, 2019, 2019 for Mac, 365, Online Server
Office Web Apps 2010, Server 2013
Outlook 2010, 2013, 2016
SharePoint Enterprise 2013, Enterprise 2016, Foundation 2010, Foundation 2013, Server 2010, Server 2019
Word 2010, 2013, 2016
Office 365 ProPlus
ADV190014
CVE-2019-1199
CVE-2019-1200
CVE-2019-1201
CVE-2019-1202
CVE-2019-1203
CVE-2019-1204
CVE-2019-1205
CVE-2019-1218
Spoofing
Visual Studio
Visual Studio 2017, 2017 version 15.9, 2019 version 16.0, 2019 version 16.2
Important
CVE-2019-1211
Dynamics
Dynamics 365 (on-premises) version 9.0
CVE-2019-1229
We will not share your address. Unsubscribe anytime. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.