/Which Vulnerabilities Patched in September? – Davoud Teimouri – Virtualization and Data Center (via WindowsKernel.com)
Which Vulnerabilities Patched in September? - Davoud Teimouri - Virtualization and Data Center

Which Vulnerabilities Patched in September? – Davoud Teimouri – Virtualization and Data Center (via WindowsKernel.com)


Yes, we are talking about Microsoft products. Microsoft has released patch for resolve critical issue on Remote Desktop Services. This month a patch has been released for RDP Client. There are many patches same as past months, let’s review the important patches.

Security Update for Microsoft Windows

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0787) MS Rating: Critical – A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client.

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0788) MS Rating: Critical – A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client.

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-1290) MS Rating: Critical – A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client.

Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-1291) MS Rating: Critical – A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client.

LNK Remote Code Execution Vulnerability (CVE-2019-1280) MS Rating: Critical – A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a . LNK file is processed.

Windows Privilege Escalation Vulnerability (CVE-2019-1215) MS Rating: Important – A privilege escalation vulnerability exists in the way that the ws2ifsl. sys handles objects in memory.

Windows Privilege Escalation Vulnerability (CVE-2019-1253) MS Rating: Important – A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows Denial of Service Vulnerability (CVE-2019-1292) MS Rating: Important – A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

Windows Privilege Escalation Vulnerability (CVE-2019-1303) MS Rating: Important – A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system.

Windows Common Log File System Driver Privilege Escalation Vulnerability (CVE-2019-1214) MS Rating: Important – A privilege escalation vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Windows Transaction Manager Information Disclosure Vulnerability (CVE-2019-1219) MS Rating: Important – An information disclosure vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed.

Windows ALPC Privilege Escalation Vulnerability (CVE-2019-1269) MS Rating: Important – A privilege escalation vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system.

Windows ALPC Privilege Escalation Vulnerability (CVE-2019-1272) MS Rating: Important – A privilege escalation vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system.

Windows Common Log File System Driver Information Disclosure Vulnerability (CVE-2019-1282) MS Rating: Important – An information disclosure exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle sandbox checks. An attacker who successfully exploited this vulnerability could potentially read data outside their expected limits.

Windows Text Service Framework Privilege Escalation Vulnerability (CVE-2019-1235) MS Rating: Important – A privilege escalation vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME).

Windows Secure Boot Security Bypass Vulnerability (CVE-2019-1294) MS Rating: Important – A security-bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. An attacker who successfully exploited this vulnerability could disclose protected kernel memory.

Microsoft Windows Store Installer Privilege Escalation Vulnerability (CVE-2019-1270) MS Rating: Important – A privilege escalation vulnerability exists in Windows store installer where WindowsApps directory is vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could bypass access restrictions to add or remove files.

Windows Media Privilege Escalation Vulnerability (CVE-2019-1271 MS Rating: Important – An elevation of privilege exists in hdAudio. sys which may lead to an out of band write.

Windows Audio Service Privilege Escalation Vulnerability (CVE-2019-1277) MS Rating: Important – An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

DirectX Information Disclosure Vulnerability (CVE-2019-1216) MS Rating: Important – An information disclosure vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

DirectWrite Information Disclosure Vulnerability (CVE-2019-1244) MS Rating: Important – An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

DirectWrite Information Disclosure Vulnerability (CVE-2019-1245) MS Rating: Important – An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

DirectWrite Information Disclosure Vulnerability (CVE-2019-1251) MS Rating: Important – An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.

DirectX Privilege Escalation Vulnerability (CVE-2019-1284) MS Rating: Important – A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Windows Network Connectivity Assistant Privilege Escalation Vulnerability (CVE-2019-1287) MS Rating: Important – A privilege escalation vulnerability exists in the way that the Windows Network Connectivity Assistant handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Windows Update Delivery Optimization Privilege Escalation Vulnerability (CVE-2019-1289) MS Rating: Important – A privilege escalation vulnerability exists when the Windows Update Delivery Optimization does not properly enforce file share permissions. An attacker who successfully exploited the vulnerability could overwrite files that require higher privileges than what the attacker already has.

Active Directory Federation Services XSS Vulnerability (CVE-2019-1273) MS Rating: Important – A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected ADFS server.

Diagnostics Hub Standard Collector Service Privilege Escalation Vulnerability (CVE-2019-1232) MS Rating: Important – A privilege escalation vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.

Microsoft Compatibility Appraiser Privilege Escalation Vulnerability (CVE-2019-1267) MS Rating: Important – A privilege escalation vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic hardlink attack. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Winlogon Privilege Escalation Vulnerability (CVE-2019-1268) MS Rating: Important – An elevation of privilege exists when Winlogon does not properly handle file path information. An attacker who successfully exploited this vulnerability could run arbitrary code.

Windows Privilege Escalation Vulnerability (CVE-2019-1278) MS Rating: Important – A privilege escalation vulnerability exists in the way that the unistore.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

Windows SMB Client Driver Information Disclosure Vulnerability (CVE-2019-1293) MS Rating: Important – An information disclosure vulnerability exists in Windows when the Windows SMB Client kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory.

Cumulative Security Update for Microsoft Windows Kernel

Win32k Privilege Escalation Vulnerability (CVE-2019-1256) MS Rating: Important – A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Windows Kernel Information Disclosure Vulnerability (CVE-2019-1274) MS Rating: Important – An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.

Win32k Privilege Escalation Vulnerability (CVE-2019-1285) MS Rating: Important – A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Cumulative Security Update for Microsoft Hyper-V

Windows Hyper-V Information Disclosure Vulnerability (CVE-2019-1254) MS Rating: Important – An information disclosure vulnerability exists when Windows Hyper-V writes uninitialized memory to disk. An attacker could exploit the vulnerability by reading a file to recover kernel memory.

Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0928) MS Rating: Important – A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.

This is a syndicated post. Read the original post at Source link .