August 2019 Microsoft Patch Tuesday

Published: 2019-08-13
Last Updated: 2019-08-13 20:16:14 UTC
by Johannes Ullrich (Version: 1)

This month we got patches for 93 vulnerabilities total. According to Microsoft, none of them are being exploited.

Amongst critical vulnerabilities, it's worth mentioning CVE-2019-1181 and 2019-1182, which affects Remote Desktop Services (RDS) - formerly known as Terminal Services.

These vulnerabilities are pre-authentication and require no user interaction. Thus, just like Bluekeep, they are wormable.

The affected versions are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions. Windows XP, Windows Server 2003, and Windows Server 2008 are not affected.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

August 2019 Security Updates

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-1131	No	No	-	-	Critical	4.2	3.8
CVE-2019-1139	No	No	-	-	Critical	4.2	3.8
CVE-2019-1140	No	No	-	-	Critical	4.2	3.8
CVE-2019-1141	No	No	-	-	Critical	4.2	3.8
CVE-2019-1195	No	No	-	-	Critical	4.2	3.8
CVE-2019-1196	No	No	-	-	Critical	4.2	3.8
CVE-2019-1197	No	No	-	-	Critical	4.2	3.8
DirectX Elevation of Privilege Vulnerability
CVE-2019-1176	No	No	Less Likely	Less Likely	Important	7.0	6.3
Dynamics On-Premise Elevation of Privilege Vulnerability
CVE-2019-1229	No	No	Less Likely	Less Likely	Important
Encryption Key Negotiation of Bluetooth Vulnerability
CVE-2019-9506	No	No	Less Likely	Less Likely	Important	9.3	8.1
Git for Visual Studio Elevation of Privilege Vulnerability
CVE-2019-1211	No	No	Less Likely	Less Likely	Important
HTTP/2 Server Denial of Service Vulnerability
CVE-2019-9511	No	No	Less Likely	Less Likely	Important	7.5	6.7
CVE-2019-9512	No	No	Less Likely	Less Likely	Important	7.5	6.7
CVE-2019-9513	No	No	Less Likely	Less Likely	Important	7.5	6.7
CVE-2019-9514	No	No	Less Likely	Less Likely	Important	7.5	6.7
CVE-2019-9518	No	No	Less Likely	Less Likely	Important	7.5	6.7
Hyper-V Remote Code Execution Vulnerability
CVE-2019-0720	No	No	Less Likely	Less Likely	Critical	8.0	7.2
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1146	No	No	Less Likely	Less Likely	Important	7.8	7.0
CVE-2019-1147	No	No	Less Likely	Less Likely	Important	7.8	7.0
CVE-2019-1155	No	No	Less Likely	Less Likely	Important	7.8	7.0
CVE-2019-1156	No	No	Less Likely	Less Likely	Important	7.8	7.0
CVE-2019-1157	No	No	Less Likely	Less Likely	Important	7.8	7.0
LNK Remote Code Execution Vulnerability
CVE-2019-1188	No	No	Less Likely	Less Likely	Critical	7.5	6.7
MS XML Remote Code Execution Vulnerability
CVE-2019-1057	No	No	Less Likely	Less Likely	Important	6.4	5.8
Microsoft Browser Memory Corruption Vulnerability
CVE-2019-1193	No	No	Less Likely	Less Likely	Important	6.4	5.8
Microsoft Browsers Security Feature Bypass Vulnerability
CVE-2019-1192	No	No	More Likely	More Likely	Important	2.4	2.2
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2019-1161	No	No	Less Likely	Less Likely	Important
Microsoft Edge Information Disclosure Vulnerability
CVE-2019-1030	No	No	-	-	Important	4.3	3.9
Microsoft Graphics Component Information Disclosure Vulnerability
CVE-2019-1078	No	No	More Likely	More Likely	Important	5.5	5.0
CVE-2019-1148	No	No	Less Likely	Less Likely	Important	5.5	5.0
CVE-2019-1153	No	No	Less Likely	Less Likely	Important	5.5	5.0
Microsoft Graphics Remote Code Execution Vulnerability
CVE-2019-1144	No	No	Less Likely	Less Likely	Critical	8.8	7.9
CVE-2019-1145	No	No	Less Likely	Less Likely	Critical	8.8	7.9
CVE-2019-1149	No	No	Less Likely	Less Likely	Critical	8.8	7.9
CVE-2019-1150	No	No	Less Likely	Less Likely	Critical	8.8	7.9
CVE-2019-1151	No	No	Less Likely	Less Likely	Critical	8.8	7.9
CVE-2019-1152	No	No	Less Likely	Less Likely	Critical	8.8	7.9
Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
ADV190023	Yes	No	-	-
Microsoft Live Accounts Elevation of Privilege Vulnerability
ADV190014	No	No	-	-	Important
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-1203	No	No	Less Likely	Less Likely	Important
Microsoft Outlook Elevation of Privilege Vulnerability
CVE-2019-1204	No	No	More Likely	More Likely	Important
Microsoft Outlook Memory Corruption Vulnerability
CVE-2019-1199	No	No	More Likely	More Likely	Critical
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2019-1200	No	No	Less Likely	Less Likely	Critical
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2019-1202	No	No	Less Likely	Less Likely	Important
Microsoft Windows Elevation of Privilege Vulnerability
CVE-2019-1198	No	No	Less Likely	Less Likely	Important	6.5	5.9
Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability
CVE-2019-1168	No	No	Less Likely	Less Likely	Important	7.8	7.0
Microsoft Word Remote Code Execution Vulnerability
CVE-2019-1201	No	No	More Likely	More Likely	Critical
CVE-2019-1205	No	No	Less Likely	Less Likely	Critical
Outlook iOS Spoofing Vulnerability
CVE-2019-1218	No	No	-	-	Important
Remote Desktop Protocol Server Information Disclosure Vulnerability
CVE-2019-1224	No	No	More Likely	More Likely	Important	7.5	6.7
CVE-2019-1225	No	No	More Likely	More Likely	Important	7.5	6.7
Remote Desktop ServicesRemote Code Execution Vulnerability
CVE-2019-1181	No	No	More Likely	More Likely	Critical	9.8	8.8
CVE-2019-1182	No	No	More Likely	More Likely	Critical	9.8	8.8
CVE-2019-1222	No	No	More Likely	More Likely	Critical	9.8	8.8
CVE-2019-1226	No	No	More Likely	More Likely	Critical	9.8	8.8
Scripting Engine Memory Corruption Vulnerability
CVE-2019-1133	No	No	Less Likely	Less Likely	Critical	6.4	5.8
CVE-2019-1194	No	No	Less Likely	Less Likely	Critical	6.4	5.8
SymCrypt Information Disclosure Vulnerability
CVE-2019-1171	No	No	Less Likely	Less Likely	Important	5.6	5.1
Win32k Elevation of Privilege Vulnerability
CVE-2019-1169	No	No	-	-	Important	7.8	7.0
Windows ALPC Elevation of Privilege Vulnerability
CVE-2019-1162	No	No	Less Likely	Less Likely	Important	7.8	7.2
Windows DHCP Client Remote Code Execution Vulnerability
CVE-2019-0736	No	No	Less Likely	Less Likely	Critical	9.8	8.8
Windows DHCP Server Denial of Service Vulnerability
CVE-2019-1206	No	No	Less Likely	Less Likely	Important	7.5	6.7
CVE-2019-1212	No	No	Less Likely	Less Likely	Important	9.8	8.8
Windows DHCP Server Remote Code Execution Vulnerability
CVE-2019-1213	No	No	-	-	Critical	9.8	8.8
Windows Denial of Service Vulnerability
CVE-2019-0716	No	No	Less Likely	Less Likely	Important	5.8	5.2
Windows Elevation of Privilege Vulnerability
CVE-2019-1173	No	No	More Likely	More Likely	Important	7.0	6.3
CVE-2019-1174	No	No	More Likely	More Likely	Important	7.0	6.3
CVE-2019-1175	No	No	More Likely	More Likely	Important	7.0	6.3
CVE-2019-1178	No	No	Less Likely	Less Likely	Important	7.0	6.3
CVE-2019-1179	No	No	Less Likely	Less Likely	Important	7.0	6.3
CVE-2019-1180	No	No	Less Likely	Less Likely	Important	7.0	6.3
CVE-2019-1177	No	No	Less Likely	Less Likely	Important	7.0	6.3
CVE-2019-1184	No	No	More Likely	More Likely	Important	6.7	6.0
CVE-2019-1186	No	No	Less Likely	Less Likely	Important	7.0	6.3
Windows File Signature Security Feature Bypass Vulnerability
CVE-2019-1163	No	No	Less Likely	Less Likely	Important	5.5	5.0
Windows Graphics Component Information Disclosure Vulnerability
CVE-2019-1143	No	No	Less Likely	Less Likely	Important	5.5	5.0
CVE-2019-1154	No	No	-	-	Important	5.5	5.0
CVE-2019-1158	No	No	Less Likely	Less Likely	Important	5.5	5.0
Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0714	No	No	Less Likely	Less Likely	Important	5.8	5.2
CVE-2019-0715	No	No	Less Likely	Less Likely	Important	5.8	5.2
CVE-2019-0717	No	No	Less Likely	Less Likely	Important	5.8	5.2
CVE-2019-0718	No	No	Less Likely	Less Likely	Important	5.8	5.2
CVE-2019-0723	No	No	Less Likely	Less Likely	Important	5.8	5.2
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-0965	No	No	Less Likely	Less Likely	Critical	7.6	6.8
Windows Image Elevation of Privilege Vulnerability
CVE-2019-1190	No	No	Less Likely	Less Likely	Important	7.8	7.0
Windows Information Disclosure Vulnerability
CVE-2019-1172	No	No	Less Likely	Less Likely	Important	4.3	3.9
Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-1159	No	No	More Likely	More Likely	Important	7.8	7.0
CVE-2019-1164	No	No	More Likely	More Likely	Important	7.8	7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2019-1227	No	No	Less Likely	Less Likely	Important	5.5	5.0
CVE-2019-1228	No	No	-	-	Important	5.5	5.0
Windows NTFS Elevation of Privilege Vulnerability
CVE-2019-1170	No	No	More Likely	More Likely	Important	7.9	7.1
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2019-1223	No	No	More Likely	More Likely	Important	7.5	6.7
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2019-1185	No	No	-	-	Important
Windows VBScript Engine Remote Code Execution Vulnerability
CVE-2019-1183	No	No	Less Likely	Less Likely	Critical	7.5	6.7
XmlLite Runtime Denial of Service Vulnerability
CVE-2019-1187	No	No	Less Likely	Less Likely	Important	5.5	5.0

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

Keywords:

0 comment(s)

ISC Stormcast For Tuesday, August 13th 2019 https://isc.sans.edu/podcastdetail.html?id=6618

Comments

cwqwqwq

eweew<a href="https://www.seocheckin.com/edu-sites-list/">mashood</a>

WQwqwqwq[url=https://www.seocheckin.com/edu-sites-list/]mashood[/url]

dwqqqwqwq mashood

[https://isc.sans.edu/diary.html](https://isc.sans.edu/diary.html)

[https://isc.sans.edu/diary.html | https://isc.sans.edu/diary.html]

What's this all about ..?

password reveal .

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission

https://thehomestore.com.pk/

Internet Storm Center

August 2019 Microsoft Patch Tuesday

Comments

www

Nov 17th 2022
4 months ago

EEW

Nov 17th 2022
4 months ago

qwq

Nov 17th 2022
4 months ago

mashood

Nov 17th 2022
4 months ago

isc.sans.edu

Nov 23rd 2022
3 months ago

isc.sans.edu

Nov 23rd 2022
3 months ago

isc.sans.edu

Dec 3rd 2022
3 months ago

isc.sans.edu

Dec 3rd 2022
3 months ago

isc.sans.edu

Dec 26th 2022
2 months ago

isc.sans.edu

Dec 26th 2022
2 months ago

August 2019 Microsoft Patch Tuesday

Comments

www

Nov 17th 20224 months ago

EEW

Nov 17th 20224 months ago

qwq

Nov 17th 20224 months ago

mashood

Nov 17th 20224 months ago

isc.sans.edu

Nov 23rd 20223 months ago

isc.sans.edu

Nov 23rd 20223 months ago

isc.sans.edu

Dec 3rd 20223 months ago

isc.sans.edu

Dec 3rd 20223 months ago

isc.sans.edu

Dec 26th 20222 months ago

isc.sans.edu

Dec 26th 20222 months ago

Nov 17th 2022
4 months ago

Nov 17th 2022
4 months ago

Nov 17th 2022
4 months ago

Nov 17th 2022
4 months ago

Nov 23rd 2022
3 months ago

Nov 23rd 2022
3 months ago

Dec 3rd 2022
3 months ago

Dec 3rd 2022
3 months ago

Dec 26th 2022
2 months ago

Dec 26th 2022
2 months ago