Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s August 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-845 on Wednesday, August 14th.

In-The-Wild & Disclosed CVEs

Microsoft has indicated that none of the vulnerabilities being patched this month have been used in-the-wild nor have they been publicly disclosed.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Windows Hyper-V
7
CVE-2019-0965, CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0718, CVE-2019-0720, CVE-2019-0723
Microsoft NTFS
1
CVE-2019-1170
Microsoft Windows
16
CVE-2019-1172, CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-0716, CVE-2019-1162, CVE-2019-1163, CVE-2019-1168, CVE-2019-1176, CVE-2019-1177, CVE-2019-1186, CVE-2019-1188, CVE-2019-1198
Microsoft Malware Protection Engine
1
CVE-2019-1161
Microsoft Edge
1
CVE-2019-1030
Visual Studio
1
CVE-2019-1211
Microsoft Dynamics
1
CVE-2019-1229
Microsoft Browsers
2
CVE-2019-1192, CVE-2019-1193
Microsoft Office SharePoint
2
CVE-2019-1202, CVE-2019-1203
Microsoft JET Database Engine
5
CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157
Windows SymCrypt
1
CVE-2019-1171
Microsoft Graphics Component
12
CVE-2019-1078, CVE-2019-1143, CVE-2019-1144, CVE-2019-1145, CVE-2019-1148, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152, CVE-2019-1153, CVE-2019-1154, CVE-2019-1158
Microsoft Scripting Engine
9
CVE-2019-1131, CVE-2019-1133, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1194, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197
Windows Kernel
6
CVE-2019-1159, CVE-2019-1164, CVE-2019-1169, CVE-2019-1190, CVE-2019-1227, CVE-2019-1228
Microsoft Bluetooth Driver
1
CVE-2019-9506
Microsoft XML Core Services
1
CVE-2019-1057
Windows Shell
1
CVE-2019-1184
Microsoft Office
6
CVE-2019-1199, CVE-2019-1200, CVE-2019-1201, CVE-2019-1204, CVE-2019-1205, CVE-2019-1218
Windows Scripting
1
CVE-2019-1183
Windows RDP
7
CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226
Windows DHCP Server
3
CVE-2019-1206, CVE-2019-1212, CVE-2019-1213
Windows DHCP Client
1
CVE-2019-0736
HTTP/2
5
CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518
Microsoft XML
1
CVE-2019-1187
Windows – Linux
1
CVE-2019-1185

 

Other Information

In addition to the Microsoft vulnerabilities included in the August Security Guidance, a pair of advisories were released today.

Microsoft Live Accounts Elevation of Privilege Vulnerability [ADV190014]

Microsoft has released information regarding a vulnerability impacting Outlook Web Access (MS Exchange Online, MS Office 365, and Outlook.com) that could allow an attacker to access another person’s inbox. Microsoft has mitigated this attack vector for all users and no action is required on the part of organizations or individuals.

Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing

Microsoft has released guidance for enabling LDAP Channel Binding and LDAP signing, two methods for increasing the security of communication between LDAP clients and AD domain controllers.

The Executive's Guide to the Top 20 Critical Security Controls