Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s September 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-849 on Wednesday, September 11th.

In-The-Wild & Disclosed CVEs

CVE-2019-1214

An elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver can allow an attacker to run processes in an elevated context. Microsoft has reported this as being exploited and credited the Qihoo 360 Vulcan Team with reporting the vulnerability.

Microsoft has rated this as a 3 (Exploitation Unlikely) on the latest software release and as a 1 (Exploitation More Likely) on older software releases on the Exploitability Index.

CVE-2019-1215

An elevation of privilege vulnerability in Winsock (ws2ifsl.sys) can allow an attacker to execute code in an elevated context. Microsoft has also reported this as being exploited but there’s no official acknowledgement for the discovery / reporting of the vulnerability.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-1235

On systems that have installed an Input Method Editor (IME), attackers can inject commands and read input via a malicious IME because the Windows Text Service Framework (TSF) server does not properly validate the source of input. This vulnerability has been publicly disclosed.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE-2019-1253

An elevation of privilege vulnerability in Windows AppX Deployment Server can allow an attacker to run code in an elevated context due to the improper handling of junctions. This vulnerability has been publicly disclosed.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE-2019-1294

An attacker with physical access to a system could enable certain debugging options that would allow for the disclosure of protected kernel memory when Windows Secure Boot is enabled. The update removes the ability to access certain debugging options when Windows Secure Boot is enabled. This vulnerability has been publicly disclosed.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

 

Tag
CVE Count
CVEs
Windows Hyper-V
2
CVE-2019-0928, CVE-2019-1254
Microsoft Yammer
1
CVE-2019-1265
Microsoft Windows
18
CVE-2019-1215, CVE-2019-1219, CVE-2019-1267, CVE-2019-1268, CVE-2019-1269, CVE-2019-1270, CVE-2019-1271, CVE-2019-1272, CVE-2019-1235, CVE-2019-1253, CVE-2019-1277, CVE-2019-1278, CVE-2019-1280, CVE-2019-1287, CVE-2019-1289, CVE-2019-1292, CVE-2019-1294, CVE-2019-1303
Microsoft Edge
1
CVE-2019-1299
Visual Studio
1
CVE-2019-1232
Microsoft Browsers
1
CVE-2019-1220
Microsoft Office SharePoint
7
CVE-2019-1257, CVE-2019-1259, CVE-2019-1260, CVE-2019-1261, CVE-2019-1262, CVE-2019-1295, CVE-2019-1296
Team Foundation Server
2
CVE-2019-1305, CVE-2019-1306
Microsoft JET Database Engine
9
CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250
Microsoft Graphics Component
8
CVE-2019-1216, CVE-2019-1244, CVE-2019-1245, CVE-2019-1251, CVE-2019-1252, CVE-2019-1283, CVE-2019-1284, CVE-2019-1286
Microsoft Scripting Engine
8
CVE-2019-1138, CVE-2019-1208, CVE-2019-1217, CVE-2019-1221, CVE-2019-1236, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300
Windows Kernel
4
CVE-2019-1274, CVE-2019-1256, CVE-2019-1285, CVE-2019-1293
Microsoft Exchange Server
2
CVE-2019-1233, CVE-2019-1266
Microsoft Office
3
CVE-2019-1297, CVE-2019-1263, CVE-2019-1264
Project Rome
1
CVE-2019-1231
Active Directory
1
CVE-2019-1273
Windows RDP
4
CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, CVE-2019-1291
.NET Framework
1
CVE-2019-1142
Skype for Business and Microsoft Lync
1
CVE-2019-1209
.NET Core
1
CVE-2019-1301
ASP.NET
1
CVE-2019-1302
Common Log File System Driver
2
CVE-2019-1214, CVE-2019-1282

 

 

Other Information

In addition to the Microsoft vulnerabilities included in the August Security Guidance, an advisory was released today.

September 2019 Adobe Flash Security Update [ADV190022]

Microsoft has released an update for Adobe Flash. This corresponds with Adobe update APSB19-46 which includes fixes for CVE-2019-8069 and CVE-2019-8070.

The Executive's Guide to the Top 20 Critical Security Controls