{"id":220693,"date":"2019-07-17T12:09:38","date_gmt":"2019-07-17T10:09:38","guid":{"rendered":"https:\/\/www.borncity.com\/blog\/?p=220693"},"modified":"2024-01-24T11:25:20","modified_gmt":"2024-01-24T10:25:20","slug":"microsoft-sicherheitshinweise-juli-2019","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2019\/07\/17\/microsoft-sicherheitshinweise-juli-2019\/","title":{"rendered":"Microsoft Sicherheitshinweise Juli 2019"},"content":{"rendered":"

[English]Noch ein kleiner Nachtrag: Microsoft hat im Juli 2019 einige Sicherheitshinweise ver\u00f6ffentlicht, die ich euch nicht vorenthalten m\u00f6chte. Unter anderem gibt es ein Update im PowerShell Core 6.1.5 und 6.2.2 zum Beheben einer Sicherheitsl\u00fccke.<\/p>\n

<\/p>\n

Sicherheitsupdate f\u00fcr PowerShell Core 6.1.5 und 6.2.2<\/h2>\n

\"\"Zum 16. Juli 2019 hat Microsoft den Sicherheitshinweis CVE-2019-1167<\/a> mit dem Titel Windows Defender Application Control Security Feature Bypass Vulnerability <\/em>ver\u00f6ffentlicht. Die Information ist mir die Nacht per Mail zugegangen:<\/p>\n

Revision Information: CVE-2019-1167 
CVE-2019-1167<\/a>
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: July 16, 2019
– Updated: N\/A
– Aggregate CVE Severity Rating: Important<\/p>\n

In der Windows Defender Application Control (WDAC) existiert eine Sicherheitsl\u00fccke, die es einem Angreifer erm\u00f6glichen k\u00f6nnte, die WDAC-Mechanismen zu umgehen. Ein Angreifer, der diese Schwachstelle erfolgreich ausgenutzt hat, k\u00f6nnte den PowerShell Core Constrained Language Mode auf dem Computer umgehen. Weitere Details finden sich in in den im Sicherheitshinweis CVE-2019-1167<\/a> verlinkten Artikeln.<\/p>\n

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: July 9, 2019
**************************************************************************************<\/p>\n

Summary
=======<\/p>\n

The following CVEs have undergone a major revision increment:<\/p>\n

* CVE-2019-0683
* CVE-2019-0998
* CVE-2019-1072<\/p>\n

 
Revision Information:
=====================<\/p>\n

CVE-2019-0683<\/a>
– Version: 3.0
– Reason for Revision: On July 9, 2019, Microsoft released security updates for all
   versions of Microsoft Windows to set the new trust flag to Yes for CVE-2018-0683,
   the CVE that addresses the issue described in ADV190006. For more information please
   see KB4490425<\/a>.
– Originally posted: March 12, 2019
– Updated: June 11, 2019
– Aggregate CVE Severity Rating: Important<\/p>\n

CVE-2019-0998<\/a>
– Version: 2.0
– Reason for Revision: Information revised to announce the release of a new Windows
   10 Version 1903 security update (4507453) for CVE-2019-0998. The update adds to
   the original release to comprehensively address CVE-2019-0998. Microsoft
   recommends that customers running the affected software install the security
   update to be fully protected from the vulnerability described in this CVE.
– Originally posted: June 11, 2019
– Updated: July 9, 2019
– Aggregate CVE Severity Rating: Important<\/p>\n

CVE-2019-1072<\/a>
– Version: 2.0
– Reason for Revision: Added Team Foundation Server 2010 SP1 (x86) and Team
   Foundation Server 2010 SP1 (x64) to the Security Updates table as there are
   unique security updates for each architecture. Corrected Security Update
   download links for Team Foundation Server 2012 Update 4, Team Foundation Server
   2013 Update 5, and Azure DevOps Server 2019.0.1.
– Originally posted: July 9, 2019
– Updated: July 9, 2019
– Aggregate CVE Severity Rating: Critical<\/p>\n

**************************************************************************************
Title: Microsoft Security Advisory Notification
Issued: July 9, 2019
**************************************************************************************<\/p>\n

Security Advisories Released or Updated on July 9, 2019
======================================================================================<\/p>\n

* Microsoft Security Advisory ADV990001<\/p>\n

ADV990001<\/a> | Latest Servicing Stack Updates
– Reason for Revision: A Servicing Stack Update has been released for all supported
   versions of Windows 10, Windows 8.1, Windows Server 2012 R2 and Windows Server
   2012. See the FAQ section for more information.
– Originally posted: November 13, 2018
– Updated: July 9, 2019
– Version: 11.0<\/p>\n

* Microsoft Security Advisory ADV190006<\/p>\n

ADV190006<\/a> <\/p>\n

| Guidance to mitigate unconstrained delegation vulnerabilities
– Reason for Revision: On July 9, 2019, Microsoft released security updates for all
   versions of Microsoft Windows to set the new trust flag to Yes for CVE-2019-0683,
   the CVE that addresses the issue described in ADV190006. For more information
   please see KB4490425<\/a>.
– Originally posted: February 12, 2019
– Updated: July 9, 2019
– Version: 1.4<\/p>\n

* Microsoft Security Advisory ADV190021<\/p>\n

ADV190021<\/a> | Outlook on the web Cross-Site Scripting Vulnerability
– Reason for Revision: Information published.
– Originally posted: July 9, 2019
– Updated: N\/A
– Version: 1.0<\/p>\n","protected":false},"excerpt":{"rendered":"

[English]Noch ein kleiner Nachtrag: Microsoft hat im Juli 2019 einige Sicherheitshinweise ver\u00f6ffentlicht, die ich euch nicht vorenthalten m\u00f6chte. Unter anderem gibt es ein Update im PowerShell Core 6.1.5 und 6.2.2 zum Beheben einer Sicherheitsl\u00fccke.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426,301],"tags":[672,4328],"class_list":["post-220693","post","type-post","status-publish","format-standard","hentry","category-sicherheit","category-windows","tag-microsoft","tag-sicherheit"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/220693","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=220693"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/220693\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=220693"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=220693"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=220693"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}