[German]One more small addendum: In July 2019 Microsoft published some security advisories, which I don't want to withhold from you. Among other things there is an update in PowerShell Core 6.1.5 and 6.2.2 to fix a security vulnerability.
Advertising
Security Update for PowerShell Core 6.1.5 and 6.2.2
On July 16, 2019, Microsoft released the security advisory CVE-2019-1167 titled Windows Defender Application Control Security Feature Bypass Vulnerability. The information was sent to me by mail the night before:
Revision Information: CVE-2019-1167
– CVE-2019-1167
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: July 16, 2019
– Updated: N/A
– Aggregate CVE Severity Rating: Important
A vulnerability exists in the Windows Defender Application Control (WDAC) that could allow an attacker to bypass the WDAC mechanisms. An attacker who has successfully exploited this vulnerability could bypass the PowerShell Core Constrained Language Mode on the computer. For more details, see the articles linked in security advisory CVE-2019-1167 .
**************************************************************************************
Title: Microsoft Security Update Releases
Issued: July 9, 2019
**************************************************************************************
Summary
=======
Advertising
The following CVEs have undergone a major revision increment:
* CVE-2019-0683
* CVE-2019-0998
* CVE-2019-1072
Revision Information:
=====================
– CVE-2019-0683
– Version: 3.0
– Reason for Revision: On July 9, 2019, Microsoft released security updates for all
versions of Microsoft Windows to set the new trust flag to Yes for CVE-2018-0683,
the CVE that addresses the issue described in ADV190006. For more information please
see KB4490425.
– Originally posted: March 12, 2019
– Updated: June 11, 2019
– Aggregate CVE Severity Rating: Important
– CVE-2019-0998
– Version: 2.0
– Reason for Revision: Information revised to announce the release of a new Windows
10 Version 1903 security update (4507453) for CVE-2019-0998. The update adds to
the original release to comprehensively address CVE-2019-0998. Microsoft
recommends that customers running the affected software install the security
update to be fully protected from the vulnerability described in this CVE.
– Originally posted: June 11, 2019
– Updated: July 9, 2019
– Aggregate CVE Severity Rating: Important
– CVE-2019-1072
– Version: 2.0
– Reason for Revision: Added Team Foundation Server 2010 SP1 (x86) and Team
Foundation Server 2010 SP1 (x64) to the Security Updates table as there are
unique security updates for each architecture. Corrected Security Update
download links for Team Foundation Server 2012 Update 4, Team Foundation Server
2013 Update 5, and Azure DevOps Server 2019.0.1.
– Originally posted: July 9, 2019
– Updated: July 9, 2019
– Aggregate CVE Severity Rating: Critical
**************************************************************************************
Title: Microsoft Security Advisory Notification
Issued: July 9, 2019
**************************************************************************************
Security Advisories Released or Updated on July 9, 2019
======================================================================================
* Microsoft Security Advisory ADV990001
– ADV990001 | Latest Servicing Stack Updates
– Reason for Revision: A Servicing Stack Update has been released for all supported
versions of Windows 10, Windows 8.1, Windows Server 2012 R2 and Windows Server
2012. See the FAQ section for more information.
– Originally posted: November 13, 2018
– Updated: July 9, 2019
– Version: 11.0
* Microsoft Security Advisory ADV190006
| Guidance to mitigate unconstrained delegation vulnerabilities
– Reason for Revision: On July 9, 2019, Microsoft released security updates for all
versions of Microsoft Windows to set the new trust flag to Yes for CVE-2019-0683,
the CVE that addresses the issue described in ADV190006. For more information
please see KB4490425.
– Originally posted: February 12, 2019
– Updated: July 9, 2019
– Version: 1.4
* Microsoft Security Advisory ADV190021
– ADV190021 | Outlook on the web Cross-Site Scripting Vulnerability
– Reason for Revision: Information published.
– Originally posted: July 9, 2019
– Updated: N/A
– Version: 1.0
Advertising
