Microsoft Security Advisories July 2019

[German]One more small addendum: In July 2019 Microsoft published some security advisories, which I don’t want to withhold from you. Among other things there is an update in PowerShell Core 6.1.5 and 6.2.2 to fix a security vulnerability.


Advertising

Security Update for PowerShell Core 6.1.5 and 6.2.2

On July 16, 2019, Microsoft released the security advisory CVE-2019-1167 titled Windows Defender Application Control Security Feature Bypass Vulnerability. The information was sent to me by mail the night before:

Revision Information: CVE-2019-1167 
CVE-2019-1167
– Version: 1.0
– Reason for Revision: Information published.
– Originally posted: July 16, 2019
– Updated: N/A
– Aggregate CVE Severity Rating: Important

A vulnerability exists in the Windows Defender Application Control (WDAC) that could allow an attacker to bypass the WDAC mechanisms. An attacker who has successfully exploited this vulnerability could bypass the PowerShell Core Constrained Language Mode on the computer. For more details, see the articles linked in security advisory CVE-2019-1167 .

**************************************************************************************
Title: Microsoft Security Update Releases
Issued: July 9, 2019
**************************************************************************************

Summary
=======


Advertising

The following CVEs have undergone a major revision increment:

* CVE-2019-0683
* CVE-2019-0998
* CVE-2019-1072

 
Revision Information:
=====================

CVE-2019-0683
– Version: 3.0
– Reason for Revision: On July 9, 2019, Microsoft released security updates for all
   versions of Microsoft Windows to set the new trust flag to Yes for CVE-2018-0683,
   the CVE that addresses the issue described in ADV190006. For more information please
   see KB4490425.
– Originally posted: March 12, 2019
– Updated: June 11, 2019
– Aggregate CVE Severity Rating: Important

CVE-2019-0998
– Version: 2.0
– Reason for Revision: Information revised to announce the release of a new Windows
   10 Version 1903 security update (4507453) for CVE-2019-0998. The update adds to
   the original release to comprehensively address CVE-2019-0998. Microsoft
   recommends that customers running the affected software install the security
   update to be fully protected from the vulnerability described in this CVE.
– Originally posted: June 11, 2019
– Updated: July 9, 2019
– Aggregate CVE Severity Rating: Important

CVE-2019-1072
– Version: 2.0
– Reason for Revision: Added Team Foundation Server 2010 SP1 (x86) and Team
   Foundation Server 2010 SP1 (x64) to the Security Updates table as there are
   unique security updates for each architecture. Corrected Security Update
   download links for Team Foundation Server 2012 Update 4, Team Foundation Server
   2013 Update 5, and Azure DevOps Server 2019.0.1.
– Originally posted: July 9, 2019
– Updated: July 9, 2019
– Aggregate CVE Severity Rating: Critical

**************************************************************************************
Title: Microsoft Security Advisory Notification
Issued: July 9, 2019
**************************************************************************************

Security Advisories Released or Updated on July 9, 2019
======================================================================================

* Microsoft Security Advisory ADV990001

ADV990001 | Latest Servicing Stack Updates
– Reason for Revision: A Servicing Stack Update has been released for all supported
   versions of Windows 10, Windows 8.1, Windows Server 2012 R2 and Windows Server
   2012. See the FAQ section for more information.
– Originally posted: November 13, 2018
– Updated: July 9, 2019
– Version: 11.0

* Microsoft Security Advisory ADV190006

ADV190006

| Guidance to mitigate unconstrained delegation vulnerabilities
– Reason for Revision: On July 9, 2019, Microsoft released security updates for all
   versions of Microsoft Windows to set the new trust flag to Yes for CVE-2019-0683,
   the CVE that addresses the issue described in ADV190006. For more information
   please see KB4490425.
– Originally posted: February 12, 2019
– Updated: July 9, 2019
– Version: 1.4

* Microsoft Security Advisory ADV190021

ADV190021 | Outlook on the web Cross-Site Scripting Vulnerability
– Reason for Revision: Information published.
– Originally posted: July 9, 2019
– Updated: N/A
– Version: 1.0


Advertising
This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *