Microsoft Security Advisory (October 8,/10, 2019)

[German]Another supplement from last week. Microsoft has published Security Advisory for the 8th and 10th of October 2019, which I will post here.


Advertising

One document concerns the vulnerabilities in Edge and in IE’s scripting engine that were closed on Patchday (8.10.2019). If you have activated the automatic updates, you don’t need to do anything else. Furthermore, there are vulnerabilities in the Windows 10 Update Assistant. For all vulnerabilities I had separate posts here in the blog.

Update Assistent. Zu allen Schwachstellen hatte ich hier im Blog separate Beiträge.

************************************************************************
Title: Microsoft Security Update Releases
Issued: October 8, 2019
************************************************************************

Summary
=======

The following CVEs and advisory have undergone a major revision increment:


Advertising

* CVE-2019-1192
* CVE-2019-1367
* ADV190001

Revision Information:
=====================

CVE-2019-1192 | Microsoft Browsers Security Feature Bypass Vulnerability
–  Version: 2.0
– Reason for Revision: To comprehensively address CVE-2019-1192, Microsoft has
   released October 2019 security updates for Microsoft Edge installed on supported
   editions of Windows 10; for Internet Explorer 11 installed on all affected versions
   of Window 10, Windows 8.1, Server 2012, and Windows 7; and for Internet Explorer 10
   installed on Windows Server 2012. Microsoft strongly recommends that customers
   install the updates to be fully protected from the vulnerability. Customers whose
   systems are configured to receive automatic updates do not need to take any
   further action.
– Originally posted: August 13, 2019
– Updated: October 8, 2019
– Aggregate CVE Severity Rating: Important

CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability
– Version: 3.0
– Reason for Revision: The October security updates Microsoft is releasing on
   October 8, 2019 address a known printing issue customers might have experienced
   after installing any of the Security Updates, IE Cumulative Updates, or Monthly
   Rollups that were released on September 23 or October 3 for all applicable
   installations of Internet Explorer 9, 10, or 11 on Microsoft Windows. Customers
   who have already installed the updates released on September 23 or October 3
   should install the October Security Updates to adress any printing issues you might
   have been experiencing. Please see the Security Updates table to download and
   install the October security updates.
– Originally posted: September 23, 2019
– Updated: October 8, 2019
– Aggregate CVE Severity Rating: Critical

ADV990001 | Latest Servicing Stack Updates
–  – Version: 15.0
– Reason for Revision: A Servicing Stack Update has been released for all supported
   versions of Windows 10 (including Windows Server 2016 and 2019), Windows 8.1,
   Windows Server 2012 R2 and Windows Server 2012. See the FAQ section for more
   information.
– Originally posted: November 13, 2018
– Updated: October 8, 2019
– Aggregate CVE Severity Rating: Critical

****************************************************************************
Title: Microsoft Security Update Releases
Issued: October 10, 2019
****************************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2019-1316
* CVE-2019-1378

 
Revision Information:
=====================

CVE-2019-1316 | Microsoft Windows Setup Elevation of Privilege Vulnerability
– Version: 2.0
– Reason for Revision: The following updates have been made: 1. In the Security
   Updates table, corrected the Download type to “Setup DU” and corrected the Download
   and Article links. Please see the FAQ section for more information about Setup DUs.
   2. Removed Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems as
   they are not affected by this vulnerability.
   3. Added FAQ to explain Setup DU downloads and how to get these updates.
– Originally posted: October 8, 2019
– Updated: October 9, 2019
– Aggregate CVE Severity Rating: Important

CVE-2019-1378 | Windows 10 Update Assistant Elevation of Privilege Vulnerability
– Version: 2.0
– Reason for Revision: The security update for Windows Update Assistant is now
   available. See the Security Updates table for more information.
– Originally posted: October 8, 2019
– Updated: October 9, 2019
– Aggregate CVE Severity Rating: Important

Ähnliche Artikel:
Sicherheitslücke im Windows 10 Update Assistent
Patchday Windows 10-Updates (8. Oktober 2019)
Windows 10 Oktober 2019-Patchday (Startmenü-) Probleme


Advertising
This entry was posted in browser, Security and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *