{"id":12002,"date":"2019-11-21T23:16:34","date_gmt":"2019-11-21T22:16:34","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=12002"},"modified":"2022-11-03T10:37:21","modified_gmt":"2022-11-03T09:37:21","slug":"microsoft-security-update-releases-nov-12-20-2019","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/11\/21\/microsoft-security-update-releases-nov-12-20-2019\/","title":{"rendered":"Microsoft Security Update Releases (Nov. 12,\/20, 2019)"},"content":{"rendered":"

[German<\/a>]A little addendum from Patchday as well as current information that Microsoft has published as 'Security Update Releases' regarding vulnerabilities and their fixes through security updates.<\/p>\n

Microsoft Security Update Releases (11\/20\/2019)<\/h2>\n

\"\"Currently I have a Microsoft Security Update Release from November 20, 2019 for the CVEs CVE-2019-1460 and CVE-2019-1108, which have been revised.<\/p>\n

Outlook for Android Spoofing Vulnerability<\/h3>\n

Microsoft has released the following 'Revision Information' about this vulnerability: <\/p>\n

\u2013 CVE-2019-1460 | Outlook for Android Spoofing Vulnerability
\u2013 CVE-2019-1460<\/a> \u2013 Version: 1.0
\u2013 Reason for Revision: Information published.
\u2013 Originally posted: November 19, 2019
\u2013 Updated: N\/A
\u2013 Aggregate CVE Severity Rating: Important <\/p>\n

There is a spoofing vulnerability in the product that results from the way Microsoft Outlook for Android analyzes specially crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. <\/p>\n

An attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and execute scripts in the security context of the current user. A security update fixes the vulnerability by correcting the way Microsoft Outlook for Android analyzes specially crafted email messages. <\/p>\n

A security update fixes the vulnerability by correcting the way Microsoft Outlook for Android analyzes specially crafted e-mail messages.<\/p>\n

Remote Desktop Protocol Client Information Disclosure Vulnerability<\/h3>\n

Microsoft has published the following revision for this vulnerability CVE-2019-1108: <\/p>\n

\u2013 CVE-2019-1108 | Remote Desktop Protocol Client Information Disclosure Vulnerability
\u2013 CVE-2019-1108<\/a>
\u2013 Version: 3.0
\u2013 Reason for Revision: The following updates have been made:
1. Added Microsoft Remote Desktop for Mac OS to the Security Updates table because it
    is affected by this vulnerability. Microsoft recommends that customers running
    Microsoft Remote Desktop for Mac OS install the latest security update to be fully
   protected from this vulnerability.
   2. Added Microsoft Remote Desktop for iOS to the Security Updates table because it
   is affected by this vulnerability. Microsoft recommends that customers running
   Microsoft Remote Desktop for iOS install the latest security update to be fully
   protected from this vulnerability. Added an FAQ to explain how to get the update
   for iOS.
\u2013 Originally posted: July 9, 2019
\u2013 Updated: November 19, 2019
\u2013 Aggregate CVE Severity Rating: Important <\/p>\n

In short: Both macOS and iOS are also affected by the RDP vulnerability originally released on July 9, 2019.<\/p>\n

There is a vulnerability that allows information from the Windows RDP client's memory area to be disclosed. An attacker who has successfully exploited this vulnerability could obtain information to further compromise the user's system. To exploit this vulnerability, an attacker would have to connect remotely to an affected system and run a specially developed application. Again, a security update fixes the vulnerability by fixing the memory leak in the Windows RDP client.<\/p>\n

<\/h2>\n

Microsoft Security Update Releases (November 12, 2019)<\/h2>\n

From the November patchday I still have some information about CVE-2019-1454, which has been revised. <\/p>\n

Windows User Profile Service Elevation of Privilege Vulnerability<\/h3>\n

Microsoft has issued the following revision to this CVE-2019-1454 vulnerability:<\/p>\n

\u2013 CVE-2019-1454 | Windows User Profile Service Elevation of Privilege Vulnerability
\u2013 CVE-2019-1454
\u2013 Version: 1.0
\u2013 Reason for Revision: Information published.
\u2013 Originally posted: November 12, 2019
\u2013 Updated: N\/A
\u2013 Aggregate CVE Severity Rating: Important <\/p>\n

An Elevation of Privilege vulnerability exists due to the improper handling of symlinks by the Windows User Profile Service (ProfSvc). An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker must first log on to the system. An attacker could then run a specially developed application that could exploit the vulnerability and delete files or folders of his choice. The security update fixes the vulnerability by correcting how the Windows User Profile Service handles symlinks. <\/p>\n

Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)<\/h3>\n

In addition, Microsoft has published information about the vulnerability in the Trusted Platform Module (TPM) – see TPM-FAIL puts Trusted Platform Module at risk<\/a>.<\/p>\n

\u2013 ADV190024 | Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)
\u2013 ADV190024<\/a>
\u2013 Version: 1.0
\u2013 Reason for Revision: Information published.
\u2013 Originally posted: November 12, 2019
\u2013 Updated: N\/A
\u2013 Aggregate CVE Severity Rating: N\/A<\/p>\n","protected":false},"excerpt":{"rendered":"

[German]A little addendum from Patchday as well as current information that Microsoft has published as 'Security Update Releases' regarding vulnerabilities and their fixes through security updates.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-12002","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12002","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=12002"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12002\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=12002"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=12002"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=12002"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}