{"id":12332,"date":"2019-12-16T00:09:00","date_gmt":"2019-12-15T23:09:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=12332"},"modified":"2022-11-03T10:36:44","modified_gmt":"2022-11-03T09:36:44","slug":"microsoft-security-advisory-notification-3-10-12-2019","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/12\/16\/microsoft-security-advisory-notification-3-10-12-2019\/","title":{"rendered":"Microsoft Security Advisory Notification (Dec. 3, &amp; 10, 2019)"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/?p=226128\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]Another postscript from the last days. In December 2019, Microsoft published several security alerts on various vulnerabilities. <\/p>\n<p><!--more--><\/p>\n<h2>Security Advisory Released on December 3, 2019<\/h2>\n<p>Microsoft Security Advisory <a href=\"https:\/\/web.archive.org\/web\/20200313195120\/https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/ADV190026\" target=\"_blank\" rel=\"noopener noreferrer\">ADV190026<\/a>: Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business<\/p>\n<p>&#8211; Reason for Revision: Information published.<br \/>&#8211; Originally posted: December 3, 2019<br \/>&#8211; Updated: N\/A<br \/>&#8211; Version: 1.0<\/p>\n<p>Microsoft is aware of a problem in Windows Hello for Business (WHfB) with public keys. This occurs after a device is removed from the Active Directory. After a user has set up Windows Hello for Business (WHfB), the public key WHfB is written to the local Active Directory. The WHfB keys are bound to a user and a device that has been added to Azure AD. <\/p>\n<p>If the device is removed, the corresponding WHfB key is considered orphaned. However, these orphaned keys are not deleted even if the device on which they were created no longer exists. Any authentication to Azure AD with such an orphaned WHfB key will be rejected. <\/p>\n<p>However, some of these orphaned keys may cause the following security issues in Active Directory 2016 or 2019, either in hybrid or local environments.  <\/p>\n<blockquote>\n<p>An authenticated attacker could obtain orphaned keys created on TPMs affected by CVE-2017-15361 (ROCA), as described in Microsoft Security Advisory ADV170012, to calculate their private WHfB key from orphaned public keys. The attacker could then impersonate the user using the stolen private key to authenticate as a user within the domain using Public Key Cryptography for Initial Authentication (PKINIT).<\/p>\n<\/blockquote>\n<p>This attack is also possible if firmware and software updates have been applied to TPMs affected by CVE-2017-15361 because the corresponding public keys may still be present in the Active Directory. The <a href=\"https:\/\/web.archive.org\/web\/20200313195120\/https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/ADV190026\" target=\"_blank\" rel=\"noopener noreferrer\">Microsoft Advisor<\/a> provides instructions for cleaning orphaned public keys that were generated with an unpatched TPM (before firmware updates described in ADV170012 were applied). <\/p>\n<h2>Microsoft Security Update Releases December 10, 2019<\/h2>\n<p>As of December 10, 2019, Microsoft has issued another security advisory regarding the following revised CVEs:<\/p>\n<p>* CVE-2018-0859<br \/>* CVE-2019-0838<br \/>* CVE-2019-0860<\/p>\n<p>Revision Information:<\/p>\n<p>&#8211; <a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2018-0859\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2018-0859<\/a> | Scripting Engine Memory Corruption Vulnerability<br \/>&#8211; Version: 2.0<br \/>&#8211; Reason for Revision: Revised the Security Updates table to include supported <br \/>&nbsp;&nbsp; editions of Windows 10 Version 1903 because it is affected by this CVE. Microsoft <br \/>&nbsp;&nbsp; recommends that customers running Windows 10 Version 1903 install security update<br \/>&nbsp;&nbsp; 4530684 to be protected from this vulnerability.<br \/>&#8211; Originally posted: February 13, 2018<br \/>&#8211; Updated: December 10, 2019<br \/>&#8211; Aggregate CVE Severity Rating: Critical<\/p>\n<p>&#8211; <a href=\"https:\/\/web.archive.org\/web\/20200314215740\/https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2019-0838\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2019-0838<\/a> | Windows Information Disclosure Vulnerability<br \/>&#8211; Version: 2.0<br \/>&#8211; Reason for Revision: Revised the Security Updates table to include supported <br \/>&nbsp;&nbsp; editions of Windows 10 Version 1903 because it is affected by this CVE. Microsoft <br \/>&nbsp;&nbsp; recommends that customers running Windows 10 Version 1903 install security update<br \/>&nbsp;&nbsp; 4530684 to be protected from this vulnerability.<br \/>&#8211; Originally posted: April 9, 2019<br \/>&#8211; Updated: December 10, 2019<br \/>&#8211; Aggregate CVE Severity Rating: Important<\/p>\n<p>&#8211; <a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/advisory\/CVE-2019-0860\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2019-0860<\/a> | Chakra Scripting Engine Memory Corruption Vulnerability<br \/>&#8211; Version: 2.0<br \/>&#8211; Reason for Revision: Revised the Security Updates table to include supported <br \/>&nbsp;&nbsp; editions of Windows 10 Version 1903 because it is affected by this CVE. Microsoft <br \/>&nbsp;&nbsp; recommends that customers running Windows 10 Version 1903 install security update<br \/>&nbsp;&nbsp; 4530684 to be protected from this vulnerability.<br \/>&#8211; Originally posted: April 9, 2019<br \/>&#8211; Updated: December 10, 2019<br \/>&#8211; Aggregate CVE Severity Rating: Critical<\/p>\n<h2>Servicing-Stack-Update ADV990001 <\/h2>\n<p>In addition, a Servicing Stack Update (SSU) (see  ADV990001) for Windows Server 2008 and Windows Server 2008 (Server Core Installation); Windows 7, Windows Server<br \/>2008 R2, and Windows Server 2008 R2 (Server Core Installation) released. <\/p>\n<p>&#8211; Originally posted: November 13, 2018<br \/>&#8211; Updated: December 10, 2019<br \/>&#8211; Aggregate CVE Severity Rating: Critical<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Another postscript from the last days. In December 2019, Microsoft published several security alerts on various vulnerabilities.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-12332","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=12332"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/12332\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=12332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=12332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=12332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}