Today’s VERT Alert addresses Microsoft’s August 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-845 on Wednesday, August 14th.
In-The-Wild & Disclosed CVEs
Microsoft has indicated that none of the vulnerabilities being patched this month have been used in-the-wild nor have they been publicly disclosed.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag |
CVE Count |
CVEs |
Windows Hyper-V |
7 |
CVE-2019-0965, CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0718, CVE-2019-0720, CVE-2019-0723 |
Microsoft NTFS |
1 |
CVE-2019-1170 |
Microsoft Windows |
16 |
CVE-2019-1172, CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-0716, CVE-2019-1162, CVE-2019-1163, CVE-2019-1168, CVE-2019-1176, CVE-2019-1177, CVE-2019-1186, CVE-2019-1188, CVE-2019-1198 |
Microsoft Malware Protection Engine |
1 |
CVE-2019-1161 |
Microsoft Edge |
1 |
CVE-2019-1030 |
Visual Studio |
1 |
CVE-2019-1211 |
Microsoft Dynamics |
1 |
CVE-2019-1229 |
Microsoft Browsers |
2 |
CVE-2019-1192, CVE-2019-1193 |
Microsoft Office SharePoint |
2 |
CVE-2019-1202, CVE-2019-1203 |
Microsoft JET Database Engine |
5 |
CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157 |
Windows SymCrypt |
1 |
CVE-2019-1171 |
Microsoft Graphics Component |
12 |
CVE-2019-1078, CVE-2019-1143, CVE-2019-1144, CVE-2019-1145, CVE-2019-1148, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152, CVE-2019-1153, CVE-2019-1154, CVE-2019-1158 |
Microsoft Scripting Engine |
9 |
CVE-2019-1131, CVE-2019-1133, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1194, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197 |
Windows Kernel |
6 |
CVE-2019-1159, CVE-2019-1164, CVE-2019-1169, CVE-2019-1190, CVE-2019-1227, CVE-2019-1228 |
Microsoft Bluetooth Driver |
1 |
CVE-2019-9506 |
Microsoft XML Core Services |
1 |
CVE-2019-1057 |
Windows Shell |
1 |
CVE-2019-1184 |
Microsoft Office |
6 |
CVE-2019-1199, CVE-2019-1200, CVE-2019-1201, CVE-2019-1204, CVE-2019-1205, CVE-2019-1218 |
Windows Scripting |
1 |
CVE-2019-1183 |
Windows RDP |
7 |
CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226 |
Windows DHCP Server |
3 |
CVE-2019-1206, CVE-2019-1212, CVE-2019-1213 |
Windows DHCP Client |
1 |
CVE-2019-0736 |
HTTP/2 |
5 |
CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518 |
Microsoft XML |
1 |
CVE-2019-1187 |
Windows - Linux |
1 |
CVE-2019-1185 |
Other Information
In addition to the Microsoft vulnerabilities included in the August Security Guidance, a pair of advisories were released today.
Microsoft Live Accounts Elevation of Privilege Vulnerability [ADV190014]
Microsoft has released information regarding a vulnerability impacting Outlook Web Access (MS Exchange Online, MS Office 365, and Outlook.com) that could allow an attacker to access another person’s inbox. Microsoft has mitigated this attack vector for all users and no action is required on the part of organizations or individuals.
Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
Microsoft has released guidance for enabling LDAP Channel Binding and LDAP signing, two methods for increasing the security of communication between LDAP clients and AD domain controllers.
