Today’s VERT Alert addresses Microsoft’s September 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-849 on Wednesday, September 11th.
In-The-Wild & Disclosed CVEs
CVE-2019-1214
An elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver can allow an attacker to run processes in an elevated context. Microsoft has reported this as being exploited and credited the Qihoo 360 Vulcan Team with reporting the vulnerability. Microsoft has rated this as a 3 (Exploitation Unlikely) on the latest software release and as a 1 (Exploitation More Likely) on older software releases on the Exploitability Index.
CVE-2019-1215
An elevation of privilege vulnerability in Winsock (ws2ifsl.sys) can allow an attacker to execute code in an elevated context. Microsoft has also reported this as being exploited but there’s no official acknowledgement for the discovery / reporting of the vulnerability. Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.
CVE-2019-1235
On systems that have installed an Input Method Editor (IME), attackers can inject commands and read input via a malicious IME because the Windows Text Service Framework (TSF) server does not properly validate the source of input. This vulnerability has been publicly disclosed. Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.
CVE-2019-1253
An elevation of privilege vulnerability in Windows AppX Deployment Server can allow an attacker to run code in an elevated context due to the improper handling of junctions. This vulnerability has been publicly disclosed. Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.
CVE-2019-1294
An attacker with physical access to a system could enable certain debugging options that would allow for the disclosure of protected kernel memory when Windows Secure Boot is enabled. The update removes the ability to access certain debugging options when Windows Secure Boot is enabled. This vulnerability has been publicly disclosed. Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag |
CVE Count |
CVEs |
Windows Hyper-V |
2 |
CVE-2019-0928, CVE-2019-1254 |
Microsoft Yammer |
1 |
CVE-2019-1265 |
Microsoft Windows |
18 |
CVE-2019-1215, CVE-2019-1219, CVE-2019-1267, CVE-2019-1268, CVE-2019-1269, CVE-2019-1270, CVE-2019-1271, CVE-2019-1272, CVE-2019-1235, CVE-2019-1253, CVE-2019-1277, CVE-2019-1278, CVE-2019-1280, CVE-2019-1287, CVE-2019-1289, CVE-2019-1292, CVE-2019-1294, CVE-2019-1303 |
Microsoft Edge |
1 |
CVE-2019-1299 |
Visual Studio |
1 |
CVE-2019-1232 |
Microsoft Browsers |
1 |
CVE-2019-1220 |
Microsoft Office SharePoint |
7 |
CVE-2019-1257, CVE-2019-1259, CVE-2019-1260, CVE-2019-1261, CVE-2019-1262, CVE-2019-1295, CVE-2019-1296 |
Team Foundation Server |
2 |
CVE-2019-1305, CVE-2019-1306 |
Microsoft JET Database Engine |
9 |
CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250 |
Microsoft Graphics Component |
8 |
CVE-2019-1216, CVE-2019-1244, CVE-2019-1245, CVE-2019-1251, CVE-2019-1252, CVE-2019-1283, CVE-2019-1284, CVE-2019-1286 |
Microsoft Scripting Engine |
8 |
CVE-2019-1138, CVE-2019-1208, CVE-2019-1217, CVE-2019-1221, CVE-2019-1236, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300 |
Windows Kernel |
4 |
CVE-2019-1274, CVE-2019-1256, CVE-2019-1285, CVE-2019-1293 |
Microsoft Exchange Server |
2 |
CVE-2019-1233, CVE-2019-1266 |
Microsoft Office |
3 |
CVE-2019-1297, CVE-2019-1263, CVE-2019-1264 |
Project Rome |
1 |
CVE-2019-1231 |
Active Directory |
1 |
CVE-2019-1273 |
Windows RDP |
4 |
CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, CVE-2019-1291 |
.NET Framework |
1 |
CVE-2019-1142 |
Skype for Business and Microsoft Lync |
1 |
CVE-2019-1209 |
.NET Core |
1 |
CVE-2019-1301 |
ASP.NET |
1 |
CVE-2019-1302 |
Common Log File System Driver |
2 |
CVE-2019-1214, CVE-2019-1282 |
Other Information
In addition to the Microsoft vulnerabilities included in the August Security Guidance, an advisory was released today.
September 2019 Adobe Flash Security Update [ADV190022]
Microsoft has released an update for Adobe Flash. This corresponds with Adobe update APSB19-46 which includes fixes for CVE-2019-8069 and CVE-2019-8070.