VERT Threat Alert: August 2019 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s August 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-845 on Wednesday, August 14th.
In-The-Wild & Disclosed CVEs
Microsoft has indicated that none of the vulnerabilities being patched this month have been used in-the-wild nor have they been publicly disclosed.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag | CVE Count | CVEs |
Windows Hyper-V | 7 | CVE-2019-0965, CVE-2019-0714, CVE-2019-0715, CVE-2019-0717, CVE-2019-0718, CVE-2019-0720, CVE-2019-0723 |
Microsoft NTFS | 1 | CVE-2019-1170 |
Microsoft Windows | 16 | CVE-2019-1172, CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-0716, CVE-2019-1162, CVE-2019-1163, CVE-2019-1168, CVE-2019-1176, CVE-2019-1177, CVE-2019-1186, CVE-2019-1188, CVE-2019-1198 |
Microsoft Malware Protection Engine | 1 | CVE-2019-1161 |
Microsoft Edge | 1 | CVE-2019-1030 |
Visual Studio | 1 | CVE-2019-1211 |
Microsoft Dynamics | 1 | CVE-2019-1229 |
Microsoft Browsers | 2 | CVE-2019-1192, CVE-2019-1193 |
Microsoft Office SharePoint | 2 | CVE-2019-1202, CVE-2019-1203 |
Microsoft JET Database Engine | 5 | CVE-2019-1146, CVE-2019-1147, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157 |
Windows SymCrypt | 1 | CVE-2019-1171 |
Microsoft Graphics Component | 12 | CVE-2019-1078, CVE-2019-1143, CVE-2019-1144, CVE-2019-1145, CVE-2019-1148, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152, CVE-2019-1153, CVE-2019-1154, CVE-2019-1158 |
Microsoft Scripting Engine | 9 | CVE-2019-1131, CVE-2019-1133, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1194, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197 |
Windows Kernel | 6 | CVE-2019-1159, CVE-2019-1164, CVE-2019-1169, CVE-2019-1190, CVE-2019-1227, CVE-2019-1228 |
Microsoft Bluetooth Driver | 1 | CVE-2019-9506 |
Microsoft XML Core Services | 1 | CVE-2019-1057 |
Windows Shell | 1 | CVE-2019-1184 |
Microsoft Office | 6 | CVE-2019-1199, CVE-2019-1200, CVE-2019-1201, CVE-2019-1204, CVE-2019-1205, CVE-2019-1218 |
Windows Scripting | 1 | CVE-2019-1183 |
Windows RDP | 7 | CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226 |
Windows DHCP Server | 3 | CVE-2019-1206, CVE-2019-1212, CVE-2019-1213 |
Windows DHCP Client | 1 | CVE-2019-0736 |
HTTP/2 | 5 | CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518 |
Microsoft XML | 1 | CVE-2019-1187 |
Windows – Linux | 1 | CVE-2019-1185 |
Other Information
In addition to the Microsoft vulnerabilities included in the August Security Guidance, a pair of advisories were released today.
Microsoft Live Accounts Elevation of Privilege Vulnerability [ADV190014]
Microsoft (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-alert-august-patch-tuesday/