Microsoft выпустила обновления безопасности за август
На следующие уязвимости и обновления безопасности следует обратить особое внимание:
Windows/Windows Server
CVE-2019-0736 – Windows DHCP Server Remote Code Execution Vulnerability (Base CVSS Score 9.8)
CVE-2019-0720 – Hyper-V Remote Code Execution Vulnerability
CVE-2019-1149 – Microsoft Graphics Remote Code Execution Vulnerability (Microsoft Office 2019 for Mac is affected)
CVE-2019-9506 – Encryption Key Negotiation of Bluetooth Vulnerability (Base CVSS Score 9.8)
CVE-2019-1181 – Remote Desktop Services Remote Code Execution Vulnerability (Wormable!)
https://msrc-blog.microsoft.com/2019/08/13/patch-new-wormable-vulnerabilities-in-remote-desktop-services-cve-2019-1181-1182/
CVE-2019-1172 – Windows Information Disclosure Vulnerability (Azure Active Directory (AAD) & Microsoft Account (MSA) are affected)
Microsoft Browsers
CVE-2019-1194 – Scripting Engine Memory Corruption Vulnerability
CVE-2019-1195 – Scripting Engine Memory Corruption Vulnerability
Microsoft Office
CVE-2019-1201 – Microsoft Word Remote Code Execution Vulnerability (Wormable!)
Microsoft Antimalware products
CVE-2019-1161 – Microsoft Defender Elevation of Privilege Vulnerability (Microsoft System Center Endpoint Protection & Microsoft Security Essentials are also affected)
Microsoft Dynamics
CVE-2019-1229 – Dynamics On-Premise Elevation of Privilege Vulnerability
Visual Studio
CVE-2019-1211 – Git for Visual Studio Elevation of Privilege Vulnerability
Рекомендации по безопасности
Были выпущены следующие рекомендательные документы (security advisory):
ADV190014 – Microsoft Live Accounts Elevation of Privilege Vulnerability
ADV190023 – Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
Были дополнены и обновлены следующие рекомендательные документы:
ADV990001 – Latest Servicing Stack Updates
New Servicing Stack Update (KB4512937) for Windows 10 v1809.