OnlyFm252
Patch Tuesday Archive

Patch Tuesday September 2019

Total CVEs

71

Critical

16

Important

50

Exploited

1

Publicly Disclosed

3

All CVEs this month 71

CVE Title Severity CVSS Product Exploited Disclosed
ADV190022 September 2019 Adobe Flash Security Update Critical - Adobe Flash Player - -
CVE-2019-0787 Remote Desktop Client Remote Code Execution Vulnerability Critical 7.5 Windows RDP - -
CVE-2019-0788 Remote Desktop Client Remote Code Execution Vulnerability Critical 7.5 Windows RDP - -
CVE-2019-1138 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-1217 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-1221 Scripting Engine Memory Corruption Vulnerability Critical 7.5 Microsoft Scripting Engine - -
CVE-2019-1237 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-1257 Microsoft SharePoint Remote Code Execution Vulnerability Critical - Microsoft Office SharePoint - -
CVE-2019-1280 LNK Remote Code Execution Vulnerability Critical 7.3 Microsoft Windows - -
CVE-2019-1290 Remote Desktop Client Remote Code Execution Vulnerability Critical 7.5 Windows RDP - -
CVE-2019-1291 Remote Desktop Client Remote Code Execution Vulnerability Critical 7.5 Windows RDP - -
CVE-2019-1295 Microsoft SharePoint Remote Code Execution Vulnerability Critical - Microsoft Office SharePoint - -
CVE-2019-1296 Microsoft SharePoint Remote Code Execution Vulnerability Critical - Microsoft Office SharePoint - -
CVE-2019-1298 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-1300 Chakra Scripting Engine Memory Corruption Vulnerability Critical 4.2 Microsoft Scripting Engine - -
CVE-2019-1306 Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability Critical - Team Foundation Server - -
CVE-2019-0928 Windows Hyper-V Denial of Service Vulnerability Important 5.4 Windows Hyper-V - -
CVE-2019-1142 .NET Framework Elevation of Privilege Vulnerability Important - .NET Framework - -
CVE-2019-1209 Lync 2013 Information Disclosure Vulnerability Important - Skype for Business and Microsoft Lync - -
CVE-2019-1214 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 Windows Common Log File System Driver - -
CVE-2019-1215 Windows Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1216 DirectX Information Disclosure Vulnerability Important 5.5 Microsoft Graphics Component - -
CVE-2019-1219 Windows Transaction Manager Information Disclosure Vulnerability Important 5.5 Microsoft Windows - -
CVE-2019-1231 Rome SDK Information Disclosure Vulnerability Important - Project Rome - -
CVE-2019-1232 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important 7.8 Visual Studio - -
CVE-2019-1233 Microsoft Exchange Denial of Service Vulnerability Important - Microsoft Exchange Server - -
CVE-2019-1235 Windows Text Service Framework Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - Yes
CVE-2019-1244 DirectWrite Information Disclosure Vulnerability Important 6.5 Microsoft Graphics Component - -
CVE-2019-1245 DirectWrite Information Disclosure Vulnerability Important 6.5 Microsoft Graphics Component - -
CVE-2019-1251 DirectWrite Information Disclosure Vulnerability Important 5.5 Microsoft Graphics Component - -
CVE-2019-1252 Windows GDI Information Disclosure Vulnerability Important 5.5 Microsoft Graphics Component - -
CVE-2019-1253 Windows Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - Yes
CVE-2019-1254 Windows Hyper-V Information Disclosure Vulnerability Important 5.5 Windows Hyper-V - -
CVE-2019-1256 Win32k Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2019-1260 Microsoft SharePoint Elevation of Privilege Vulnerability Important - Microsoft Office SharePoint - -
CVE-2019-1261 Microsoft SharePoint Spoofing Vulnerability Important - Microsoft Office SharePoint - -
CVE-2019-1262 Microsoft Office SharePoint XSS Vulnerability Important - Microsoft Office SharePoint - -
CVE-2019-1263 Microsoft Excel Information Disclosure Vulnerability Important - Microsoft Office - -
CVE-2019-1264 Microsoft Office Security Feature Bypass Vulnerability Important - Microsoft Office - -
CVE-2019-1266 Microsoft Exchange Spoofing Vulnerability Important - Microsoft Exchange Server - -
CVE-2019-1267 Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability Important 7.3 Microsoft Windows - -
CVE-2019-1268 Winlogon Elevation of Privilege Vulnerability Important 6.5 Microsoft Windows - -
CVE-2019-1269 Windows ALPC Elevation of Privilege Vulnerability Important 6.3 Microsoft Windows - -
CVE-2019-1270 Microsoft Windows Store Installer Elevation of Privilege Vulnerability Important 6.3 Microsoft Windows - -
CVE-2019-1271 Windows Media Elevation of Privilege Vulnerability Important 7 Microsoft Windows - -
CVE-2019-1272 Windows Data Sharing Service Elevation of Privilege Vulnerability Important 6.3 Microsoft Windows - -
CVE-2019-1273 Active Directory Federation Services XSS Vulnerability Important 8.2 Windows Active Directory - -
CVE-2019-1274 Windows Kernel Information Disclosure Vulnerability Important 6.3 Windows Kernel - -
CVE-2019-1277 Windows Audio Service Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1278 Windows Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1282 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 Windows Common Log File System Driver - -
CVE-2019-1283 Microsoft Graphics Components Information Disclosure Vulnerability Important 5.5 Microsoft Graphics Component - -
CVE-2019-1284 DirectX Elevation of Privilege Vulnerability Important 7.8 Microsoft Graphics Component - -
CVE-2019-1285 Win32k Elevation of Privilege Vulnerability Important 7.8 Windows Kernel - -
CVE-2019-1286 Windows GDI Information Disclosure Vulnerability Important 5.5 Microsoft Graphics Component - -
CVE-2019-1287 Windows Network Connectivity Assistant Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1289 Windows Update Delivery Optimization Elevation of Privilege Vulnerability Important 7 Microsoft Windows - -
CVE-2019-1292 Windows Elevation of Privilege Vulnerability Important 7.8 Microsoft Windows - -
CVE-2019-1293 Windows SMB Client Driver Information Disclosure Vulnerability Important 5.5 Windows Kernel - -
CVE-2019-1294 Windows Secure Boot Security Feature Bypass Vulnerability Important 5.3 Microsoft Windows - Yes
CVE-2019-1297 Microsoft Excel Remote Code Execution Vulnerability Important - Microsoft Office - -
CVE-2019-1299 Microsoft Edge based on Edge HTML Information Disclosure Vulnerability Important 4.3 Microsoft Edge (HTML-based) - -
CVE-2019-1301 .NET Core Denial of Service Vulnerability Important - .NET Core - -
CVE-2019-1302 ASP.NET Core Elevation Of Privilege Vulnerability Important - ASP.NET - -
CVE-2019-1303 Windows Elevation of Privilege Vulnerability Important - Microsoft Windows - -
CVE-2019-1305 Team Foundation Server Cross-site Scripting Vulnerability Important - Team Foundation Server - -
CVE-2019-1208 VBScript Remote Code Execution Vulnerability Moderate 7.5 Microsoft Scripting Engine - -
CVE-2019-1236 VBScript Remote Code Execution Vulnerability Moderate 7.5 Microsoft Scripting Engine - -
CVE-2019-1259 Microsoft SharePoint Spoofing Vulnerability Moderate - Microsoft Office SharePoint - -
CVE-2019-1367 Scripting Engine Memory Corruption Vulnerability Moderate 7.5 Microsoft Scripting Engine Yes -
CVE-2019-1220 Microsoft Browser Security Feature Bypass Vulnerability Low 4.3 Microsoft Browsers - -

    Threat Categories 6

    Threat Category CVEs Critical
    Elevation of Privilege 23 -
    Remote Code Execution 20 16
    Information Disclosure 16 -
    Spoofing 6 -
    Denial of Service 3 -
    Security Feature Bypass 3 -

    Affected Products 21

    Product CVEs Exploited
    Microsoft Windows 18 -
    Microsoft Scripting Engine 9 1
    Microsoft Graphics Component 8 -
    Microsoft Office SharePoint 7 -
    Windows RDP 4 -
    Windows Kernel 4 -
    Microsoft Office 3 -
    Team Foundation Server 2 -
    Windows Hyper-V 2 -
    Windows Common Log File System Driver 2 -
    Microsoft Exchange Server 2 -
    Adobe Flash Player 1 -
    .NET Framework 1 -
    Skype for Business and Microsoft Lync 1 -
    Project Rome 1 -
    Visual Studio 1 -
    Windows Active Directory 1 -
    Microsoft Edge (HTML-based) 1 -
    .NET Core 1 -
    ASP.NET 1 -
    Microsoft Browsers 1 -