Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0156 Microsoft Windows Security Update 12 June 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Operating System: Windows 10 Windows 7 Windows 8.1 Windows Server 2008 Windows Server 2012 R2 Windows Server 2016 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Increased Privileges -- Existing Account Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Provide Misleading Information -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-1069 CVE-2019-1065 CVE-2019-1064 CVE-2019-1053 CVE-2019-1050 CVE-2019-1049 CVE-2019-1048 CVE-2019-1047 CVE-2019-1046 CVE-2019-1045 CVE-2019-1044 CVE-2019-1043 CVE-2019-1041 CVE-2019-1040 CVE-2019-1039 CVE-2019-1028 CVE-2019-1027 CVE-2019-1026 CVE-2019-1025 CVE-2019-1022 CVE-2019-1021 CVE-2019-1019 CVE-2019-1018 CVE-2019-1017 CVE-2019-1016 CVE-2019-1015 CVE-2019-1014 CVE-2019-1013 CVE-2019-1012 CVE-2019-1011 CVE-2019-1010 CVE-2019-1009 CVE-2019-1007 CVE-2019-0998 CVE-2019-0986 CVE-2019-0985 CVE-2019-0984 CVE-2019-0983 CVE-2019-0977 CVE-2019-0974 CVE-2019-0973 CVE-2019-0972 CVE-2019-0968 CVE-2019-0961 CVE-2019-0960 CVE-2019-0959 CVE-2019-0948 CVE-2019-0943 CVE-2019-0942 CVE-2019-0941 CVE-2019-0936 CVE-2019-0931 CVE-2019-0909 CVE-2019-0908 CVE-2019-0907 CVE-2019-0906 CVE-2019-0905 CVE-2019-0904 CVE-2019-0903 CVE-2019-0902 CVE-2019-0901 CVE-2019-0900 CVE-2019-0899 CVE-2019-0898 CVE-2019-0897 CVE-2019-0896 CVE-2019-0895 CVE-2019-0894 CVE-2019-0893 CVE-2019-0892 CVE-2019-0891 CVE-2019-0890 CVE-2019-0889 CVE-2019-0888 CVE-2019-0886 CVE-2019-0885 CVE-2019-0882 CVE-2019-0881 CVE-2019-0863 CVE-2019-0758 CVE-2019-0734 CVE-2019-0733 CVE-2019-0727 CVE-2019-0725 CVE-2019-0722 CVE-2019-0713 CVE-2019-0711 CVE-2019-0710 CVE-2019-0709 CVE-2019-0708 CVE-2019-0707 CVE-2019-0620 Member content until: Friday, July 12 2019 Reference: ASB-2019.0139 ASB-2019.0137 ESB-2019.2074 ESB-2019.2073 OVERVIEW Microsoft has released its monthly security patch update for the month of June 2019. This update resolves 95 vulnerabilities across the following products: [1] Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for 64-based Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for HoloLens Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity ADV190013 Information Disclosure Important ADV190016 Elevation of Privilege Important ADV190017 Remote Code Execution Important CVE-2019-0620 Remote Code Execution Critical CVE-2019-0707 Elevation of Privilege Important CVE-2019-0708 Remote Code Execution Critical CVE-2019-0709 Remote Code Execution Critical CVE-2019-0710 Denial of Service Important CVE-2019-0711 Denial of Service Important CVE-2019-0713 Denial of Service Important CVE-2019-0722 Remote Code Execution Critical CVE-2019-0725 Remote Code Execution Critical CVE-2019-0727 Elevation of Privilege Important CVE-2019-0733 Security Feature Bypass Important CVE-2019-0734 Elevation of Privilege Important CVE-2019-0758 Information Disclosure Important CVE-2019-0863 Elevation of Privilege Important CVE-2019-0881 Elevation of Privilege Important CVE-2019-0882 Information Disclosure Important CVE-2019-0885 Remote Code Execution Important CVE-2019-0886 Information Disclosure Important CVE-2019-0888 Remote Code Execution Critical CVE-2019-0889 Remote Code Execution Important CVE-2019-0890 Remote Code Execution Important CVE-2019-0891 Remote Code Execution Important CVE-2019-0892 Elevation of Privilege Important CVE-2019-0893 Remote Code Execution Important CVE-2019-0894 Remote Code Execution Important CVE-2019-0895 Remote Code Execution Important CVE-2019-0896 Remote Code Execution Important CVE-2019-0897 Remote Code Execution Important CVE-2019-0898 Remote Code Execution Important CVE-2019-0899 Remote Code Execution Important CVE-2019-0900 Remote Code Execution Important CVE-2019-0901 Remote Code Execution Important CVE-2019-0902 Remote Code Execution Important CVE-2019-0903 Remote Code Execution Critical CVE-2019-0904 Remote Code Execution Important CVE-2019-0905 Remote Code Execution Important CVE-2019-0906 Remote Code Execution Important CVE-2019-0907 Remote Code Execution Important CVE-2019-0908 Remote Code Execution Important CVE-2019-0909 Remote Code Execution Important CVE-2019-0931 Elevation of Privilege Important CVE-2019-0936 Elevation of Privilege Important CVE-2019-0941 Denial of Service Important CVE-2019-0942 Elevation of Privilege Important CVE-2019-0943 Elevation of Privilege Important CVE-2019-0948 Information Disclosure Moderate CVE-2019-0959 Elevation of Privilege Important CVE-2019-0960 Elevation of Privilege Important CVE-2019-0961 Information Disclosure Important CVE-2019-0968 Information Disclosure Important CVE-2019-0972 Denial of Service Important CVE-2019-0973 Elevation of Privilege Important CVE-2019-0974 Remote Code Execution Important CVE-2019-0977 Information Disclosure Important CVE-2019-0983 Elevation of Privilege Important CVE-2019-0984 Elevation of Privilege Important CVE-2019-0985 Remote Code Execution Critical CVE-2019-0986 Elevation of Privilege Important CVE-2019-0998 Elevation of Privilege Important CVE-2019-1007 Elevation of Privilege Important CVE-2019-1009 Information Disclosure Important CVE-2019-1010 Information Disclosure Important CVE-2019-1011 Information Disclosure Important CVE-2019-1012 Information Disclosure Important CVE-2019-1013 Information Disclosure Important CVE-2019-1014 Elevation of Privilege Important CVE-2019-1015 Information Disclosure Important CVE-2019-1016 Information Disclosure Important CVE-2019-1017 Elevation of Privilege Important CVE-2019-1018 Elevation of Privilege Important CVE-2019-1019 Security Feature Bypass Important CVE-2019-1021 Elevation of Privilege Important CVE-2019-1022 Elevation of Privilege Important CVE-2019-1025 Denial of Service Important CVE-2019-1026 Elevation of Privilege Important CVE-2019-1027 Elevation of Privilege Important CVE-2019-1028 Elevation of Privilege Important CVE-2019-1039 Information Disclosure Important CVE-2019-1040 Tampering Important CVE-2019-1041 Elevation of Privilege Important CVE-2019-1043 Remote Code Execution Important CVE-2019-1044 Security Feature Bypass Important CVE-2019-1045 Elevation of Privilege Important CVE-2019-1046 Information Disclosure Important CVE-2019-1047 Information Disclosure Important CVE-2019-1048 Information Disclosure Important CVE-2019-1049 Information Disclosure Important CVE-2019-1050 Information Disclosure Important CVE-2019-1053 Elevation of Privilege Important CVE-2019-1064 Elevation of Privilege Important CVE-2019-1065 Elevation of Privilege Important CVE-2019-1069 Elevation of Privilege Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Cataloge for the following Knowledge Base articles. [1]. KB4503276, KB4503273, KB4503279, KB4499180, KB4499181 KB4499158, KB4499149, KB4503290, KB4503291, KB4503292 KB4503293, KB4499179, KB4503327, KB4499171, KB4499154 KB4499175, KB4499151, KB4503269, KB4503263, KB4503267 KB4494440, KB4494441, KB4497936, KB4503287, KB4503286 KB4503285, KB4503284, KB4499167, KB4499164, KB4499165 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXQCaEGaOgq3Tt24GAQhgSxAAoewbnfZGzQpEMGdK5DzbK183qtraWyK1 4wm4FVWFxm0UNnjV8kN9MTcF4jSb3YMI7FHbwpDwr1bA+WFntKGRh7P0v+j9fD4h KW52BdeBt9kk9ghzVHwHZZ2xLpgbPzroT4T+xinJ+8Ydd77BCFisHA4MwxfslsfL DglQvBgVFDff+hXV54VT1JhOLw4XMr39yDChjcHDWBZCf5paFUBpQKu/XEwM+Epc zEO5DfC6AucWBGyvgn5ieSXQ97vkgCvKXKbNYS3NT8rGeWEu5NMd5a95CiTdSQMJ wc/LpAKAE8gsMYKuUV4O5yRBi6GxeNk4RCEjX2JGj/M7Ox3N2c4j/DExrsfjfQIe DpbDk7XC9u5ObOVtBJz0WCweT3vy3Z0MCWQ0SmHgPsfWNGxPyH7l9tzdUihpRR3x Uy673utv/6369tTqx/IfPW8kFmyX9HVrRCWyryfZhkEkRDyUsFlp1dxO+WOuqqRD +9z6iiKhT7gEqo/6Q23TNM6fmT6I8140wRmnGI+fpDcb4pzSOmmprF4f0Ku5sM2v 2rYB4J8+GjWDmMrOCQMwSFIWHHXeGcVThPHYm8M7Dv1cWw9pc+flsvsRaW8mOoY8 rWqpnLmygobAyhNnE+3LCdG59wsmYIq2cJNjaA23ocYKW5sF7PlDCIW3ERViggbO 02gz8zt43gU= =p5Df -----END PGP SIGNATURE-----