Today is the day of the monthly 'Windows Update'


by Alias 0591

This month, Windows Update, which includes monthly security updates and bug fixes, was made. Update it as soon as possible.



September 2019 security update (monthly)-Microsoft Security Response Center
https://msrc-blog.microsoft.com/2019/09/10/201909-security-updates/

Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client
https://thehackernews.com/2019/09/microsoft-windows-update.html

Microsoft distributed patches for 79 security vulnerabilities in the September update. Of these, 17 were “emergency”, 61 were “important”, and 1 was “warning”.

One of the urgent ones is thought to be related to the 'vulnerability that was not patched 20 years ago' related to the Windows Text Service Framework pointed out by Google researchers in August 2019. Although this vulnerability “ CVE-2019-1235 ” has not been exploited, it should be noted that the information is publicly available.

In addition, information regarding the ' CVE-2019-1215 ' in the memory processing of ' ws2ifsl.sys ' and the vulnerability ' CVE-2019-1214 ' related to the driver of the 'Windows common log file system (CLFS)' has been released. Although not, it has already been confirmed by hackers. In either case, there is a risk of privilege escalation due to misuse.

In addition, patches have been released for four critical vulnerabilities that allow remote code execution on Windows remote desktop clients . Researchers have shown in February 2019 that this vulnerability could allow a malicious RDP server to harm client computers. In addition, there are patches for vulnerabilities such as information leaks, denial of service, spoofing, and security function bypass.

◆ Windows 10 v1903, v1809, v1803, v1709, v1703
Maximum severity
emergency

Biggest impact
Remote code execution

Related knowledge base or support web page
Windows 10 v1903: 4515384
Windows 10 v1809: 4512578
Windows 10 v1803: 4516058
Windows 10 v1709: 4516058
Windows 10 v1703: 4516068

Windows Server 2019, Windows Server 2016, Server Core installation (2019, 2016, v1903, v1803)
Maximum severity
emergency

Biggest impact
Remote code execution

Related knowledge base or support web page
Windows Server Version 1903: 4515384
Windows Server 2019: 4512578
Windows Server 2016: 4516044
Windows Server Version 1803: 4516058


◆ Windows 8.1, Windows Server 2012 R2, Windows Server 2012, Windows 7, Windows Server 2008 R2, Windows Server 2008
Maximum severity
emergency

Biggest impact
Remote code execution

Related knowledge base or support web page
Windows 8.1, Windows Server 2012 R2, Windows RT 8.1 Monthly Rollup: 4516067
Windows 8.1 and Windows Server 2012 R2 security only: 4516064
Windows Server 2012 Monthly Rollup: 4516055
Windows Server 2012 security only: 4516062
Windows 7 and Windows Server 2008 R2 security only: 4516033
Windows 7 and Windows Server 2008 R2 Monthly Rollup: 4516065
Windows Server 2008 Monthly Rollup: 4516026
Windows Server 2008 security only: 4516051

Internet Explorer
Maximum severity
emergency

Biggest impact
Remote code execution

Related knowledge base or support web page
Cumulative update for Internet Explorer: 4516046
Internet Explorer updates are also included in the Windows update packages listed above.

◆ Microsoft Office related software
Maximum severity
important

Biggest impact
Remote code execution

Related knowledge base or support web page
Support articles related to Microsoft Office related updates: 4475574 , 4475566 , 4475579 , 4475607 , 4475583 , 4464566 , 4461631 , 4475589 , 4464548 , 4475611 , 4475591 , 4475599 and 4515509 .

◆ Microsoft SharePoint related software
Maximum severity
emergency

Biggest impact
Remote code execution

Related knowledge base or support web page
Microsoft SharePoint Server 2019: 4475596
Microsoft SharePoint Enterprise Server 2016: 4475590
Microsoft SharePoint Foundation 2010: 4475605

◆ Microsoft Exchange Server
Maximum severity
important

Biggest impact
Denial of service

Related knowledge base or support web page
Support article for Microsoft Exchange Server 2016 and 2019 updates: 4515832

◆ .NET Framework related software
Maximum severity
important

Biggest impact
Privilege elevation

Related knowledge base or support web page
Support articles related to .NET Framework updates: 4516044 , 4516070 , 4516068 , 4514604 , 4514599 , 4514603 , 4514598 , 4516066 , 4516058 , 4514354 , 4514355 , 4514356 , 4514357 , 4514601 and 4514359 .

◆ .NET Core and ASP.NET Core
Maximum severity
important

Biggest impact
Privilege elevation

Related knowledge base or support web page
For more information, see the security update guide. https://aka.ms/securityupdates

◆ Visual Studio
Maximum severity
important

Biggest impact
Privilege elevation

Related knowledge base or support web page
Support article for Visual Studio updates: 4513696 . See also: https://aka.ms/vs/16/release/latest

Team Foundation Server and Azure DevOps Server 2019
Maximum severity
emergency

Biggest impact
Remote code execution

Related knowledge base or support web page
For more information, see the security update guide. https://aka.ms/securityupdates

◆ ChakraCore
Maximum severity
emergency

Biggest impact
Remote code execution

Related knowledge base or support web page
ChakraCore is the core part of Chakra, a high-performance JavaScript engine that enhances Microsoft Edge and Windows applications written in HTML / CSS / JS. For more information, see https://github.com/Microsoft/ChakraCore/wiki . For more information, see the security update guide. https://aka.ms/securityupdates

◆ Adobe Flash Player
Maximum severity
emergency

Biggest impact
Remote code execution

Related knowledge base or support web page
Adobe Flash Player Security Advisory: ADV190022
Adobe Flash Player security article: 4516115

◆ Rome SDK 1.4.1
Maximum severity
important

Biggest impact
information leak

Related knowledge base or support web page
For more information, see the security update guide. https://aka.ms/securityupdates

◆ Yammer for Android
Maximum severity
important

Biggest impact
Security function bypass

Related knowledge base or support web page
For more information, see the security update guide. https://aka.ms/securityupdates

Windows Update is released on the second Tuesday of every month in US time, and the next update will be available on Wednesday, October 9, 2019 in Japan time.

in Software,   Security, Posted by logq_fa