Microsoft Security Bulletin Coverage for July 2019

July 9, 2019

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of July 2019. A list of issues reported, along with SonicWall coverage information are as follows:
CVE-2018-15664 Docker Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0785 Windows DHCP Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0811 Windows DNS Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0865 SymCrypt Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0880 Microsoft splwow64 Elevation of Privilege Vulnerability
ASPY 5570:Malformed-File exe.MP.89
CVE-2019-0887 Remote Desktop Services Remote Code Execution Vulnerability
ASPY 5571:Malformed-File cmd.MP.1
CVE-2019-0962 Azure Automation Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0966 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0975 ADFS Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-0999 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1001 Scripting Engine Memory Corruption Vulnerability
IPS 14288:Scripting Engine Memory Corruption Vulnerability (JUL 19) 1
CVE-2019-1004 Scripting Engine Memory Corruption Vulnerability
IPS 14289:Scripting Engine Memory Corruption Vulnerability (JUL 19) 2
CVE-2019-1006 WCF/WIF SAML Token Authentication Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1037 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1056 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-1059 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-1062 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14290:Chakra Scripting Engine Memory Corruption Vulnerability (JUL 19) 3
CVE-2019-1063 Internet Explorer Memory Corruption Vulnerability
IPS 14291:Internet Explorer Memory Corruption Vulnerability (JUL 19) 1
CVE-2019-1067 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1068 Microsoft SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1071 Windows Kernel Information Disclosure Vulnerability
ASPY 5572:Malformed-File exe.MP.90
CVE-2019-1072 Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1073 Windows Kernel Information Disclosure Vulnerability
ASPY 5566:Malformed-File exe.MP.86
CVE-2019-1074 Microsoft Windows Elevation of Privilege Vulnerability
ASPY 5568:Malformed-File ps1.MP.1
CVE-2019-1075 ASP.NET Core Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-1076 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-1077 Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1079 Visual Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1082 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1083 .NET Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-1084 Microsoft Exchange Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1085 Windows WLAN Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1086 Windows Audio Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1087 Windows Audio Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1088 Windows Audio Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1089 Windows RPCSS Elevation of Privilege Vulnerability
ASPY 5567:Malformed-File exe.MP.87
CVE-2019-1090 Windows dnsrlvr.dll Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1091 Microsoft unistore.dll Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1092 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14129:Chakra Scripting Engine Memory Corruption Vulnerability GM 1
CVE-2019-1093 DirectWrite Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1094 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1095 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1096 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1097 DirectWrite Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1098 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1099 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1100 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1101 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1102 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1103 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14292:Chakra Scripting Engine Memory Corruption Vulnerability (JUL 19) 4
CVE-2019-1104 Microsoft Browser Memory Corruption Vulnerability
IPS 14293:Microsoft Browser Memory Corruption Vulnerability (JUL 19)
CVE-2019-1106 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14283:Chakra Scripting Engine Memory Corruption Vulnerability (JUL 19) 1
CVE-2019-1107 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14284:Chakra Scripting Engine Memory Corruption Vulnerability (JUL 19) 2
CVE-2019-1108 Remote Desktop Protocol Client Information Disclosure Vulnerability
ASPY 5569:Malformed-File exe.MP.88
CVE-2019-1109 Microsoft Office Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-1110 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1111 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1112 Microsoft Excel Information Disclosure Vulnerability
ASPY 5563:Malformed-File xls.MP.66
CVE-2019-1113 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1116 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1117 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1118 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1119 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1120 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1121 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1122 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1123 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1124 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1126 ADFS Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1127 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1128 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1129 Windows Elevation of Privilege Vulnerability
ASPY 5565:Malformed-File exe.MP.85
CVE-2019-1130 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1132 Win32k Elevation of Privilege Vulnerability
ASPY 5564:Malformed-File exe.MP.84
CVE-2019-1134 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2019-1136 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1137 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.