Microsoft Security Bulletin Coverage for October 2019

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of October 2019. A list of issues reported, along with SonicWall coverage information are as follows:
CVE-2019-0608 Microsoft Browser Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2019-1060 MS XML Remote Code Execution Vulnerability
IPS 14437: MS XML Remote Code Execution Vulnerability (OCT 19)

CVE-2019-1070 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.

CVE-2019-1166 Windows NTLM Tampering Vulnerability
There are no known exploits in the wild.

CVE-2019-1230 Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1238 VBScript Remote Code Execution Vulnerability
IPS 14438: VBScript Engine Remote Code Execution Vulnerability (OCT19) 1

CVE-2019-1239 VBScript Remote Code Execution Vulnerability
IPS 14439: VBScript Engine Remote Code Execution Vulnerability (OCT19) 2

CVE-2019-1307 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14440: Chakra Scripting Engine Memory Corruption Vulnerability (OCT 19) 2

CVE-2019-1308 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14441: Chakra Scripting Engine Memory Corruption Vulnerability (OCT 19) 3

CVE-2019-1311 Windows Imaging API Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1313 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2019-1315 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1316 Microsoft Windows Setup Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1317 Microsoft Windows Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1318 Microsoft Windows Transport Layer Security Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2019-1319 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1320 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1321 Microsoft Windows CloudStore Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1322 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1323 Microsoft Windows Update Client Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1325 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1326 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1327 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1328 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2019-1329 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1330 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1331 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1333 Remote Desktop Client Remote Code Execution Vulnerability
ASPY 5737: Malformed-File exe.MP.108

CVE-2019-1334 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1335 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14435: Chakra Scripting Engine Memory Corruption Vulnerability (OCT 19) 1

CVE-2019-1336 Microsoft Windows Update Client Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1337 Windows Update Client Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1338 Windows NTLM Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2019-1339 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1340 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1341 Windows Power Service Elevation of Privilege Vulnerability
ASPY 5734: Malformed-File exe.MP.106

CVE-2019-1342 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1343 Windows Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1344 Windows Code Integrity Module Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1345 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1346 Windows Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1347 Windows Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1356 Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1357 Microsoft Browser Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2019-1358 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1359 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1361 Microsoft Graphics Components Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1362 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1363 Windows GDI Information Disclosure Vulnerability
ASPY 5734: Malformed-File exe.MP.107

CVE-2019-1364 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1365 Microsoft IIS Server Elevation of Privilege Vulnerability
ASPY 5736: Malformed-File ttf.MP.28

CVE-2019-1366 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14442: Chakra Scripting Engine Memory Corruption Vulnerability (OCT 19) 4

CVE-2019-1368 Windows Secure Boot Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2019-1369 Open Enclave SDK Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1371 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2019-1372 Azure App Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1375 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.

CVE-2019-1376 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1378 Windows 10 Update Assistant Elevation of Privilege Vulnerability
There are no known exploits in the wild.

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.