Microsoft Security Bulletin Coverage for October 2019

October 8, 2019

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of October 2019. A list of issues reported, along with SonicWall coverage information are as follows:
CVE-2019-0608 Microsoft Browser Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2019-1060 MS XML Remote Code Execution Vulnerability
IPS 14437: MS XML Remote Code Execution Vulnerability (OCT 19)

CVE-2019-1070 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.

CVE-2019-1166 Windows NTLM Tampering Vulnerability
There are no known exploits in the wild.

CVE-2019-1230 Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1238 VBScript Remote Code Execution Vulnerability
IPS 14438: VBScript Engine Remote Code Execution Vulnerability (OCT19) 1

CVE-2019-1239 VBScript Remote Code Execution Vulnerability
IPS 14439: VBScript Engine Remote Code Execution Vulnerability (OCT19) 2

CVE-2019-1307 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14440: Chakra Scripting Engine Memory Corruption Vulnerability (OCT 19) 2

CVE-2019-1308 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14441: Chakra Scripting Engine Memory Corruption Vulnerability (OCT 19) 3

CVE-2019-1311 Windows Imaging API Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1313 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2019-1315 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1316 Microsoft Windows Setup Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1317 Microsoft Windows Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1318 Microsoft Windows Transport Layer Security Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2019-1319 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1320 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1321 Microsoft Windows CloudStore Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1322 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1323 Microsoft Windows Update Client Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1325 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1326 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1327 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1328 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2019-1329 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1330 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1331 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1333 Remote Desktop Client Remote Code Execution Vulnerability
ASPY 5737: Malformed-File exe.MP.108

CVE-2019-1334 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1335 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14435: Chakra Scripting Engine Memory Corruption Vulnerability (OCT 19) 1

CVE-2019-1336 Microsoft Windows Update Client Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1337 Windows Update Client Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1338 Windows NTLM Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2019-1339 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1340 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1341 Windows Power Service Elevation of Privilege Vulnerability
ASPY 5734: Malformed-File exe.MP.106

CVE-2019-1342 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1343 Windows Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1344 Windows Code Integrity Module Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1345 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1346 Windows Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1347 Windows Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1356 Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1357 Microsoft Browser Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2019-1358 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1359 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1361 Microsoft Graphics Components Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1362 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1363 Windows GDI Information Disclosure Vulnerability
ASPY 5734: Malformed-File exe.MP.107

CVE-2019-1364 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1365 Microsoft IIS Server Elevation of Privilege Vulnerability
ASPY 5736: Malformed-File ttf.MP.28

CVE-2019-1366 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14442: Chakra Scripting Engine Memory Corruption Vulnerability (OCT 19) 4

CVE-2019-1368 Windows Secure Boot Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2019-1369 Open Enclave SDK Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1371 Internet Explorer Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2019-1372 Azure App Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1375 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
There are no known exploits in the wild.

CVE-2019-1376 SQL Server Management Studio Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1378 Windows 10 Update Assistant Elevation of Privilege Vulnerability
There are no known exploits in the wild.