Microsoft Security Bulletin Coverage for September 2019

September 10, 2019

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of September 2019. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2019-0787 Remote Desktop Client Remote Code Execution Vulnerability
IPS 14391 :Remote Desktop Client Remote Code Execution (Sept 19) 1
IPS 14393 :Remote Desktop Client Remote Code Execution (Sept 19) 2

CVE-2019-0788 Remote Desktop Client Remote Code Execution Vulnerability
ASPY 5634:Malformed-File exe.MP.105

CVE-2019-0928 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1138 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2019-1142 .NET Framework Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1208 VBScript Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1209 Lync 2013 Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1214 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 5632:Malformed-File exe.MP.103

CVE-2019-1215 Windows Elevation of Privilege Vulnerability
ASPY 5633:Malformed-File exe.MP.104

CVE-2019-1216 DirectX Information Disclosure Vulnerability
ASPY 5623:Malformed-File exe.MP.98

CVE-2019-1217 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2019-1219 Windows Transaction Manager Information Disclosure Vulnerability
ASPY 5624:Malformed-File exe.MP.99

CVE-2019-1220 Microsoft Browser Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2019-1221 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2019-1231 Rome SDK Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1232 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1233 Microsoft Exchange Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1235 Windows Text Service Framework Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1236 VBScript Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1237 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2019-1240 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1241 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1242 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1243 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1244 DirectWrite Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1245 DirectWrite Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1246 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1247 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1248 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1249 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1250 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1251 DirectWrite Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1252 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1253 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1254 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1256 Win32k Elevation of Privilege Vulnerability
ASPY 5625:Malformed-File exe.MP.100

CVE-2019-1257 Microsoft SharePoint Remote Code Execution Vulnerability
ASPY 5626:Malformed-File xml.MP.2

CVE-2019-1259 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2019-1260 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1261 Microsoft SharePoint Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2019-1262 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.

CVE-2019-1263 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1264 Microsoft Office Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2019-1265 Microsoft Yammer Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2019-1266 Microsoft Exchange Spoofing Vulnerability
There are no known exploits in the wild.

CVE-2019-1267 Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1268 Winlogon Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1269 Windows ALPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1270 Microsoft Windows Store Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1271 Windows Media Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1272 Windows ALPC Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1273 Active Directory Federation Services XSS Vulnerability
There are no known exploits in the wild.

CVE-2019-1274 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1277 Windows Audio Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1280 LNK Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1282 Windows Common Log File System Driver Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1283 Microsoft Graphics Components Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1284 DirectX Elevation of Privilege Vulnerability
ASPY 5630:Malformed-File exe.MP.101

CVE-2019-1285 Win32k Elevation of Privilege Vulnerability
ASPY 5631:Malformed-File exe.MP.102

CVE-2019-1286 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1287 Windows Network Connectivity Assistant Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1289 Windows Update Delivery Optimization Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1290 Remote Desktop Client Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1291 Remote Desktop Client Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1292 Windows Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1293 Windows SMB Client Driver Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1294 Windows Secure Boot Security Feature Bypass Vulnerability
There are no known exploits in the wild.

CVE-2019-1295 Microsoft SharePoint Remote Code Execution Vulnerability
IPS 14392:Microsoft SharePoint Remote Code Execution Vulnerability (SEP 19) 2

CVE-2019-1296 Microsoft SharePoint Remote Code Execution Vulnerability
IPS 14390:Microsoft SharePoint Remote Code Execution Vulnerability (SEP 19) 1

CVE-2019-1297 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.

CVE-2019-1298 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2019-1299 Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
There are no known exploits in the wild.

CVE-2019-1300 Chakra Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.

CVE-2019-1301 .NET Core Denial of Service Vulnerability
There are no known exploits in the wild.

CVE-2019-1302 ASP.NET Core Elevation Of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1303 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.

CVE-2019-1305 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.

CVE-2019-1306 Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability
There are no known exploits in the wild.

Adobe coverage:

CVE-2019-8069 Same Origin Method Execution Vulnerability
ASPY 5635:Malformed-File swf.MP.602

CVE-2019-8070 Use After Free Vulnerability
ASPY 5636:Malformed-File swf.MP.603