Noch ein Nachtrag von letzter Woche. Microsoft hat zum 8. und 10. Oktober 2019 noch Sicherheitshinweise (Security Advisory) veröffentlicht, welche ich hier mal einstelle.
Anzeige
Ein Dokument betrifft die am Patchday (8.10.2019) geschlossenen Schwachstellen in Edge und in der Scripting Engine des IE. Wer die automatischen Updates aktiviert hat, braucht keine weiteren Aktivitäten zu unternehmen. Weiterhin geht es um Schwachstellen im Windows 10 Update Assistent. Zu allen Schwachstellen hatte ich hier im Blog separate Beiträge.
************************************************************************
Title: Microsoft Security Update Releases
Issued: October 8, 2019
************************************************************************
Summary
=======
The following CVEs and advisory have undergone a major revision increment:
Anzeige
* CVE-2019-1192
* CVE-2019-1367
* ADV190001
Revision Information:
=====================
– CVE-2019-1192 | Microsoft Browsers Security Feature Bypass Vulnerability
– Version: 2.0
– Reason for Revision: To comprehensively address CVE-2019-1192, Microsoft has
released October 2019 security updates for Microsoft Edge installed on supported
editions of Windows 10; for Internet Explorer 11 installed on all affected versions
of Window 10, Windows 8.1, Server 2012, and Windows 7; and for Internet Explorer 10
installed on Windows Server 2012. Microsoft strongly recommends that customers
install the updates to be fully protected from the vulnerability. Customers whose
systems are configured to receive automatic updates do not need to take any
further action.
– Originally posted: August 13, 2019
– Updated: October 8, 2019
– Aggregate CVE Severity Rating: Important
– CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability
– Version: 3.0
– Reason for Revision: The October security updates Microsoft is releasing on
October 8, 2019 address a known printing issue customers might have experienced
after installing any of the Security Updates, IE Cumulative Updates, or Monthly
Rollups that were released on September 23 or October 3 for all applicable
installations of Internet Explorer 9, 10, or 11 on Microsoft Windows. Customers
who have already installed the updates released on September 23 or October 3
should install the October Security Updates to adress any printing issues you might
have been experiencing. Please see the Security Updates table to download and
install the October security updates.
– Originally posted: September 23, 2019
– Updated: October 8, 2019
– Aggregate CVE Severity Rating: Critical
– ADV990001 | Latest Servicing Stack Updates
– – Version: 15.0
– Reason for Revision: A Servicing Stack Update has been released for all supported
versions of Windows 10 (including Windows Server 2016 and 2019), Windows 8.1,
Windows Server 2012 R2 and Windows Server 2012. See the FAQ section for more
information.
– Originally posted: November 13, 2018
– Updated: October 8, 2019
– Aggregate CVE Severity Rating: Critical
****************************************************************************
Title: Microsoft Security Update Releases
Issued: October 10, 2019
****************************************************************************
Summary
=======
The following CVEs have undergone a major revision increment:
* CVE-2019-1316
* CVE-2019-1378
Revision Information:
=====================
– CVE-2019-1316 | Microsoft Windows Setup Elevation of Privilege Vulnerability
– Version: 2.0
– Reason for Revision: The following updates have been made: 1. In the Security
Updates table, corrected the Download type to "Setup DU" and corrected the Download
and Article links. Please see the FAQ section for more information about Setup DUs.
2. Removed Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems as
they are not affected by this vulnerability.
3. Added FAQ to explain Setup DU downloads and how to get these updates.
– Originally posted: October 8, 2019
– Updated: October 9, 2019
– Aggregate CVE Severity Rating: Important
– CVE-2019-1378 | Windows 10 Update Assistant Elevation of Privilege Vulnerability
– Version: 2.0
– Reason for Revision: The security update for Windows Update Assistant is now
available. See the Security Updates table for more information.
– Originally posted: October 8, 2019
– Updated: October 9, 2019
– Aggregate CVE Severity Rating: Important
Ähnliche Artikel:
Sicherheitslücke im Windows 10 Update Assistent
Patchday Windows 10-Updates (8. Oktober 2019)
Windows 10 Oktober 2019-Patchday (Startmenü-) Probleme
Anzeige