Microsoft Sicherheitshinweise (8./10. Oktober 2019)

Noch ein Nachtrag von letzter Woche. Microsoft hat zum 8. und 10. Oktober 2019 noch Sicherheitshinweise (Security Advisory) veröffentlicht, welche ich hier mal einstelle.


Anzeige

Ein Dokument betrifft die am Patchday (8.10.2019) geschlossenen Schwachstellen in Edge und in der Scripting Engine des IE. Wer die automatischen Updates aktiviert hat, braucht keine weiteren Aktivitäten zu unternehmen. Weiterhin geht es um Schwachstellen im Windows 10 Update Assistent. Zu allen Schwachstellen hatte ich hier im Blog separate Beiträge.

************************************************************************
Title: Microsoft Security Update Releases
Issued: October 8, 2019
************************************************************************

Summary
=======

The following CVEs and advisory have undergone a major revision increment:

* CVE-2019-1192
* CVE-2019-1367
* ADV190001

Revision Information:
=====================

CVE-2019-1192 | Microsoft Browsers Security Feature Bypass Vulnerability
–  Version: 2.0
– Reason for Revision: To comprehensively address CVE-2019-1192, Microsoft has
   released October 2019 security updates for Microsoft Edge installed on supported
   editions of Windows 10; for Internet Explorer 11 installed on all affected versions
   of Window 10, Windows 8.1, Server 2012, and Windows 7; and for Internet Explorer 10
   installed on Windows Server 2012. Microsoft strongly recommends that customers
   install the updates to be fully protected from the vulnerability. Customers whose
   systems are configured to receive automatic updates do not need to take any
   further action.
– Originally posted: August 13, 2019
– Updated: October 8, 2019
– Aggregate CVE Severity Rating: Important


Anzeige

CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability
– Version: 3.0
– Reason for Revision: The October security updates Microsoft is releasing on
   October 8, 2019 address a known printing issue customers might have experienced
   after installing any of the Security Updates, IE Cumulative Updates, or Monthly
   Rollups that were released on September 23 or October 3 for all applicable
   installations of Internet Explorer 9, 10, or 11 on Microsoft Windows. Customers
   who have already installed the updates released on September 23 or October 3
   should install the October Security Updates to adress any printing issues you might
   have been experiencing. Please see the Security Updates table to download and
   install the October security updates.
– Originally posted: September 23, 2019
– Updated: October 8, 2019
– Aggregate CVE Severity Rating: Critical

ADV990001 | Latest Servicing Stack Updates
–  – Version: 15.0
– Reason for Revision: A Servicing Stack Update has been released for all supported
   versions of Windows 10 (including Windows Server 2016 and 2019), Windows 8.1,
   Windows Server 2012 R2 and Windows Server 2012. See the FAQ section for more
   information.
– Originally posted: November 13, 2018
– Updated: October 8, 2019
– Aggregate CVE Severity Rating: Critical

****************************************************************************
Title: Microsoft Security Update Releases
Issued: October 10, 2019
****************************************************************************

Summary
=======

The following CVEs have undergone a major revision increment:

* CVE-2019-1316
* CVE-2019-1378

 
Revision Information:
=====================

CVE-2019-1316 | Microsoft Windows Setup Elevation of Privilege Vulnerability
– Version: 2.0
– Reason for Revision: The following updates have been made: 1. In the Security
   Updates table, corrected the Download type to “Setup DU” and corrected the Download
   and Article links. Please see the FAQ section for more information about Setup DUs.
   2. Removed Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems as
   they are not affected by this vulnerability.
   3. Added FAQ to explain Setup DU downloads and how to get these updates.
– Originally posted: October 8, 2019
– Updated: October 9, 2019
– Aggregate CVE Severity Rating: Important

CVE-2019-1378 | Windows 10 Update Assistant Elevation of Privilege Vulnerability
– Version: 2.0
– Reason for Revision: The security update for Windows Update Assistant is now
   available. See the Security Updates table for more information.
– Originally posted: October 8, 2019
– Updated: October 9, 2019
– Aggregate CVE Severity Rating: Important

Ähnliche Artikel:
Sicherheitslücke im Windows 10 Update Assistent
Patchday Windows 10-Updates (8. Oktober 2019)
Windows 10 Oktober 2019-Patchday (Startmenü-) Probleme


Anzeige
Dieser Beitrag wurde unter Edge, Internet Explorer, Sicherheit abgelegt und mit , , verschlagwortet. Setze ein Lesezeichen auf den Permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht.