Microsoft October 2019 Security Updates

Discussion in 'update alerts' started by NICK ADSL UK, Oct 8, 2019.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,320
    Location:
    UK
    Release Notes
    October 2019 Security Updates
    Release Date: October 08, 2019


    The October security release consists of security updates for the following software:

    • Microsoft Windows
    • Internet Explorer
    • Microsoft Edge (EdgeHTML-based)
    • ChakraCore
    • Microsoft Office and Microsoft Office Services and Web Apps
    • SQL Server Management Studio
    • Open Source Software
    • Microsoft Dynamics 365
    • Windows Update Assistant
    Please note the following information regarding the security updates:

    • A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.
    • Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.
    • Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.
    • For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.
    • In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.
    • Starting in May 2019, Internet Explorer 11 is available on Windows Server 2012. This configuration is present only in the IE Cumulative package.
    The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

    Known Issues

    KB Article Applies To
    4519338 Windows 10, version 1809, Windows Server 2019
    4519974 Internet Explorer
    4519976 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Monthly Rollup)
    4519985 Windows Server 2012 (Security-only update)
    4519990 Windows 8.1, Windows Server 2012 R2 (Security-only update)
    4519998 Windows 10, version 1607, Windows Server 2016
    4520004 Windows 10, version 1709
    4520005 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
    4520007 Windows Server 2012 (Monthly Rollup)
    4520008 Windows 10, version 1803, Windows Server version 1803
    4520010 Windows 10, version 1703
    4520011 Windows 10

    https://portal.msrc.microsoft.com/e...tedetail/28ef0a64-489c-e911-a994-000d3a33c573
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,320
    Location:
    UK
    Title: Microsoft Security Update Releases
    Issued: October 8, 2019
    **************************************************************************************

    Summary
    =======

    The following CVEs and advisory have undergone a major revision increment:

    * CVE-2019-1192
    * CVE-2019-1367
    * ADV190001


    Revision Information:
    =====================

    - CVE-2019-1192 | Microsoft Browsers Security Feature Bypass Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1192
    - Version: 2.0
    - Reason for Revision: To comprehensively address CVE-2019-1192, Microsoft has
    released October 2019 security updates for Microsoft Edge installed on supported
    editions of Windows 10; for Internet Explorer 11 installed on all affected versions
    of Window 10, Windows 8.1, Server 2012, and Windows 7; and for Internet Explorer 10
    installed on Windows Server 2012. Microsoft strongly recommends that customers
    install the updates to be fully protected from the vulnerability. Customers whose
    systems are configured to receive automatic updates do not need to take any
    further action.
    - Originally posted: August 13, 2019
    - Updated: October 8, 2019
    - Aggregate CVE Severity Rating: Important

    - CVE-2019-1367 | Scripting Engine Memory Corruption Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1367
    - Version: 3.0
    - Reason for Revision: The October security updates Microsoft is releasing on
    October 8, 2019 address a known printing issue customers might have experienced
    after installing any of the Security Updates, IE Cumulative Updates, or Monthly
    Rollups that were released on September 23 or October 3 for all applicable
    installations of Internet Explorer 9, 10, or 11 on Microsoft Windows. Customers
    who have already installed the updates released on September 23 or October 3
    should install the October Security Updates to adress any printing issues you might
    have been experiencing. Please see the Security Updates table to download and
    install the October security updates.
    - Originally posted: September 23, 2019
    - Updated: October 8, 2019
    - Aggregate CVE Severity Rating: Critical

    - ADV990001 | Latest Servicing Stack Updates
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001
    - Version: 15.0
    - Reason for Revision: A Servicing Stack Update has been released for all supported
    versions of Windows 10 (including Windows Server 2016 and 2019), Windows 8.1,
    Windows Server 2012 R2 and Windows Server 2012. See the FAQ section for more
    information.
    - Originally posted: November 13, 2018
    - Updated: October 8, 2019
    - Aggregate CVE Severity Rating: Critical
     
  3. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,320
    Location:
    UK
    Title: Microsoft Security Update Releases
    Issued: October 10, 2019
    **************************************************************************************

    Summary
    =======

    The following CVEs have undergone a major revision increment:

    * CVE-2019-1316
    * CVE-2019-1378


    Revision Information:
    =====================

    - CVE-2019-1316 | Microsoft Windows Setup Elevation of Privilege Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1316
    - Version: 2.0
    - Reason for Revision: The following updates have been made: 1. In the Security
    Updates table, corrected the Download type to "Setup DU" and corrected the Download
    and Article links. Please see the FAQ section for more information about Setup DUs.
    2. Removed Windows 10 for 32-bit Systems and Windows 10 for x64-based Systems as
    they are not affected by this vulnerability.
    3. Added FAQ to explain Setup DU downloads and how to get these updates.
    - Originally posted: October 8, 2019
    - Updated: October 9, 2019
    - Aggregate CVE Severity Rating: Important

    - CVE-2019-1378 | Windows 10 Update Assistant Elevation of Privilege Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1378
    - Version: 2.0
    - Reason for Revision: The security update for Windows Update Assistant is now
    available. See the Security Updates table for more information.
    - Originally posted: October 8, 2019
    - Updated: October 9, 2019
    - Aggregate CVE Severity Rating: Important
     
  4. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,320
    Location:
    UK
    Title: Microsoft Security Update Releases
    Issued: October 17, 2019
    **************************************************************************************

    Summary
    =======

    The following CVE has undergone a major revision increment:

    * CVE-2019-1414


    Revision Information:
    =====================

    - CVE-2019-1414 | Visual Studio Code Elevation of Privilege Vulnerability
    - https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1414
    - Version: 1.0
    - Reason for Revision: Information published.
    - Originally posted: October 17, 2019
    - Updated: N/A
    - Aggregate CVE Severity Rating: Important
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.