July 2019 - Microsoft Releases Security Patches
Data notifica: 10 luglio 2019
Descrizione
Microsoft addresses vulnerabilities in its July security bulletin. Trend Micro Deep Security covers the following:
- CVE-2019-1001 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This memory corruption vulnerability exists in the improper handling of objects in memory by the scripting engine in Microsoft browsers. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability. - CVE-2019-1004 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This memory corruption vulnerability exists in the improper handling of objects in memory by the scripting engine in Microsoft browsers. Attackers looking to exploit this vulnerability must find a way to convince a user to visit a specially crafted website that contains an exploit to this vulnerability. - CVE-2019-1062 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This memory corruption vulnerability exists in the handling of objects in memory in the Chakra scripting engine of Microsoft Edge. Attackers looking to exploit this vulnerability may host a specially crafted website that contains an exploit to this vulnerability. - CVE-2019-1063 - Internet Explorer Memory Corruption Vulnerability
Risk Rating: Critical
This memory corruption vulnerability exists in the handling of objects in memory by Internet Explorer. Attackers looking to exploit this vulnerability may host a specially crafted website that contains an exploit to this vulnerability. - CVE-2019-1092 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This memory corruption vulnerability exists in the handling of objects in memory in the Chakra scripting engine of Microsoft Edge. Attackers looking to exploit this vulnerability may host a specially crafted website that contains an exploit to this vulnerability. - CVE-2019-1103 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This memory corruption vulnerability exists in the improper handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability may create a specially crafted webpage that contains an exploit to this vulnerability. - CVE-2019-1104 - Microsoft Browser Memory Corruption Vulnerability
Risk Rating: Critical
This memory corruption vulnerability exists in the improper handling of objects in memory by Microsoft browsers. Attackers looking to exploit this vulnerability may create a specially crafted webpage that contains an exploit to this vulnerability. - CVE-2019-1106 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This memory corruption vulnerability exists in the handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability may gain the same user rights as the currently logged on user. - CVE-2019-1107 - Chakra Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This memory corruption vulnerability exists in the handling of objects in memory by the Chakra scripting engine in Microsoft Edge. Attackers looking to exploit this vulnerability may gain the same user rights as the currently logged on user. - CVE-2019-1112 - Microsoft Excel Information Disclosure Vulnerability
Risk Rating: Important
This information disclosure vulnerability exists in the disclosure of memory contents by Microsoft Excel. Attackers looking to exploit this vulnerability may host a specially crafted file that contains an exploit to this vulnerability.
Informazioni esposizione:
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection are also protected from attacks using these vulnerabilities.
| Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection Compatibility |
| CVE-2019-1001 | 1009839 | Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability (CVE-2019-1001) | 09-Jul-19 | YES |
| CVE-2019-1004 | 1009837 | Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2019-1004) | 09-Jul-19 | YES |
| CVE-2019-1062 | 1009843 | Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1062) | 09-Jul-19 | YES |
| CVE-2019-1063 | 1009836 | Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2019-1063) | 09-Jul-19 | YES |
| CVE-2019-1103 | 1009840 | Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1103) | 09-Jul-19 | YES |
| CVE-2019-1104 | 1009838 | Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2019-1104) | 09-Jul-19 | YES |
| CVE-2019-1106 | 1009841 | Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1106) | 09-Jul-19 | YES |
| CVE-2019-1112 | 1009835 | Microsoft Excel Information Disclosure Vulnerability (CVE-2019-1112) | 09-Jul-19 | YES |
| CVE-2019-0698 | 1009798 | Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1106) | 09-Jul-19 | NO |