September 2019 Patch Tuesday Index

80 Vulnerabilities

17 Critical

2 Zero-days

Updated Live. Last Update 2:17 PM Sept. 10 2019.

Vulnerability Types:

ACE: Arbitrary Code Execution XSS: Cross Site Scripting
EoP: Elevation of Privilege DoS: Denial of Service
SFB: Security Feature Bypass Info: Information Disclosure
RCE: Remote Code Execution Spoof: Spoofing Attack

 

Identifier

Title

Severity

Type

CVE-2019-8076

Adobe Application Manager Insecure Library Loading

Important

ACE

CVE-2019-8069

Adobe Flash Player Same Origin Method Execution

Critical

ACE

CVE-2019-8070

Adobe Flash Player Use After Free

Critical

ACE

CVE-2019-1214

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1215

Windows Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1235

Windows Text Service Framework Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1294

Windows Secure Boot Security Feature Bypass Vulnerability

Important

SFB

CVE-2019-0787

Remote Desktop Client Remote Code Execution Vulnerability

Critical

RCE

CVE-2019-0788

Remote Desktop Client Remote Code Execution Vulnerability

Critical

RCE

CVE-2019-1138

Chakra Scripting Engine Memory Corruption Vulnerability

Critical

RCE

CVE-2019-1208

VBScript Remote Code Execution Vulnerability

Critical

RCE

CVE-2019-1217

Chakra Scripting Engine Memory Corruption Vulnerability

Critical

RCE

CVE-2019-1221

Scripting Engine Memory Corruption Vulnerability

Critical

RCE

CVE-2019-1236

VBScript Remote Code Execution Vulnerability

Critical

RCE

CVE-2019-1237

Chakra Scripting Engine Memory Corruption Vulnerability

Critical

RCE

CVE-2019-1257

Microsoft SharePoint Remote Code Execution Vulnerability

Critical

RCE

CVE-2019-1280

LNK Remote Code Execution Vulnerability

Critical

RCE

CVE-2019-1290

Remote Desktop Client Remote Code Execution Vulnerability

Critical

RCE

CVE-2019-1291

Remote Desktop Client Remote Code Execution Vulnerability

Critical

RCE

CVE-2019-1295

Microsoft SharePoint Remote Code Execution Vulnerability

Critical

RCE

CVE-2019-1296

Microsoft SharePoint Remote Code Execution Vulnerability

Critical

RCE

CVE-2019-1298

Chakra Scripting Engine Memory Corruption Vulnerability

Critical

RCE

CVE-2019-1300

Chakra Scripting Engine Memory Corruption Vulnerability

Critical

RCE

CVE-2019-1306

Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability

Critical

RCE

CVE-2019-0928

Windows Hyper-V Denial of Service Vulnerability

Important

DoS

CVE-2019-1142

.NET Framework Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1209

Lync 2013 Information Disclosure Vulnerability

Important

Info

CVE-2019-1216

DirectX Information Disclosure Vulnerability

Important

Info

CVE-2019-1219

Windows Transaction Manager Information Disclosure Vulnerability

Important

Info

CVE-2019-1220

Microsoft Browser Security Feature Bypass Vulnerability

Important

SFB

CVE-2019-1231

Rome SDK Information Disclosure Vulnerability

Important

Info

CVE-2019-1232

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1233

Microsoft Exchange Denial of Service Vulnerability

Important

DoS

CVE-2019-1240

Jet Database Engine Remote Code Execution Vulnerability

Important

RCE

CVE-2019-1241

Jet Database Engine Remote Code Execution Vulnerability

Important

RCE

CVE-2019-1242

Jet Database Engine Remote Code Execution Vulnerability

Important

RCE

CVE-2019-1243

Jet Database Engine Remote Code Execution Vulnerability

Important

RCE

CVE-2019-1244

DirectWrite Information Disclosure Vulnerability

Important

Info

CVE-2019-1245

DirectWrite Information Disclosure Vulnerability

Important

Info

CVE-2019-1246

Jet Database Engine Remote Code Execution Vulnerability

Important

RCE

CVE-2019-1247

Jet Database Engine Remote Code Execution Vulnerability

Important

RCE

CVE-2019-1248

Jet Database Engine Remote Code Execution Vulnerability

Important

RCE

CVE-2019-1249

Jet Database Engine Remote Code Execution Vulnerability

Important

RCE

CVE-2019-1250

Jet Database Engine Remote Code Execution Vulnerability

Important

RCE

CVE-2019-1251

DirectWrite Information Disclosure Vulnerability

Important

Info

CVE-2019-1252

Windows GDI Information Disclosure Vulnerability

Important

Info

CVE-2019-1253

Windows Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1254

Windows Hyper-V Information Disclosure Vulnerability

Important

Info

CVE-2019-1256

Win32k Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1258

Azure Active Directory Authentication Library Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1260

Microsoft SharePoint Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1261

Microsoft SharePoint Spoofing Vulnerability

Important

Spoof

CVE-2019-1262

Microsoft Office SharePoint XSS Vulnerability

Important

XSS

CVE-2019-1263

Microsoft Excel Information Disclosure Vulnerability

Important

Info

CVE-2019-1264

Microsoft Office Security Feature Bypass Vulnerability

Important

SFB

CVE-2019-1265

Microsoft Yammer Security Feature Bypass Vulnerability

Important

SFB

CVE-2019-1266

Microsoft Exchange Spoofing Vulnerability

Important

Spoof

CVE-2019-1267

Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1268

Winlogon Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1269

Windows ALPC Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1270

Microsoft Windows Store Installer Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1271

Windows Media Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1272

Windows ALPC Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1273

Active Directory Federation Services XSS Vulnerability

Important

XSS

CVE-2019-1274

Windows Kernel Information Disclosure Vulnerability

Important

Info

CVE-2019-1277

Windows Audio Service Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1278

Windows Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1282

Windows Common Log File System Driver Information Disclosure Vulnerability

Important

Info

CVE-2019-1283

Microsoft Graphics Components Information Disclosure Vulnerability

Important

Info

CVE-2019-1284

DirectX Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1285

Win32k Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1286

Windows GDI Information Disclosure Vulnerability

Important

Info

CVE-2019-1287

Windows Network Connectivity Assistant Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1289

Windows Update Delivery Optimization Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1292

Windows Denial of Service Vulnerability

Important

DoS

CVE-2019-1293

Windows SMB Client Driver Information Disclosure Vulnerability

Important

Info

CVE-2019-1297

Microsoft Excel Remote Code Execution Vulnerability

Important

RCE

CVE-2019-1299

Microsoft Edge based on Edge HTML Information Disclosure Vulnerability

Important

Info

CVE-2019-1301

.NET Core Denial of Service Vulnerability

Important

DoS

CVE-2019-1302

ASP.NET Core Elevation Of Privilege Vulnerability

Important

EoP

CVE-2019-1303

Windows Elevation of Privilege Vulnerability

Important

EoP

CVE-2019-1305

Team Foundation Server Cross-site Scripting Vulnerability

Important

XSS

CVE-2019-1259

Microsoft SharePoint Spoofing Vulnerability

Moderate

Spoof

 

Want a more in-depth discussion about this month's Patch Tuesday releases? Join Richard Melick on Thursday, September 12th, at 1:00 pm EST for Automox's Automating Patch Tuesday Webinar. Even if you can't make it, we'll send you a recording to watch at your leisure. Sign up below!

SAVE MY SPOT

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure. 

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Get Instant Updates on Vulnerabilities

Subscribe to receive Automox vulnerability alerts

Reduce your threat surface by up to 80%

Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene.

Take 15 days to raise your security confidence!
Start a Free Trial