{"id": "CVE-2019-1234", "bulletinFamily": "NVD", "title": "CVE-2019-1234", "description": "A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.", "published": "2019-11-12T19:15:00", "modified": "2020-02-13T20:15:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1234", "reporter": "cve@mitre.org", "references": ["https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234", "https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/"], "cvelist": ["CVE-2019-1234"], "type": "cve", "lastseen": "2021-02-02T07:12:49", "edition": 6, "viewCount": 34, "enchantments": {"dependencies": {"references": [{"type": "symantec", "idList": ["SMNTC-110794"]}, {"type": "kaspersky", "idList": ["KLA11659"]}, {"type": "mscve", "idList": ["MS:CVE-2019-1234"]}, {"type": "thn", "idList": ["THN:0C7E84207B4D65E7F360B825BEC52DF5"]}, {"type": "talosblog", "idList": ["TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E"]}], "modified": "2021-02-02T07:12:49", "rev": 2}, "score": {"value": 3.1, "vector": "NONE", "modified": "2021-02-02T07:12:49", "rev": 2}, "vulnersScore": 3.1}, "cpe": ["cpe:/a:microsoft:azure_stack:-"], "affectedSoftware": [{"cpeName": "microsoft:azure_stack", "name": "microsoft azure stack", "operator": "eq", "version": "-"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:microsoft:azure_stack:-:*:*:*:*:*:*:*"], "cwe": ["CWE-290"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:azure_stack:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234"}, {"name": "https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/", "refsource": "MISC", "tags": [], "url": "https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/"}], "immutableFields": []}

{"symantec": [{"lastseen": "2019-11-13T21:21:46", "bulletinFamily": "software", "cvelist": ["CVE-2019-1234"], "description": "### Description\n\nMicrosoft Azure Stack is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible.\n\n### Technologies Affected\n\n * Microsoft Azure Stack \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nNever follow links provided by unknown or untrusted sources.\n\n**Set web browser security to disable the execution of script code or active content.** \nSince a successful exploit of this issue allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2019-11-12T00:00:00", "published": "2019-11-12T00:00:00", "id": "SMNTC-110794", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110794", "type": "symantec", "title": "Microsoft Azure Stack CVE-2019-1234 Spoofing Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2020-09-02T11:47:40", "bulletinFamily": "info", "cvelist": ["CVE-2019-1234"], "description": "### *Detect date*:\n11/12/2019\n\n### *Severity*:\nHigh\n\n### *Description*:\nA spoofing vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to spoof user interface.\n\n### *Affected products*:\nAzure Stack\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1234](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1234>) \n\n\n### *Impacts*:\nSUI \n\n### *Related products*:\n[Microsoft Azure](<https://threats.kaspersky.com/en/product/Microsoft-Azure/>)\n\n### *CVE-IDS*:\n[CVE-2019-1234](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1234>)0.0Unknown\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-05-22T00:00:00", "published": "2019-11-12T00:00:00", "id": "KLA11659", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11659", "title": "\r KLA11659A spoofing vulnerability in Microsoft Azure ", "type": "kaspersky", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "mscve": [{"lastseen": "2021-03-18T19:16:06", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1234"], "description": "A spoofing vulnerability exists when Azure Stack fails to validate certain requests. An attacker who successfully exploited the vulnerability could make requests to internal Azure Stack resources.\n\nAn attacker could exploit the vulnerability by sending a specially crafted request to the Azure Stack user portal.\n\nThe update addresses the vulnerability by changing how Azure Stack handles certain requests.\n", "modified": "2020-02-03T08:00:00", "published": "2019-11-12T08:00:00", "id": "MS:CVE-2019-1234", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1234", "type": "mscve", "title": "Azure Stack Spoofing Vulnerability", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "thn": [{"lastseen": "2020-01-30T13:28:19", "bulletinFamily": "info", "cvelist": ["CVE-2019-1234", "CVE-2019-1372"], "description": "[](<https://1.bp.blogspot.com/-KwZXs6XCBLM/XjLC-6aVvYI/AAAAAAAA2QE/Kk6liyCBtekGqqh6bSkkQ5rnIR1l0oPWQCLcBGAsYHQ/s728-e100/microsoft-azure-hacking.jpg>)\n\nCybersecurity researchers at Check Point today disclosed details of two [recently patched](<https://thehackernews.com/2019/12/windows-zero-day-patch.html>) potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. \n \nAzure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any platform or device, and easily integrate them with SaaS solutions, on-premises apps to automate business processes. \n \nAccording to a report researchers shared with The Hacker News, the first security vulnerability ([CVE-2019-1234](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234>)) is a request spoofing issue that affected Azure Stack, a hybrid cloud computing software solution by Microsoft. \n\n\n \nIf exploited, the issue would have enabled a remote hacker to unauthorizedly access screenshots and sensitive information of any virtual machine running on Azure infrastructure\u2014it doesn't matter if they're running on a shared, dedicated or isolated virtual machines. \n \nAccording to [researchers](<https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/>), this flaw is exploitable through Microsoft Azure Stack Portal, an interface where users can access clouds they have created using Azure Stack. \n \nBy leveraging an insure API, researchers found a way to get the virtual machine name and ID, hardware information like cores, total memory of targeted machines, and then used it with another unauthenticated HTTP request to grab screenshots, as shown. \n \n\n\n[](<https://1.bp.blogspot.com/-ddMu79CwlhQ/XjLN4FzeVLI/AAAAAAAA2QQ/7FNAxSY0SkEbjI-8N8eW3zzqLOSoxw5wACLcBGAsYHQ/s728-e100/microsoft-azure-screenshots.jpg>)\n\n \nWhereas, the second issue ([CVE-2019-1372](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372>)) is a remote code execution flaw that affected the Azure App Service on Azure Stack, which would have enabled a hacker to take complete control over the entire Azure server and consequently take control over an enterprises' business code. \n \nWhat's more interesting is that an attacker can exploit both issues by creating a free user account with Azure Cloud and running malicious functions on it or sending unauthenticated HTTP requests to the Azure Stack user portal. \n \nCheck Point published a detailed [technical post](<https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii>) on the second flaw, but in brief, it resided in the way DWASSVC, a service responsible for managing and running tenants' apps and IIS worker processes, which actually run the tenant application, communicate with each other for defined tasks. \n\n\n \nSince Azure Stack failed to check the length of a buffer before copying memory to it, an attacker could have exploited the issue by sending a specially crafted message to DWASSVC service, allowing it to execute malicious code on the server as the highest NT AUTHORITY/SYSTEM privilege. \n \n\"So how can an attacker send a message to DWASSVC (DWASInterop.dll)? By design, when running the C# Azure function, it runs in the context of the worker (w3wp.exe),\" the researchers said. \n \n\"This lets an attacker the possibility to enumerate the currently opened handles. That way, he can find the already opened named pipe handle and send a specially crafted message.\" \n \nCheck Point researcher Ronen Shustin, who discovered both vulnerabilities, responsibly reported the issues to Microsoft last year, preventing hackers from causing severe damage and chaos. \n \nAfter patching both issues late last year, the company awarded Shustin with 40,000 USD under its Azure bug bounty program. \n\n\nHave something to say about this article? Comment below or share it with us on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter](<https://twitter.com/thehackersnews>) or our [LinkedIn Group](<https://www.linkedin.com/company/thehackernews/>).\n", "modified": "2020-01-30T12:37:33", "published": "2020-01-30T11:59:00", "id": "THN:0C7E84207B4D65E7F360B825BEC52DF5", "href": "https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html", "type": "thn", "title": "Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2019-11-17T18:28:30", "bulletinFamily": "blog", "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0721", "CVE-2019-1020", "CVE-2019-11135", "CVE-2019-1234", "CVE-2019-1309", "CVE-2019-1310", "CVE-2019-1324", "CVE-2019-1370", "CVE-2019-1373", "CVE-2019-1374", "CVE-2019-1379", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1383", "CVE-2019-1384", "CVE-2019-1385", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1392", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1398", "CVE-2019-1399", "CVE-2019-1402", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1412", "CVE-2019-1413", "CVE-2019-1415", "CVE-2019-1416", "CVE-2019-1417", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1420", "CVE-2019-1422", "CVE-2019-1423", "CVE-2019-1424", "CVE-2019-1425", "CVE-2019-1426", "CVE-2019-1427", "CVE-2019-1428", "CVE-2019-1429", "CVE-2019-1430", "CVE-2019-1432", "CVE-2019-1433", "CVE-2019-1434", "CVE-2019-1435", "CVE-2019-1436", "CVE-2019-1437", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1440", "CVE-2019-1441", "CVE-2019-1442", "CVE-2019-1443", "CVE-2019-1445", "CVE-2019-1446", "CVE-2019-1447", "CVE-2019-1448", "CVE-2019-1449", "CVE-2019-1456"], "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \n \n \n \n \n \n \n \n \n \n \n_By Jon Munshaw._ \n \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The [latest Patch Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance>) discloses 75 vulnerabilities, 13 of which are considered \"critical,\" with the rest being deemed \"important.\" \n \nThis month\u2019s security update covers security issues in a variety of Microsoft services and software, including the Scripting Engine, the Windows Hyper-V hypervisor, and Win32. Cisco Talos discovered one of these vulnerabilities, [CVE-2019-1448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1448>) \u2014a [remote code execution vulnerability](<https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html>) in Microsoft Excel. For more on this bug, read our full Vulnerability Spotlight [here](<https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html>). We are also [disclosing a remote code execution vulnerability](<https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-media-foundation-nov-2019-RCE.html>) in Microsoft Media Foundation. \n \nTalos also released a new set of SNORT\u24c7 rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post [here](<https://blog.snort.org/2019/11/snort-rule-update-for-nov-12-2019.html>). \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 13 critical vulnerabilities this month, nine of which we will highlight below. \n \n[CVE-2019-0721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0721>), [CVE-2019-1389](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1398>), [CVE-2019-1397](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1397>) and [CVE-2019-1398](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1398>) are all vulnerabilities in Windows Hyper-V that could allow an attacker to remotely execute code on the victim machine. These bugs arise when Hyper-V on a host server improperly validates input from an authenticated user on a guest operating system. An attacker can exploit these vulnerabilities by running a specially crafted application on a guest OS. This could allow a malicious user to escape the hypervisor or a sandbox. \n \n[CVE-2019-1390](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1390>) is a remote code execution vulnerability in VBScript. This vulnerability could allow an attacker to corrupt memory in a way that would enable them to execute remote code in the context of the current user. A user could trigger this vulnerability by visiting an attacker-created website while using the Internet Explorer browser, or by opening an Office document or application that contains an ActiveX control marked \"safe for initialization.\" \n \n[CVE-2019-1426](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1426>),[ CVE-2019-1427](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1427>), [CVE-2019-1428](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1428>) and [CVE-2019-1429](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429>) are memory corruption vulnerabilities in the Microsoft Scripting Engine that could lead to remote code execution. The bugs exist in the way the Microsoft Edge web browser handles objects in memory. A user could trigger these vulnerabilities by visiting an attacker-controlled website in Edge. \n \nThe four other critical vulnerabilities are: \n\n\n * [CVE-2019-1373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373>)\n * [CVE-2019-1419](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1419>)\n * [CVE-2019-1430](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1430>)\n * [CVE-2019-1441](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1441>)\n\n### Important vulnerabilities\n\nThis release also contains 62 important vulnerabilities, one of which we will highlight below. \n \n[CVE-2019-1020](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1020>) is a security feature bypass vulnerability in the Windows secure boot process. An attacker could run a specially crafted application to bypass secure boot and load malicious software. This security update fixes the issue by blocking vulnerable third-party bootloaders. An update also needs to be applied to Windows Defender. \n \nThe other important vulnerabilities are: \n\n\n * [CVE-2018-12207](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-12207>)\n * [CVE-2019-0712](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0712>)\n * [CVE-2019-11135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-11135>)\n * [CVE-2019-1234](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234>)\n * [CVE-2019-1309](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1309>)\n * [CVE-2019-1310](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1310>)\n * [CVE-2019-1324](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1324>)\n * [CVE-2019-1370](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1370>)\n * [CVE-2019-1374](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1374>)\n * [CVE-2019-1379](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1379>)\n * [CVE-2019-1380](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1380>)\n * [CVE-2019-1381](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1381>)\n * [CVE-2019-1382](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1382>)\n * [CVE-2019-1383](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1383>)\n * [CVE-2019-1384](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1384>)\n * [CVE-2019-1385](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385>)\n * [CVE-2019-1388](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388>)\n * [CVE-2019-1391](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1391>)\n * [CVE-2019-1392](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1392>)\n * [CVE-2019-1393](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1393>)\n * [CVE-2019-1394](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1394>)\n * [CVE-2019-1395](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1395>)\n * [CVE-2019-1396](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1396>)\n * [CVE-2019-1399](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1399>)\n * [CVE-2019-1402](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1402>)\n * [CVE-2019-1405](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405>)\n * [CVE-2019-1406](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1406>)\n * [CVE-2019-1407](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1407>)\n * [CVE-2019-1408](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1408>)\n * [CVE-2019-1409](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1409>)\n * [CVE-2019-1411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1411>)\n * [CVE-2019-1412](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1412>)\n * [CVE-2019-1413](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1413>)\n * [CVE-2019-1415](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1415>)\n * [CVE-2019-1416](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1416>)\n * [CVE-2019-1417](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1417>)\n * [CVE-2019-1418](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1418>)\n * [CVE-2019-1420](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1420>)\n * [CVE-2019-1422](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1422>)\n * [CVE-2019-1423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1423>)\n * [CVE-2019-1424](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1424>)\n * [CVE-2019-1425](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425>)\n * [CVE-2019-1432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1432>)\n * [CVE-2019-1433](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1433>)\n * [CVE-2019-1434](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1434>)\n * [CVE-2019-1435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1435>)\n * [CVE-2019-1436](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1436>)\n * [CVE-2019-1437](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1437>)\n * [CVE-2019-1438](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1438>)\n * [CVE-2019-1439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1439>)\n * [CVE-2019-1440](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1440>)\n * [CVE-2019-1442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1442>)\n * [CVE-2019-1443](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443>)\n * [CVE-2019-1445](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1445>)\n * [CVE-2019-1446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1446>)\n * [CVE-2019-1447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1447>)\n * [CVE-2019-1448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1448>)\n * [CVE-2019-1449](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1449>)\n * [CVE-2019-1456](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1456>)\n * [CVE-2019-0721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0721>)\n * [CVE-2019-1373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373>)\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing a new SNORT\u24c7 rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nThese rules are: 46548, 46549, 52205 - 52209, 52212, 52213, 52216, 52217 - 52225, 52228 - 52234, 52239, 52240\n\n", "modified": "2019-11-12T11:58:09", "published": "2019-11-12T11:58:09", "id": "TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/RA0KAo5GE1Y/microsoft-patch-tuesday-nov-2019.html", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 Nov. 2019: Vulnerability disclosures and Snort coverage", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}