KLA11819Multiple vulnerabilities in Microsoft Products (ESU)

2019-07-09T00:00:00
ID KLA11819
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-07-22T00:00:00

Description

Detect date:

07/09/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Windows 7 for 32-bit Systems Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Windows 10 Version 1703 for x64-based Systems
Microsoft .NET Framework 4.5.2
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2019 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server, version 1803 (Server Core Installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft.IdentityModel 7.0.0
Microsoft .NET Framework 3.5 AND 4.8
Windows 10 Version 1903 for ARM64-based Systems
Windows Server 2012 R2 (Server Core installation)
Microsoft SharePoint Foundation 2013 Service Pack 1
Windows 8.1 for 32-bit systems
Windows Server 2012
Microsoft SharePoint Foundation 2010 Service Pack 2
Microsoft .NET Framework 3.5.1
Windows RT 8.1
Microsoft Remote Desktop for Android
Microsoft .NET Framework 4.8
Windows 10 Version 1903 for 32-bit Systems
Microsoft .NET Framework 3.0 Service Pack 2
Windows 10 Version 1607 for x64-based Systems
Microsoft .NET Framework 3.5
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 1903 (Server Core installation)
Internet Explorer 9
Windows 10 Version 1803 for x64-based Systems
Windows Server 2016
Windows Server 2012 (Server Core installation)
Microsoft SharePoint Enterprise Server 2016
Windows 10 Version 1809 for x64-based Systems
Microsoft .NET Framework 4.6
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2016 (Server Core installation)
Windows Server 2012 R2
Microsoft SharePoint Enterprise Server 2013 Service Pack 1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Windows 10 Version 1803 for ARM64-based Systems
Microsoft Remote Desktop for IoS
Microsoft .NET Framework 3.5 AND 4.7.2
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2019
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Internet Explorer 10
Internet Explorer 11
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Microsoft SharePoint Server 2019
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Windows 8.1 for x64-based systems
Microsoft Edge (EdgeHTML-based)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1108
CVE-2019-1004
CVE-2019-1099
CVE-2019-1006
CVE-2019-1101
CVE-2019-1100
CVE-2019-1102
CVE-2019-1104
CVE-2019-1088
CVE-2019-1089
CVE-2019-1063
CVE-2019-1082
CVE-2019-1085
CVE-2019-0887
CVE-2019-1132
CVE-2019-1116
CVE-2019-1071
CVE-2019-1073
CVE-2019-1098
CVE-2019-1097
CVE-2019-1096
CVE-2019-1095
CVE-2019-1094
CVE-2019-1093
CVE-2019-1059

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2019-11160.0Unknown
CVE-2019-11010.0Unknown
CVE-2019-10990.0Unknown
CVE-2019-10930.0Unknown
CVE-2019-11080.0Unknown
CVE-2019-10970.0Unknown
CVE-2019-10890.0Unknown
CVE-2019-10950.0Unknown
CVE-2019-10960.0Unknown
CVE-2019-11000.0Unknown
CVE-2019-11320.0Unknown
CVE-2019-10060.0Unknown
CVE-2019-10880.0Unknown
CVE-2019-10710.0Unknown
CVE-2019-10940.0Unknown
CVE-2019-10980.0Unknown
CVE-2019-11020.0Unknown
CVE-2019-10850.0Unknown
CVE-2019-08870.0Unknown
CVE-2019-10730.0Unknown
CVE-2019-10820.0Unknown
CVE-2019-10630.0Unknown
CVE-2019-11040.0Unknown
CVE-2019-10590.0Unknown
CVE-2019-10040.0Unknown

KB list:

4507456
4507449
4507452
4507461
4507434