Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11820
HistoryJul 09, 2019 - 12:00 a.m.

KLA11820 Multiple vulnerabilities in Microsoft Apps

2019-07-0900:00:00
Kaspersky Lab
threats.kaspersky.com
20

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

8.1 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

80.7%

JSON

Detect date:

07/09/2019

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to obtain sensitive information.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Outlook for iOS
Windows 7 for 32-bit Systems Service Pack 1
Windows 10 Version 1703 for x64-based Systems
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2019 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Office 365 ProPlus for 64-bit Systems
Windows Server, version 1803 (Server Core Installation)
Microsoft Office 2019 for 64-bit editions
Microsoft Outlook 2016 (32-bit edition)
Microsoft Outlook 2010 Service Pack 2 (64-bit editions)
Microsoft Lync Basic 2013 Service Pack 1 (32-bit)
Microsoft Exchange Server 2016 Cumulative Update 12
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft Exchange Server 2010 Service Pack 3
Skype for Business 2016 Basic (64-bit)
Mail and Calendar
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2013 Service Pack 1 (64-bit editions)
Microsoft Lync Basic 2013 Service Pack 1 (64-bit)
Windows 10 Version 1903 for ARM64-based Systems
Windows Server 2012 R2 (Server Core installation)
Skype for Business 2016 (32-bit)
Windows 8.1 for 32-bit systems
Microsoft Exchange Server 2016 Cumulative Update 13
Windows Server 2012
Microsoft Office 2013 RT Service Pack 1
Windows RT 8.1
Microsoft Remote Desktop for Android
Microsoft Lync 2013 Service Pack 1 (32-bit)
Windows 10 Version 1903 for 32-bit Systems
Microsoft Outlook 2010 Service Pack 2 (32-bit editions)
Windows 10 Version 1607 for x64-based Systems
Skype for Business 2016 (64-bit)
Microsoft Exchange Server 2019 Cumulative Update 1
Windows 10 Version 1803 for 32-bit Systems
Microsoft Outlook 2013 Service Pack 1 (32-bit editions)
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 for 32-bit Systems
Windows Server, version 1903 (Server Core installation)
Windows 10 Version 1803 for x64-based Systems
Windows Server 2016
Windows Server 2012 (Server Core installation)
Microsoft Office 2016 (64-bit edition)
Office 365 ProPlus for 32-bit Systems
Microsoft Outlook 2016 (64-bit edition)
Microsoft Lync 2013 Service Pack 1 (64-bit)
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Microsoft Outlook for Android
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2016 (Server Core installation)
Windows Server 2012 R2
Microsoft Office 2016 (32-bit edition)
Microsoft Outlook 2013 Service Pack 1 (64-bit editions)
Skype for Business 2016 Basic (32-bit)
Microsoft Exchange Server 2013 Cumulative Update 23
Windows 10 Version 1803 for ARM64-based Systems
Microsoft Office 2019 for Mac
Microsoft Remote Desktop for IoS
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1903 for x64-based Systems
Windows 10 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2019
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1809 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Microsoft Office 2016 for Mac
Microsoft Office 2013 Service Pack 1 (32-bit editions)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Microsoft Exchange Server 2019 Cumulative Update 2
Windows 8.1 for x64-based systems

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1108
CVE-2019-1084

Impacts:

OSI

Related products:

Microsoft Lync

CVE-IDS:

CVE-2019-11084.0Warning
CVE-2019-10844.0Warning

Microsoft official advisories:

References

Related

symantec 2
mskb 25
openvas 19
prion 2
nessus 17
cve 2
mscve 6
githubexploit 1
checkpoint_advisories 1
kaspersky 4
talosblog 1
symantec
symantec
Microsoft Exchange Server CVE-2019-1084 Information Disclosure Vulnerability
2019-07-09 00:00:00
Microsoft Windows Remote Desktop Protocol Client CVE-2019-1108 Information Disclosure Vulnerability
2019-07-09 00:00:00
mskb
mskb
Description of the security update for Outlook 2016: July 9, 2019
2019-07-09 07:00:00
Description of the security update for Outlook 2010: July 9, 2019
2019-07-09 07:00:00
Description of the security update for Office 2013: July 9, 2019
2019-07-09 07:00:00
openvas
openvas
Microsoft Office 2013 Service Pack 1 Information Disclosure Vulnerability (KB4464558)
2019-07-10 00:00:00
Microsoft Office 2016 Information Disclosure Vulnerability (KB4475514)
2019-07-10 00:00:00
Microsoft Outlook 2016 Information Disclosure Vulnerability (KB4475517)
2019-07-10 00:00:00
prion
prion
Information disclosure
2019-07-15 19:15:00
Information disclosure
2019-07-15 19:15:00
nessus
nessus
Security Updates for Microsoft Skype for Business and Microsoft Lync (July 2019)
2019-07-11 00:00:00
Security Updates for Outlook (July 2019)
2019-07-09 00:00:00
Security Updates for Microsoft Office (July 2019) (macOS)
2019-08-05 00:00:00
cve
cve
CVE-2019-1084
2019-07-15 19:15:00
CVE-2019-1108
2019-07-15 19:15:00
mscve
mscve
Microsoft Exchange Information Disclosure Vulnerability
2019-07-09 07:00:00
Remote Desktop Protocol Client Information Disclosure Vulnerability
2019-07-09 07:00:00
Microsoft Exchange Server Remote Code Execution Vulnerability
2021-03-02 08:00:00
githubexploit
githubexploit
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
2020-01-14 04:31:17
checkpoint_advisories
checkpoint_advisories
Microsoft Remote Desktop Protocol Client Information Disclosure (CVE-2019-1108)
2019-07-09 00:00:00
kaspersky
kaspersky
KLA11518 Multiple vulnerabilities in Microsoft Exchange Server
2019-07-09 00:00:00
KLA11512 Multiple vulnerabilities in Microsoft Office
2019-07-09 00:00:00
KLA11819 Multiple vulnerabilities in Microsoft Products (ESU)
2019-07-09 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — July 2019: Vulnerability disclosures and Snort coverage
2019-07-09 11:51:34

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

8.1 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

80.7%

JSON
Related for KLA11820
symantec2mskb25openvas19prion2nessus17cve2mscve6githubexploit1checkpoint_advisories1kaspersky4talosblog1