Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11989
HistoryAug 13, 2019 - 12:00 a.m.

KLA11989 Multiple vulnerabilities in Microsoft Products (ESU)

2019-08-1300:00:00
Kaspersky Lab
threats.kaspersky.com
28

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.902 High

EPSS

Percentile

98.8%

JSON

Detect date:

08/13/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Products (Extended Support Update). Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, spoof user interface, gain privileges.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Windows Server 2012 R2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
Windows Server 2012
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2012 (Server Core installation)
Windows Server 2008 for Itanium-Based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Internet Explorer 9
Windows Server 2012 R2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-1194
CVE-2019-1133
CVE-2019-1143
CVE-2019-0720
CVE-2019-0715
CVE-2019-0716
CVE-2019-1144
CVE-2019-9506
CVE-2019-1154
CVE-2019-1177
CVE-2019-1153
CVE-2019-1147
CVE-2019-1078
CVE-2019-0714
CVE-2019-1169
CVE-2019-1145
CVE-2019-1187
CVE-2019-1151
CVE-2019-1146
CVE-2019-1148
CVE-2019-1178
CVE-2019-1157
CVE-2019-1213
CVE-2019-1155
CVE-2019-0723
CVE-2019-1149
CVE-2019-1159
CVE-2019-1212
CVE-2019-1162
CVE-2019-1150
CVE-2019-1164
CVE-2019-1152
CVE-2019-1158
CVE-2019-1156
CVE-2019-1228
CVE-2019-1057
CVE-2019-0736
CVE-2019-1168
CVE-2019-1206
CVE-2019-0718
CVE-2019-1172
CVE-2019-1182
CVE-2019-1181
CVE-2019-1180
ADV190023

Impacts:

ACE

Related products:

Microsoft Internet Explorer

CVE-IDS:

CVE-2019-11947.5Critical
CVE-2019-11337.5Critical
CVE-2019-11435.5High
CVE-2019-07208.4Critical
CVE-2019-07156.2High
CVE-2019-07164.9Warning
CVE-2019-11448.8Critical
CVE-2019-95068.1Critical
CVE-2019-11545.5High
CVE-2019-11777.8Critical
CVE-2019-11535.5High
CVE-2019-11477.8Critical
CVE-2019-10785.5High
CVE-2019-07146.2High
CVE-2019-11697.8Critical
CVE-2019-11458.8Critical
CVE-2019-11877.5Critical
CVE-2019-11518.8Critical
CVE-2019-11467.8Critical
CVE-2019-11485.5High
CVE-2019-11787.8Critical
CVE-2019-11807.8Critical
CVE-2019-11819.8Critical
CVE-2019-11577.8Critical
CVE-2019-12139.8Critical
CVE-2019-07186.2High
CVE-2019-11724.3Warning
CVE-2019-11557.8Critical
CVE-2019-07236.2High
CVE-2019-11498.8Critical
CVE-2019-12067.5Critical
CVE-2019-11597.8Critical
CVE-2019-12127.5Critical
CVE-2019-11627.8Critical
CVE-2019-11508.8Critical
CVE-2019-11647.8Critical
CVE-2019-11528.8Critical
CVE-2019-11585.5High
CVE-2019-11567.8Critical
CVE-2019-12285.5High
CVE-2019-11829.8Critical
CVE-2019-10578.8Critical
CVE-2019-07369.8Critical
CVE-2019-11687.8Critical

KB list:

4512518
4512506
4512488
4511872
4512476
4512486
4512491
4512482
4512489

Microsoft official advisories:

References

Related

mskb 16
nessus 17
openvas 11
cve 45
prion 45
kaspersky 3
talosblog 2
threatpost 1
krebs 1
qualysblog 1
myhack58 1
attackerkb 1
cisa 1
msrc 3
thn 2
huawei 1
mscve 17
symantec 16
zdi 2
githubexploit 1
cert 1
redhat 3
veracode 1
malwarebytes 1
ubuntucve 1
fortinet 1
redhatcve 1
f5 1
debiancve 1
checkpoint_advisories 1
mskb
mskb
August 13, 2019—KB4512491 (Security-only update)
2019-08-13 07:00:00
August 13, 2019—KB4512482 (Security-only update)
2019-08-13 07:00:00
August 13, 2019—KB4512489 (Security-only update)
2019-08-13 07:00:00
nessus
nessus
KB4512491: Windows Server 2008 August 2019 Security Update
2019-08-13 00:00:00
KB4512482: Windows Server 2012 August 2019 Security Update
2019-08-13 00:00:00
KB4512486: Windows 7 and Windows Server 2008 R2 August 2019 Security Update
2019-08-13 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4512506)
2019-08-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4512488)
2019-08-14 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4512517)
2019-08-14 00:00:00
cve
cve
CVE-2019-1150
2019-08-14 21:15:00
CVE-2019-1151
2019-08-14 21:15:00
CVE-2019-1144
2019-08-14 21:15:00
prion
prion
Remote code execution
2019-08-14 21:15:00
Remote code execution
2019-08-14 21:15:00
Remote code execution
2019-08-14 21:15:00
kaspersky
kaspersky
KLA11534 Multiple vulnerabilities in Microsoft Windows
2019-08-13 00:00:00
KLA11697 RCE vulnerabilities in Microsoft Apps
2019-08-13 00:00:00
KLA11536 Multiple vulnerabilities in Microsoft Office
2019-08-13 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage
2019-08-14 09:55:35
The latest on BlueKeep and DejaBlue vulnerabilities — Using Firepower to defend against encrypted DejaBlue
2019-11-04 07:43:36
threatpost
threatpost
Shades of BlueKeep: Wormable Remote Desktop Bugs Top August Patch Tuesday List
2019-08-13 20:29:10
krebs
krebs
Patch Tuesday, August 2019 Edition
2019-08-13 21:57:13
qualysblog
qualysblog
August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns
2019-08-13 18:49:51
myhack58
myhack58
Windows Remote Desktop Services remote command execution vulnerability, CVE-2019-1181/1182-a vulnerability warning-the black bar safety net
2019-08-14 00:00:00
attackerkb
attackerkb
DejaBlue, RDP Heap Overflow
2019-08-14 00:00:00
cisa
cisa
Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities
2019-08-14 00:00:00
msrc
msrc
Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)
2019-08-13 07:00:00
Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)
2019-08-13 17:07:13
Patch new wormable vulnerabilities in Remote Desktop Services (CVE-2019-1181/1182)
2019-08-13 07:00:00
thn
thn
4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered
2019-08-13 18:22:00
Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows
2019-08-13 16:15:00
huawei
huawei
Security Advisory - Four Remote Code Execution Vulnerabilities in Some Microsoft Windows Systems
2019-08-19 00:00:00
mscve
mscve
Windows Denial of Service Vulnerability
2019-08-13 07:00:00
Encryption Key Negotiation of Bluetooth Vulnerability
2019-08-13 07:00:00
Windows Kernel Information Disclosure Vulnerability
2019-08-13 07:00:00
symantec
symantec
Microsoft Windows CVE-2019-0716 Denial of Service Vulnerability
2019-08-13 00:00:00
Microsoft Windows Kernel CVE-2019-1228 Local Information Disclosure Vulnerability
2019-08-13 00:00:00
Microsoft Windows CVE-2019-1178 Local Privilege Escalation Vulnerability
2019-08-13 00:00:00
zdi
zdi
Microsoft Windows Font Subsetting Library Use-After-Free Remote Code Execution Vulnerability
2019-08-13 00:00:00
Microsoft Windows Font Subsetting Library Double Free Remote Code Execution Vulnerability
2019-08-13 00:00:00
githubexploit
githubexploit
Exploit for Use of a Broken or Risky Cryptographic Algorithm in Google Android
2019-08-15 11:54:21
cert
cert
Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks
2019-08-14 00:00:00
redhat
redhat
(RHSA-2019:3165) Important: kernel-rt security and bug fix update
2019-10-22 09:33:14
(RHSA-2020:1460) Important: kernel security and bug fix update
2020-04-14 13:55:17
(RHSA-2019:3218) Important: kernel security and bug fix update
2019-10-29 11:37:16
veracode
veracode
Brute-force Attack
2019-10-09 00:22:32
malwarebytes
malwarebytes
Bluetooth vulnerability can be exploited in Key Negotiation of Bluetooth (KNOB) attacks
2019-08-21 15:56:45
ubuntucve
ubuntucve
CVE-2019-9506
2019-08-13 00:00:00
fortinet
fortinet
CVE-2019-9506 Encryption Key Negotiation of Bluetooth (KNOB) Vulnerability
2020-04-23 00:00:00
redhatcve
redhatcve
CVE-2019-9506
2020-01-07 15:44:45
f5
f5
K51813353 : Linux Kernel vulnerability CVE-2019-9506
2022-07-21 00:00:00
debiancve
debiancve
CVE-2019-9506
2019-08-14 17:15:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Kernel Elevation of Privilege (CVE-2019-1159)
2019-08-13 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.902 High

EPSS

Percentile

98.8%

JSON
Related for KLA11989
mskb16nessus17openvas11cve45prion45kaspersky3talosblog2threatpost1krebs1qualysblog1myhack581attackerkb1cisa1msrc3thn2huawei1mscve17symantec16zdi2githubexploit1cert1redhat3veracode1malwarebytes1ubuntucve1fortinet1redhatcve1f51debiancve1checkpoint_advisories1