DATABASE RESOURCES PRICING ABOUT US

{"id": "MS:CVE-2019-1425", "bulletinFamily": "microsoft", "title": "Visual Studio Elevation of Privilege Vulnerability", "description": "An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files. An attacker who successfully exploited this vulnerability could overwrite arbitrary files in the security context of the local system.\n\nTo exploit this vulnerability, an attacker would need to trick an elevated user into downloading a malicious package, either by getting them to open a malicious project or convincing them to add a malicious package to an existing project.\n\nThe vulnerabilities were introduced by NPM packages used by Visual Studio and subsequently addressed via the following two NPM advisories:\n\n[Arbitrary File Overwrite - tar](<https://www.npmjs.com/advisories/803>)\n\n[Arbitrary File Overwrite - fstream](<https://www.npmjs.com/advisories/886>)\n\nThe update addresses the vulnerability by updating the NPM packages, which corrects how Visual Studio validates hardlinks during extraction of file archives.\n", "published": "2019-11-12T08:00:00", "modified": "2019-11-12T08:00:00", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1425", "reporter": "Microsoft", "references": [], "cvelist": ["CVE-2019-1425"], "immutableFields": [], "type": "mscve", "lastseen": "2022-10-03T16:29:41", "edition": 1, "viewCount": 4, "enchantments": {"backreferences": {"references": [{"idList": ["CISA:574A6E25827684C587359C37EF1D5132"], "type": "cisa"}, {"idList": ["OPENVAS:1361412562311220191425"], "type": "openvas"}, {"idList": ["THREATPOST:2C2827FBF9D900F4194802CE8C471B4C"], "type": "threatpost"}, {"idList": ["SMB_NT_MS19_NOV_VISUAL_STUDIO.NASL"], "type": "nessus"}, {"idList": ["CVE-2019-1425"], "type": "cve"}, {"idList": ["TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E"], "type": "talosblog"}, {"idList": ["KLA11607"], "type": "kaspersky"}]}, "dependencies": {"references": [{"idList": ["SMNTC-110746"], "type": "symantec"}, {"idList": ["SMB_NT_MS19_NOV_VISUAL_STUDIO.NASL"], "type": "nessus"}, {"idList": ["CVE-2019-1425"], "type": "cve"}, {"idList": ["TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E"], "type": "talosblog"}, {"idList": ["KLA11607"], "type": "kaspersky"}], "rev": 4}, "exploitation": null, "score": {"value": 2.2, "vector": "NONE"}, "vulnersScore": 2.2}, "_state": {"dependencies": 1664814947, "score": 1664815070}, "_internal": {"score_hash": "6c4a65d5af3b4e36ff0252eaf6e9b11b"}, "kbList": [], "msrc": "", "mscve": "CVE-2019-1425", "msAffectedSoftware": [], "vendorCvss": {"baseScore": "", "temporalScore": "", "vectorString": ""}}

{"nessus": [{"lastseen": "2023-01-11T15:32:50", "description": "The Microsoft Visual Studio Products are missing a security update. It is, therefore, affected by the following vulnerability :\n\n - An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files. An attacker who successfully exploited this vulnerability could overwrite arbitrary files in the security context of the local system.\n (CVE-2019-1425)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-11-13T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Visual Studio Products (November 2019)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1425"], "modified": "2022-06-27T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "SMB_NT_MS19_NOV_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/130969", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130969);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/27\");\n\n script_cve_id(\"CVE-2019-1425\");\n\n script_name(english:\"Security Updates for Microsoft Visual Studio Products (November 2019)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Visual Studio Products are missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Visual Studio Products are missing a security\nupdate. It is, therefore, affected by the following\nvulnerability :\n\n - An elevation of privilege vulnerability exists when\n Visual Studio fails to properly validate hardlinks while\n extracting archived files. An attacker who successfully\n exploited this vulnerability could overwrite arbitrary\n files in the security context of the local system.\n (CVE-2019-1425)\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6bd0a136\");\n # https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes#15.9.12\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?58af435b\");\n # https://docs.microsoft.com/visualstudio/releases/2019/release-notes-v16.0\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8e2a619a\");\n # https://docs.microsoft.com/visualstudio/releases/2019/release-notes-v16.3\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7bc6bee7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n - Update 15.9.17 for Visual Studio 2017\n - Update 16.0.9 for Visual Studio 2019\n - Update 16.3.9 for Visual Studio 2019\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1425\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ms_bulletin_checks_possible.nasl\", \"microsoft_visual_studio_installed.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\", \"installed_sw/Microsoft Visual Studio\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('misc_func.inc');\ninclude('install_func.inc');\ninclude('global_settings.inc');\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\n\nget_kb_item_or_exit('installed_sw/Microsoft Visual Studio');\n\nport = kb_smb_transport();\nappname = 'Microsoft Visual Studio';\n\ninstalls = get_installs(app_name:appname, exit_if_not_found:TRUE);\n\nreport = '';\n\nforeach install (installs[1])\n{\n version = install['version'];\n path = install['path'];\n prod = install['product_version'];\n\n fix = '';\n\n # VS 2017 version 15.9\n if (prod == '2017' && version =~ '^15\\\\.[1-9]\\\\.')\n {\n fix = '15.9.28307.905';\n\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.0\n else if (prod == '2019' && version =~ '^16\\\\.0\\\\.')\n {\n fix = '16.0.28803.598';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2019 Version 16.3\n else if (prod == '2019' && version =~ '^16\\\\.3\\\\.')\n {\n fix = '16.3.29509.3';\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n}\n\nif (empty(report))\n audit(AUDIT_INST_VER_NOT_VULN, appname);\n\nsecurity_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "symantec": [{"lastseen": "2021-06-08T19:04:58", "bulletinFamily": "software", "cvelist": ["CVE-2019-1425"], "description": "### Description\n\nMicrosoft Visual Studio is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges.\n\n### Technologies Affected\n\n * Microsoft Visual Studio 2017 15.9 \n * Microsoft Visual Studio 2019 16.0 \n * Microsoft Visual Studio 2019 16.3 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity such as unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Do not follow links provided by unknown or untrusted sources.** \nWeb users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Filtering HTML from emails may help remove a possible vector for transmitting malicious links to users.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "edition": 2, "modified": "2019-11-12T00:00:00", "id": "SMNTC-110746", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110746", "published": "2019-11-12T00:00:00", "type": "symantec", "title": "Microsoft Visual Studio CVE-2019-1425 Remote Privilege Escalation Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2022-03-23T20:33:28", "description": "An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks while extracting archived files, aka 'Visual Studio Elevation of Privilege Vulnerability'.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2019-11-12T19:15:00", "type": "cve", "title": "CVE-2019-1425", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1425"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:visual_studio_2019:16.3", "cpe:/a:microsoft:visual_studio_2017:15.9", "cpe:/a:microsoft:visual_studio_2019:16.0"], "id": "CVE-2019-1425", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1425", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:visual_studio_2019:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2019:16.3:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2021-08-18T11:07:01", "description": "### *Detect date*:\n11/12/2019\n\n### *Severity*:\nHigh\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Visual Studio 2019 version 16.3 \nMicrosoft Visual Studio 2019 version 16.0 \nOpen Enclave SDK \nMicrosoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2019-1425](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1425>) \n[CVE-2019-1370](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1370>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Microsoft Visual Studio](<https://threats.kaspersky.com/en/product/Microsoft-Visual-Studio/>)\n\n### *CVE-IDS*:\n[CVE-2019-1425](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1425>)5.8High \n[CVE-2019-1370](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1370>)2.1Warning\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-12T00:00:00", "type": "kaspersky", "title": "KLA11607 Multiple vulnerabilities in Microsoft Developer Tools", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1370", "CVE-2019-1425"], "modified": "2020-06-03T00:00:00", "id": "KLA11607", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11607/", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}], "talosblog": [{"lastseen": "2019-11-17T18:28:30", "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \n \n \n \n \n \n \n \n \n \n \n_By Jon Munshaw._ \n \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The [latest Patch Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance>) discloses 75 vulnerabilities, 13 of which are considered \"critical,\" with the rest being deemed \"important.\" \n \nThis month\u2019s security update covers security issues in a variety of Microsoft services and software, including the Scripting Engine, the Windows Hyper-V hypervisor, and Win32. Cisco Talos discovered one of these vulnerabilities, [CVE-2019-1448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1448>) \u2014a [remote code execution vulnerability](<https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html>) in Microsoft Excel. For more on this bug, read our full Vulnerability Spotlight [here](<https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-excel-nov-2019-RCE.html>). We are also [disclosing a remote code execution vulnerability](<https://blog.talosintelligence.com/2019/11/vuln-spotlight-microsoft-media-foundation-nov-2019-RCE.html>) in Microsoft Media Foundation. \n \nTalos also released a new set of SNORT\u24c7 rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post [here](<https://blog.snort.org/2019/11/snort-rule-update-for-nov-12-2019.html>). \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 13 critical vulnerabilities this month, nine of which we will highlight below. \n \n[CVE-2019-0721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0721>), [CVE-2019-1389](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1398>), [CVE-2019-1397](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1397>) and [CVE-2019-1398](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1398>) are all vulnerabilities in Windows Hyper-V that could allow an attacker to remotely execute code on the victim machine. These bugs arise when Hyper-V on a host server improperly validates input from an authenticated user on a guest operating system. An attacker can exploit these vulnerabilities by running a specially crafted application on a guest OS. This could allow a malicious user to escape the hypervisor or a sandbox. \n \n[CVE-2019-1390](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1390>) is a remote code execution vulnerability in VBScript. This vulnerability could allow an attacker to corrupt memory in a way that would enable them to execute remote code in the context of the current user. A user could trigger this vulnerability by visiting an attacker-created website while using the Internet Explorer browser, or by opening an Office document or application that contains an ActiveX control marked \"safe for initialization.\" \n \n[CVE-2019-1426](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1426>),[ CVE-2019-1427](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1427>), [CVE-2019-1428](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1428>) and [CVE-2019-1429](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429>) are memory corruption vulnerabilities in the Microsoft Scripting Engine that could lead to remote code execution. The bugs exist in the way the Microsoft Edge web browser handles objects in memory. A user could trigger these vulnerabilities by visiting an attacker-controlled website in Edge. \n \nThe four other critical vulnerabilities are: \n\n\n * [CVE-2019-1373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373>)\n * [CVE-2019-1419](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1419>)\n * [CVE-2019-1430](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1430>)\n * [CVE-2019-1441](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1441>)\n\n### Important vulnerabilities\n\nThis release also contains 62 important vulnerabilities, one of which we will highlight below. \n \n[CVE-2019-1020](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1020>) is a security feature bypass vulnerability in the Windows secure boot process. An attacker could run a specially crafted application to bypass secure boot and load malicious software. This security update fixes the issue by blocking vulnerable third-party bootloaders. An update also needs to be applied to Windows Defender. \n \nThe other important vulnerabilities are: \n\n\n * [CVE-2018-12207](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-12207>)\n * [CVE-2019-0712](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0712>)\n * [CVE-2019-11135](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-11135>)\n * [CVE-2019-1234](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234>)\n * [CVE-2019-1309](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1309>)\n * [CVE-2019-1310](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1310>)\n * [CVE-2019-1324](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1324>)\n * [CVE-2019-1370](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1370>)\n * [CVE-2019-1374](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1374>)\n * [CVE-2019-1379](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1379>)\n * [CVE-2019-1380](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1380>)\n * [CVE-2019-1381](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1381>)\n * [CVE-2019-1382](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1382>)\n * [CVE-2019-1383](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1383>)\n * [CVE-2019-1384](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1384>)\n * [CVE-2019-1385](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1385>)\n * [CVE-2019-1388](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388>)\n * [CVE-2019-1391](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1391>)\n * [CVE-2019-1392](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1392>)\n * [CVE-2019-1393](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1393>)\n * [CVE-2019-1394](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1394>)\n * [CVE-2019-1395](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1395>)\n * [CVE-2019-1396](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1396>)\n * [CVE-2019-1399](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1399>)\n * [CVE-2019-1402](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1402>)\n * [CVE-2019-1405](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1405>)\n * [CVE-2019-1406](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1406>)\n * [CVE-2019-1407](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1407>)\n * [CVE-2019-1408](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1408>)\n * [CVE-2019-1409](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1409>)\n * [CVE-2019-1411](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1411>)\n * [CVE-2019-1412](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1412>)\n * [CVE-2019-1413](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1413>)\n * [CVE-2019-1415](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1415>)\n * [CVE-2019-1416](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1416>)\n * [CVE-2019-1417](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1417>)\n * [CVE-2019-1418](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1418>)\n * [CVE-2019-1420](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1420>)\n * [CVE-2019-1422](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1422>)\n * [CVE-2019-1423](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1423>)\n * [CVE-2019-1424](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1424>)\n * [CVE-2019-1425](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1425>)\n * [CVE-2019-1432](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1432>)\n * [CVE-2019-1433](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1433>)\n * [CVE-2019-1434](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1434>)\n * [CVE-2019-1435](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1435>)\n * [CVE-2019-1436](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1436>)\n * [CVE-2019-1437](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1437>)\n * [CVE-2019-1438](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1438>)\n * [CVE-2019-1439](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1439>)\n * [CVE-2019-1440](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1440>)\n * [CVE-2019-1442](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1442>)\n * [CVE-2019-1443](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1443>)\n * [CVE-2019-1445](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1445>)\n * [CVE-2019-1446](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1446>)\n * [CVE-2019-1447](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1447>)\n * [CVE-2019-1448](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1448>)\n * [CVE-2019-1449](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1449>)\n * [CVE-2019-1456](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1456>)\n * [CVE-2019-0721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0721>)\n * [CVE-2019-1373](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373>)\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing a new SNORT\u24c7 rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nThese rules are: 46548, 46549, 52205 - 52209, 52212, 52213, 52216, 52217 - 52225, 52228 - 52234, 52239, 52240\n\n", "cvss3": {}, "published": "2019-11-12T11:58:09", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 Nov. 2019: Vulnerability disclosures and Snort coverage", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2018-12207", "CVE-2019-0712", "CVE-2019-0721", "CVE-2019-1020", "CVE-2019-11135", "CVE-2019-1234", "CVE-2019-1309", "CVE-2019-1310", "CVE-2019-1324", "CVE-2019-1370", "CVE-2019-1373", "CVE-2019-1374", "CVE-2019-1379", "CVE-2019-1380", "CVE-2019-1381", "CVE-2019-1382", "CVE-2019-1383", "CVE-2019-1384", "CVE-2019-1385", "CVE-2019-1388", "CVE-2019-1389", "CVE-2019-1390", "CVE-2019-1391", "CVE-2019-1392", "CVE-2019-1393", "CVE-2019-1394", "CVE-2019-1395", "CVE-2019-1396", "CVE-2019-1397", "CVE-2019-1398", "CVE-2019-1399", "CVE-2019-1402", "CVE-2019-1405", "CVE-2019-1406", "CVE-2019-1407", "CVE-2019-1408", "CVE-2019-1409", "CVE-2019-1411", "CVE-2019-1412", "CVE-2019-1413", "CVE-2019-1415", "CVE-2019-1416", "CVE-2019-1417", "CVE-2019-1418", "CVE-2019-1419", "CVE-2019-1420", "CVE-2019-1422", "CVE-2019-1423", "CVE-2019-1424", "CVE-2019-1425", "CVE-2019-1426", "CVE-2019-1427", "CVE-2019-1428", "CVE-2019-1429", "CVE-2019-1430", "CVE-2019-1432", "CVE-2019-1433", "CVE-2019-1434", "CVE-2019-1435", "CVE-2019-1436", "CVE-2019-1437", "CVE-2019-1438", "CVE-2019-1439", "CVE-2019-1440", "CVE-2019-1441", "CVE-2019-1442", "CVE-2019-1443", "CVE-2019-1445", "CVE-2019-1446", "CVE-2019-1447", "CVE-2019-1448", "CVE-2019-1449", "CVE-2019-1456"], "modified": "2019-11-12T11:58:09", "id": "TALOSBLOG:D617C7EFD22C4CD2ECFE1B030BD80B0E", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/RA0KAo5GE1Y/microsoft-patch-tuesday-nov-2019.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}