Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4475510
HistoryJul 09, 2019 - 7:00 a.m.

Description of the security update for SharePoint Foundation 2010: July 9, 2019

2019-07-0907:00:00
Microsoft
support.microsoft.com
188

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.9%

JSON

Description of the security update for SharePoint Foundation 2010: July 9, 2019

Summary

This security update resolves an Authentication Bypass vulnerability that allows SAML tokens to be signed by using arbitrary symmetric keys in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF). To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1006.

Note To apply this security update, you must have the release version of Service Pack 2 for Microsoft SharePoint Foundation 2010 installed on the computer.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More information

Security update deployment information

For deployment information about this update, see security update deployment information: July 9, 2019.

Security update replacement information

This security update replaces previously released security update 4464573.

File hash information

File name SHA1 hash SHA256 hash
wssloc2010-kb4475510-fullfile-x64-glb.exe 6DEB5E7AD8EA3ACCE1FD47521FD97D7BE0F1DC46 913525E726995E358D04B2A00981AC2E3ADE54B04FBACDCF703D643F8CF1DC16

File informationDownload the list of files that are included in security update 4475510.

How to get help and support for this security update

Help for installing updates: Protect yourself online

Help for protecting your Windows-based computer from viruses and malware: Microsoft Security

Local support according to your country: International Support

Related

symantec 1
prion 1
osv 1
mscve 1
openvas 25
mskb 33
cve 1
nessus 13
kaspersky 4
talosblog 1
symantec
symantec
Microsoft Windows WCF/WIF SAML Token CVE-2019-1006 Authentication Bypass Vulnerability
2019-07-09 00:00:00
prion
prion
Authentication flaw
2019-07-15 19:15:00
osv
osv
CVE-2019-1006
2019-07-15 19:15:16
mscve
mscve
WCF/WIF SAML Token Authentication Bypass Vulnerability
2019-07-09 07:00:00
openvas
openvas
Microsoft SharePoint Foundation 2013 WCF/WIF SAML Authentication Bypass Vulnerability (KB4475527)
2019-07-10 00:00:00
Microsoft SharePoint Foundation WCF/WIF SAML Authentication Bypass Vulnerability (KB4475510)
2019-07-10 00:00:00
Microsoft SharePoint Enterprise Server 2013 Multiple Vulnerabilities (KB4475522)
2019-07-10 00:00:00
mskb
mskb
Description of the security update for SharePoint Foundation 2013: July 9, 2019
2019-07-09 07:00:00
Description of the security update for SharePoint Server 2019: July 9, 2019
2019-07-09 07:00:00
Description of the security update for SharePoint Enterprise Server 2016: July 9, 2019
2019-07-09 07:00:00
cve
cve
CVE-2019-1006
2019-07-15 19:15:00
nessus
nessus
Security Updates for Microsoft SharePoint Server (July 2019)
2019-07-09 00:00:00
Security Updates for Microsoft .NET Framework (July 2019)
2019-07-10 00:00:00
KB4507464: Windows Server 2012 July 2019 Security Update (SWAPGS)
2019-07-09 00:00:00
kaspersky
kaspersky
KLA11512 Multiple vulnerabilities in Microsoft Office
2019-07-09 00:00:00
KLA11513 Multiple vulnerabilities in Microsoft Developer Tools
2019-07-09 00:00:00
KLA11819 Multiple vulnerabilities in Microsoft Products (ESU)
2019-07-09 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — July 2019: Vulnerability disclosures and Snort coverage
2019-07-09 11:51:34

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

8.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.9%

JSON
Related for KB4475510
symantec1prion1osv1mscve1openvas25mskb33cve1nessus13kaspersky4talosblog1