Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB4475522
HistoryJul 09, 2019 - 7:00 a.m.

Description of the security update for SharePoint Enterprise Server 2013: July 9, 2019

2019-07-0907:00:00
Microsoft
support.microsoft.com
67

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.9%

JSON

Description of the security update for SharePoint Enterprise Server 2013: July 9, 2019

Summary

This security update resolves an Authentication Bypass vulnerability that allows SAML tokens to be signed by using arbitrary symmetric keys in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF). To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1006 and Microsoft Common Vulnerabilities and Exposures CVE-2019-1134.

Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft SharePoint Server 2013 installed on the computer.

Improvements and fixes

This security update contains the following improvement:

  • Improves translations for all language versions of SharePoint Enterprise Server 2013.

How to get and install the update

Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Method 3: Microsoft Download Center

You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information

Security update deployment information

For deployment information about this update, see security update deployment information: July 9, 2019.

Security update replacement information

This security update replaces previously released security update 4464597.

File hash information

File name SHA1 hash SHA256 hash
coreserverloc2013-kb4475522-fullfile-x64-glb.exe 5E2A6A1925866CC6F96569286089CBFE4885E0B8 5AABCE00033853DD9F8B53114FF7541126F965659794B9427227B7473A056A93

File informationDownload the list of files that are included in security update 4475522.

How to get help and support for this security update

Help for installing updates: Protect yourself online

Help for protecting your Windows-based computer from viruses and malware: Microsoft Security

Local support according to your country: International Support

Related

openvas 25
mskb 33
nessus 13
cve 2
mscve 2
prion 2
symantec 2
osv 1
kaspersky 4
talosblog 1
openvas
openvas
Microsoft SharePoint Enterprise Server 2013 Multiple Vulnerabilities(KB4475522)
2019-07-10 00:00:00
Microsoft SharePoint Enterprise Server 2016 Multiple Vulnerabilities (KB4475520)
2019-07-10 00:00:00
Microsoft SharePoint Foundation WCF/WIF SAML Authentication Bypass Vulnerability (KB4475510)
2019-07-10 00:00:00
mskb
mskb
Description of the security update for SharePoint Server 2019: July 9, 2019
2019-07-09 07:00:00
Description of the security update for SharePoint Enterprise Server 2016: July 9, 2019
2019-07-09 07:00:00
Description of the security update for SharePoint Foundation 2010: July 9, 2019
2019-07-09 07:00:00
nessus
nessus
Security Updates for Microsoft SharePoint Server (July 2019)
2019-07-09 00:00:00
Security Updates for Microsoft .NET Framework (July 2019)
2019-07-10 00:00:00
KB4507464: Windows Server 2012 July 2019 Security Update (SWAPGS)
2019-07-09 00:00:00
cve
cve
CVE-2019-1134
2019-07-15 19:15:00
CVE-2019-1006
2019-07-15 19:15:00
mscve
mscve
Microsoft Office SharePoint XSS Vulnerability
2019-07-09 07:00:00
WCF/WIF SAML Token Authentication Bypass Vulnerability
2019-07-09 07:00:00
prion
prion
Cross site scripting
2019-07-15 19:15:00
Authentication flaw
2019-07-15 19:15:00
symantec
symantec
Microsoft Office SharePoint CVE-2019-1134 Cross Site Scripting Vulnerability
2019-07-09 00:00:00
Microsoft Windows WCF/WIF SAML Token CVE-2019-1006 Authentication Bypass Vulnerability
2019-07-09 00:00:00
osv
osv
CVE-2019-1006
2019-07-15 19:15:16
kaspersky
kaspersky
KLA11512 Multiple vulnerabilities in Microsoft Office
2019-07-09 00:00:00
KLA11513 Multiple vulnerabilities in Microsoft Developer Tools
2019-07-09 00:00:00
KLA11819 Multiple vulnerabilities in Microsoft Products (ESU)
2019-07-09 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday — July 2019: Vulnerability disclosures and Snort coverage
2019-07-09 11:51:34

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.9%

JSON
Related for KB4475522
openvas25mskb33nessus13cve2mscve2prion2symantec2osv1kaspersky4talosblog1