ID SUSE-SA:2001:09 Type suse Reporter Suse Modified 2001-03-27T17:03:00
Description
A bug in joe(1), a userfriendly text editor, was found by Christer Ãberg of Wkit Security AB a few weeks ago. After starting joe(1) it tries to open its configuration file joerc in the current directory, the users home directory and some other locations. joe(1) doesn't check the ownership of joerc when trying the current directory. An attacker could place a malicious joerc file in a public writeable directory, like /tmp, to execute commands with the privilege of any user (including root), which runs joe while being in this directory.
{"bulletinFamily": "unix", "hash": "0c0e431ff0a301119c0ea025bcbbbbc5335600a5affa3bdc54ddbb46cdebc198", "id": "SUSE-SA:2001:09", "lastseen": "2016-09-04T11:28:41", "description": "A bug in joe(1), a userfriendly text editor, was found by Christer \u00c3\u0096berg of Wkit Security AB a few weeks ago. After starting joe(1) it tries to open its configuration file joerc in the current directory, the users home directory and some other locations. joe(1) doesn't check the ownership of joerc when trying the current directory. An attacker could place a malicious joerc file in a public writeable directory, like /tmp, to execute commands with the privilege of any user (including root), which runs joe while being in this directory.", "objectVersion": "1.2", "cvelist": [], "viewCount": 0, "published": "2001-03-27T17:03:00", "href": "http://lists.opensuse.org/opensuse-security-announce/2001-03/msg00014.html", "references": [], "reporter": "Suse", "edition": 1, "cvss": {"score": 0.0, "vector": "NONE"}, "title": "local privilege escalation in joe", "history": [], "modified": "2001-03-27T17:03:00", "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2016-09-04T11:28:41"}, "dependencies": {"references": [{"type": "zeustracker", "idList": ["ZEUSTRACKER:IP", "ZEUSTRACKER:DOMAIN"]}, {"type": "impervablog", "idList": ["IMPERVABLOG:26E41CDD63099CCD1573FB00E53345FC"]}, {"type": "cisco", "idList": ["CISCO-SA-20190612-IOSXE-CSRF"]}, {"type": "krebs", "idList": ["KREBS:72AD883B9D56B1738723ABBD656A0AED"]}, {"type": "threatpost", "idList": ["THREATPOST:3C0E73E1C38071923188099A40931C49", "THREATPOST:997BDAF6F56D4542DDD5DDA9729D190F", "THREATPOST:44B28AC1712980363351C878C13C345F", "THREATPOST:514A3915350F2F277757565747E33169"]}, {"type": "thn", "idList": ["THN:FA33D1D58ACF61EAD53F95444E8799A1", "THN:C9C46E3C63DA812F6C22E297AB5F14C3"]}, {"type": "huawei", "idList": ["HUAWEI-SA-20190612-01-DLLHIJACKING"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1547-1"]}, {"type": "redhat", "idList": ["RHSA-2019:1456", "RHSA-2019:1455", "RHSA-2019:1436"]}, {"type": "cve", "idList": ["CVE-2018-11800", "CVE-2018-11801"]}, {"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-69474"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0CB6B288E6AAF7D05FA3A2134FAFE3BD"]}], "modified": "2016-09-04T11:28:41"}, "vulnersScore": 5.0}, "type": "suse", "affectedPackage": [{"arch": "i386", "packageFilename": "joe-2.8-302.i386.rpm", "OSVersion": "6.2", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-302", "OS": "openSUSE"}, {"arch": "sparc", "packageFilename": "joe-2.8-292.sparc.rpm", "OSVersion": "7.0", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-292", "OS": "openSUSE"}, {"arch": "i386", "packageFilename": "joe-2.8-300.i386.rpm", "OSVersion": "7.1", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-300", "OS": "openSUSE"}, {"arch": "i386", "packageFilename": "joe-2.8-305.i386.rpm", "OSVersion": "6.1", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-305", "OS": "openSUSE"}, {"arch": "alpha", "packageFilename": "joe-2.8-296.alpha.rpm", "OSVersion": "7.0", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-296", "OS": "openSUSE"}, {"arch": "ppc", "packageFilename": "joe-2.8-273.ppc.rpm", "OSVersion": "6.4", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-273", "OS": "openSUSE"}, {"arch": "alpha", "packageFilename": "joe-2.8-295.alpha.rpm", "OSVersion": "6.1", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-295", "OS": "openSUSE"}, {"arch": "i386", "packageFilename": "joe-2.8-303.i386.rpm", "OSVersion": "6.4", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-303", "OS": "openSUSE"}, {"arch": "i386", "packageFilename": "joe-2.8-302.i386.rpm", "OSVersion": "6.3", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-302", "OS": "openSUSE"}, {"arch": "alpha", "packageFilename": "joe-2.8-293.alpha.rpm", "OSVersion": "6.3", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-293", "OS": "openSUSE"}, {"arch": "sparc", "packageFilename": "joe-2.8-290.sparc.rpm", "OSVersion": "7.1", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-290", "OS": "openSUSE"}, {"arch": "i386", "packageFilename": "joe-2.8-304.i386.rpm", "OSVersion": "7.0", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-304", "OS": "openSUSE"}, {"arch": "ppc", "packageFilename": "joe-2.8-274.ppc.rpm", "OSVersion": "7.0", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-274", "OS": "openSUSE"}, {"arch": "alpha", "packageFilename": "joe-2.8-293.alpha.rpm", "OSVersion": "6.4", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-293", "OS": "openSUSE"}, {"arch": "ppc", "packageFilename": "joe-2.8-272.ppc.rpm", "OSVersion": "7.1", "operator": "lt", "packageName": "joe", "packageVersion": "2.8-272", "OS": "openSUSE"}]}
{"redhat": [{"lastseen": "2019-12-05T16:27:10", "bulletinFamily": "unix", "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP55.\n\nSecurity Fix(es):\n\n* OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978)\n\n* OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989)\n\n* OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945)\n\n* OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962)\n\n* OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964)\n\n* OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973)\n\n* OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981)\n\n* OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983)\n\n* OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988)\n\n* OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992)\n\n* OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-12-05T20:16:08", "published": "2019-12-05T20:03:45", "id": "RHSA-2019:4110", "href": "https://access.redhat.com/errata/RHSA-2019:4110", "type": "redhat", "title": "(RHSA-2019:4110) Moderate: java-1.7.1-ibm security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-05T16:26:31", "bulletinFamily": "unix", "description": "IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit.\n\nThis update upgrades IBM Java SE 7 to version 7R1 SR4-FP55.\n\nSecurity Fix(es):\n\n* OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892) (CVE-2019-2978)\n\n* OpenJDK: Incorrect handling of HTTP proxy responses in HttpURLConnection (Networking, 8225298) (CVE-2019-2989)\n\n* OpenJDK: Missing restrictions on use of custom SocketImpl (Networking, 8218573) (CVE-2019-2945)\n\n* OpenJDK: NULL pointer dereference in DrawGlyphList (2D, 8222690) (CVE-2019-2962)\n\n* OpenJDK: Unexpected exception thrown by Pattern processing crafted regular expression (Concurrency, 8222684) (CVE-2019-2964)\n\n* OpenJDK: Unexpected exception thrown by XPathParser processing crafted XPath expression (JAXP, 8223505) (CVE-2019-2973)\n\n* OpenJDK: Unexpected exception thrown by XPath processing crafted XPath expression (JAXP, 8224532) (CVE-2019-2981)\n\n* OpenJDK: Unexpected exception thrown during Font object deserialization (Serialization, 8224915) (CVE-2019-2983)\n\n* OpenJDK: Integer overflow in bounds check in SunGraphics2D (2D, 8225292) (CVE-2019-2988)\n\n* OpenJDK: Excessive memory allocation in CMap when reading TrueType font (2D, 8225597) (CVE-2019-2992)\n\n* OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765) (CVE-2019-2999)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-12-05T20:15:12", "published": "2019-12-05T20:01:31", "id": "RHSA-2019:4109", "href": "https://access.redhat.com/errata/RHSA-2019:4109", "type": "redhat", "title": "(RHSA-2019:4109) Moderate: java-1.7.1-ibm security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-03T22:28:35", "bulletinFamily": "unix", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the runc RPM package for Red Hat OpenShift Container Platform 4.2.9. The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides a container runtime.\n\nSecurity Fix(es):\n\n* runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2019-12-04T02:00:24", "published": "2019-12-04T01:55:01", "id": "RHSA-2019:4074", "href": "https://access.redhat.com/errata/RHSA-2019:4074", "type": "redhat", "title": "(RHSA-2019:4074) Moderate: OpenShift Container Platform 4.2 runc security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "malwarebytes": [{"lastseen": "2019-12-05T16:33:27", "bulletinFamily": "blog", "description": "The [latest data breach at Capital One](<https://techcrunch.com/2019/07/29/capital-one-hacked-over-100-million-customers-affected/>) is a noteworthy incident not because it affected over 100 million customer records, 140,000 Social Security numbers (SSNs), and 80,000 linked bank accounts. Nor was it special because the hack was the result of a vulnerable firewall misconfiguration. \n\nMany still talk about this breach because a leak of this magnitude, which we've historically seen conducted by nation-state actors, was made possible by a single skilled insider: Paige A. Thompson. Thompson set a benchmark for single insider threat attacks against the banking industry\u2014and we can expect that benchmark to be cleared. \n\nOn a more chilling note, criminal enterprises [already have a market](<https://www.cnbc.com/2018/09/20/amazon-not-only-company-facing-insider-threats-china-russia.html>) opened for corporate employees willing to trade proprietary secrets for cash as a form of \u201cside job.\u201d A number of these underground organizations, unsurprisingly, hail from countries outside the United States, such as Russia and China. Unfortunately for US organizations, these criminal enterprises pay really well.\n\nRecently, Cybersecurity Insiders\u2014in partnership with Gurucul, a behavior, identity, fraud, and cloud security analytics company\u2014released results of [its research on insider threats](<https://gurucul.com/2020-insider-threat-survey-report>), revealing the latest trends, organizational challenges, and methodologies on how IT professionals prepare for and deal with this danger. Here are some of their key findings:\n\n * More than half of organizations surveyed (58 percent) said that they are not effective at monitoring, detecting, and responding to insider threats.\n * 63 percent of organizations think that privileged IT users pose the biggest security risk. This is followed by regular employees (51 percent), contractors/service providers/temporary workers (50 percent), and other privileged users, such as executives (50 percent).\n * 68 percent of organizations feel that they are moderately to extremely vulnerable to insider threats.\n * 52 percent of organizations confirm that it is more difficult for them to detect and prevent insider threats than detecting and preventing external cyberattacks.\n * 68 percent of organizations have observed that insider threats have become more frequent in the past 12 months.\n\nThe report also states reasons why organizations are increasingly having difficulty detecting and preventing insider threats, which include the increased use of applications and/or tools that leak data, an increased amount of data that leaves the business environment/perimeter, and the misuse of credential or access privileges.\n\nThe possible reasons for difficulty in detecting and preventing insider threats (Courtesy of Cybersecurity Insiders)\n\nThe [CERT Insider Threat Center](<https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=91513>), part of the CERT Division at Carnegie Mellon\u2019s Software Engineering Institute (SEI) that specializes in insider threats, has recently put forth a blog series that ran from October 2018 to August 2019 on the patterns and trends of insider threats. These posts contained breakdowns and analyses of what insider threats look like across certain industry sectors, statistics, and motivations behind insider incidents\u2014and they\u2019re quite different.\n\nBelow are a few high-level takeaways from these posts:\n\n * The CERT Insider Threat Center has identified the top three crimes insiders commit across industries: fraud, intellectual property theft, and IT systems sabotage.\n * Fraud is the most common insider threat incident recorded in the [federal government](<https://insights.sei.cmu.edu/insider-threat/2018/11/insider-threats-in-the-federal-government-part-3-of-9-insider-threats-across-industry-sectors.html>) (60.8 percent), [finance and insurance](<https://insights.sei.cmu.edu/insider-threat/2018/12/insider-threats-in-finance-and-insurance-part-4-of-9-insider-threats-across-industry-sectors.html>) (87.8 percent), [state and local governments](<https://insights.sei.cmu.edu/insider-threat/2019/01/insider-threats-in-state-and-local-government-part-5-of-9-insider-threats-across-industry-sectors.html>) (77 percent), [healthcare](<https://insights.sei.cmu.edu/insider-threat/2019/02/insider-threats-in-healthcare-part-7-of-9-insider-threats-across-industry-sectors.html>) (76 percent), and the [entertainment](<https://insights.sei.cmu.edu/insider-threat/2019/03/insider-threats-in-entertainment-part-8-of-9-insider-threats-across-industry-sectors.html>) (61.5 percent) industries.\n * All sectors consistently experienced an insider incident perpetrated by [trusted business partners](<https://insights.sei.cmu.edu/insider-threat/2019/08/patterns-and-trends-in-insider-threats-across-industry-sectors-part-9-of-9-insider-threats-across-in.html>). Typically, it ranges between 15 to 25 percent across all insider incident types and sectors. This should be an eye-opening statistic, especially for SMBs, as [research suggests](<https://www.prnewswire.com/news-releases/new-paychex-data-shows-independent-contractor-growth-outpaces-employee-hiring-in-small-businesses-300775712.html>) that they partner more with other businesses over hiring employees.\n\nScope of the insider threat problem (Courtesy of the Carnegie Mellon University Software Engineering Institute)\n\n### Insider threats on the spotlight\u2014_finally!_\n\nThe National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task Force (NITTF), together with the Federal Bureau of Investigation, the Office of the Under Secretary of Defense (Intelligence), the Department of Homeland Security, and the Defense Counterintelligence and Security Agency [declared](<https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-nittf>) September as **National Insider Threat Awareness Month**, and it launched this year.\n\nThe goal of the annual campaign is to educate employees about insider threats and to maximize the reporting of abnormal employee behavior before things escalate to an insider incident.\n\n\"All organizations are vulnerable to insider threats from employees who may use their authorized access to facilities, personnel or information to harm their organizations\u2014intentionally or unintentionally,\" says NCSC Director William Evanina in a [press release](<https://www.dni.gov/files/NCSC/documents/nittf/Updated_250pm_20190903Press-Release-National-Insider-Threat-Awar-Month.pdf>) [PDF], \"The harm can range from negligence, such as failing to secure data or clicking on a spear-phishing link, to malicious activities like theft, sabotage, espionage, unauthorized disclosure of classified information or even violence.\"\n\nWe have tackled [insider threats](<https://blog.malwarebytes.com/security-world/2017/09/insider-threats-in-your-work-inbox/>) at length on several occasions on the Malwarebytes Labs blog. Now is always the right time for organizations to give this cybersecurity threat some serious thought and plan on how they can combat it. After all, if businesses are only concerned about attacks from the outside, at some point they'll be hit with attacks from the inside. The good news is organizations won\u2019t have to wait for next September to start dealing with this problem today.\n\nThe CERT Insider Threat Center offers a list of [common-sense recommendations for mitigating insider threats](<https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=540644>) that every cybersecurity, managerial, legal, and human resource personnel should have on hand. The Center also showcases [a trove of publications](<https://insights.sei.cmu.edu/insider-threat/2019/09/september-is-national-insider-threat-awareness-month.html>) if organizations would like to go deeper.\n\nWe\u2019d also like to add [our own blog on the various types of insiders](<https://blog.malwarebytes.com/101/2018/08/the-enemy-is-us-a-look-at-insider-threats/>) your organization may encounter and certain steps you can take to nipping insider risks in the bud. We also paid closer attention to [workplace violence](<https://blog.malwarebytes.com/101/2018/10/workplace-violence-the-forgotten-insider-threat/>), a type of insider threat that is often forgotten.\n\nStay safe! And remember: When you see something, say something.\n\nThe post [Report: Organizations remain vulnerable to increasing insider threats](<https://blog.malwarebytes.com/awareness/2019/12/report-organizations-remain-vulnerable-to-increasing-insider-threats/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "modified": "2019-12-05T16:00:00", "published": "2019-12-05T16:00:00", "id": "MALWAREBYTES:2E440DFF883D411AF2B3D9E41608438D", "href": "https://blog.malwarebytes.com/awareness/2019/12/report-organizations-remain-vulnerable-to-increasing-insider-threats/", "type": "malwarebytes", "title": "Report: Organizations remain vulnerable to increasing insider threats", "cvss": {"score": 0.0, "vector": "NONE"}}], "talosblog": [{"lastseen": "2019-12-05T14:27:09", "bulletinFamily": "blog", "description": "[](<https://1.bp.blogspot.com/-4KmzPgCzEnI/XUgv9m3AF_I/AAAAAAAAAC4/C28-47fWukERV4yT0uQnA2_xuy2aB8ZkgCPcBGAYYCw/s1600/recurring%2Bblog%2Bimages_vuln%2Bspotlight.jpg>)\n\n \n_[Piotr Bania](<https://twitter.com/piotrbania>) of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw._ \n \nCisco Talos recently discovered a denial-of-service vulnerability in a specific dll inside of the AMD ATI Radeon line of video cards. This vulnerability can be triggered by supplying a malformed pixel \n\n\n[](<https://1.bp.blogspot.com/-JXkSIehaKi4/XUgwEX6wLjI/AAAAAAAAAC8/8mea4rZfy7AGT_PIchejkERmCFmfdbxTACPcBGAYYCw/s1600/patch_availability_available.jpg>)\n\nshader inside a VMware guest operating system. Such an attack can be triggered from VMware guest usermode to cause an out-of-bounds memory read on vmware-vmx.exe process on host, or theoretically through WEBGL. \n \nIn accordance with our coordinated disclosure policy, Cisco Talos worked with AMD to ensure that these issues are resolved and that [an update](<https://www.amd.com/en/corporate/product-security>) is available for affected customers. \n \n\n\n### Vulnerability details\n\n**AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability (TALOS-2019-0890/CVE-2019-5098)** \n \nAn exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from a VMware guest, affecting VMware host. \n \nRead the complete vulnerability advisory [here](<https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0890>) for additional information. \n \n\n\n### Versions tested\n\nTalos tested and confirmed that AMD ATIDXX64.DLL, version 26.20.13001.29010 running on the Radeon RX 550 / 550 Series inside of VMware Workstation 15 (15.1.0 build-13591040) with Windows 10 x64 as the guest VM. \n \n\n\n### Coverage\n\nThe following SNORT\u24c7 rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org. \n \n**Snort Rules:** 51461, 51462 \n\n\n \n\n\n", "modified": "2019-12-05T06:20:08", "published": "2019-12-05T06:20:08", "id": "TALOSBLOG:CF62A9F3C173F41F5FE2BC785B96CED6", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/Sb7d1VogPF0/vuln-spotlight-amd-radeon-550-DoS-VM-dec-2019.html", "type": "talosblog", "title": "Vulnerability Spotlight: AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}}], "f5": [{"lastseen": "2019-12-06T03:27:16", "bulletinFamily": "software", "description": "\nF5 Product Development has assigned ID 856961 (BIG-IP) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases, point releases, or hotfixes that address the vulnerability, refer to the following table. For more information about security advisory versioning, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) | 15.x | 15.0.0 - 15.0.1 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux Kernel (BaseOS) \n\n \n \n14.x | 14.1.0 - 14.1.2 | None \n13.x | 13.1.0 - 13.1.3 | None \n12.x | 12.1.0 - 12.1.5 | None \n11.x | 11.5.2 - 11.6.5 | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux Kernel (BaseOS) \nBIG-IQ Centralized Management | 7.x | 7.0.0 | None | Medium | [6.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H>) | Linux Kernel (BaseOS) \n6.x | 6.0.0 - 6.1.0 | None \n5.x | 5.2.0 - 5.4.0 | None \nTraffix SDC | 5.x | None | Not applicable | Not vulnerable | None | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you can secure access to the BIG-IP system so that only trusted users have access to the system and avoid installing kernel modules whose authenticity are unknown on the BIG-IP system. For more information on securing access to the BIG-IP system, refer to [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 15.x)](<https://support.f5.com/csp/article/K13123>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix and point release matrix](<https://support.f5.com/csp/article/K15113>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "modified": "2019-12-05T02:55:00", "published": "2019-12-05T02:55:00", "id": "F5:K17269881", "href": "https://support.f5.com/csp/article/K17269881", "title": "Intel MCE vulnerability CVE-2018-12207", "type": "f5", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "qualysblog": [{"lastseen": "2019-12-05T22:26:49", "bulletinFamily": "blog", "description": "Multiple authentication vulnerabilities in OpenBSD have been disclosed by [Qualys Research Labs](<https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt>). The vulnerabilities are assigned following CVEs: CVE-2019-19522, CVE-2019-19521, CVE-2019-19520, CVE-2019-19519. OpenBSD developers have confirmed the vulnerabilities and also provided a quick response with patches published in less than 40 hours.\n\n### Vulnerability Details\n\n * [CVE-2019-19521](<https://nvd.nist.gov/vuln/detail/CVE-2019-19521>) - An authentication-bypass vulnerability in OpenBSD's authentication system: this vulnerability is remotely exploitable in smtpd, ldapd, and radiusd, but its real-world impact should be studied on a case-by-case basis. For example, sshd is not exploitable thanks to its defense-in-depth mechanisms.\n * [CVE-2019-19520](<https://nvd.nist.gov/vuln/detail/CVE-2019-19520>) - Local privilege escalation via \"xlock\" - On OpenBSD, /usr/X11R6/bin/xlock is installed by default and is set-group-ID \"auth\", not set-user-ID; the following check is therefore incomplete and should use issetugid() instead.\n * [CVE-2019-19522](<https://nvd.nist.gov/vuln/detail/CVE-2019-19522>): Local privilege escalation via \"S/Key\" and \"YubiKey\" - If the S/Key or YubiKey authentication type is enabled (they are both installed by default but disabled), then a local attacker can exploit the privileges of the group \"auth\" to obtain the full privileges of the user \"root\".\n * [CVE-2019-19519](<https://nvd.nist.gov/vuln/detail/CVE-2019-19519>): Local privilege escalation via \"su\" - A local attacker can exploit su's -L option to log in as themselves but with another user's login class.\n\nFor technical details on this vulnerability, please see our [security advisory](<https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt>).\n\n### Detecting the Vulnerability\n\nQualys has issued QID 38774 for [Qualys Vulnerability Management](<https://www.qualys.com/apps/vulnerability-management/>) that covers authentication vulnerabilities in OpenBSD. This QID is included in signature version VULNSIGS-2.4.762-6.\n\nQID 38774 \u2013 This detection includes both remote and authenticated checks:\n\n * **Remote** \u2013 This detection sends a specifically crafted payload over LDAP and SMTP services to authenticate using \"-schallenge\" remotely.\n * **Authenticated** (OpenBSD) \u2013 This executes \"syspatch -l\" command to check for the presence of patch applied on the system.\n\nYou can search for this new QID in AssetView or within the VM Dashboard by using the following QQL query:\n\n_vulnerabilities.vulnerability.qid:38774_ \n_vulnerabilities.vulnerability.(cveId:`CVE-2019-19519` OR cveId:`CVE-2019-19520` OR cveId:`CVE-2019-19521` OR cveId:`CVE-2019-19522`)_\n\n\n\n \n\n### Finding Vulnerable Hosts\n\nThe fastest way to locate vulnerable hosts is though the [Qualys Threat Protection](<https://www.qualys.com/apps/threat-protection/>) Live Feed as seen here:\n\n\n\n \n\n### Remediation\n\nTo remediate this vulnerability, apply the latest patches for [OpenBSD 6.5](<https://www.openbsd.org/errata65.html>) and [OpenBSD 6.6](<https://www.openbsd.org/errata66.html>).\n\nQualys customers can scan their network with QID 38774 to detect vulnerable assets.", "modified": "2019-12-05T02:34:59", "published": "2019-12-05T02:34:59", "id": "QUALYSBLOG:CF3FA484998E25456B9798EB1842F9A8", "href": "https://blog.qualys.com/laws-of-vulnerabilities/2019/12/04/openbsd-multiple-authentication-vulnerabilities", "type": "qualysblog", "title": "OpenBSD Multiple Authentication Vulnerabilities", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-05T00:01:09", "bulletinFamily": "blog", "description": "This release of the Qualys Cloud Platform version 2.42 includes updates and new features for Web Application Scanning, highlights as follows.\n\n### Web Application Scanning\n\n * **Additional XSS Payloads \u2013** A new option is available to have additional XSS payloads used in a standard vulnerability scan. Previously, these payloads were included only in an XSS Power Mode scan.\n * **Grouping of Information Gathered QIDs \u2013** Information Gathered QIDs (\"IGs\") are now grouped appropriately into either a \"Scan Diagnostic\" or \"Security Weakness\" category.\n * **Verbose option in Search Web Apps API \u2013** A verbose flag can now be included in the Search Web Apps API call. Tags associated with the web app(s) will be returned when this option is enabled.\n * **Scan Again \u2013** The \"Scan Again\" option is now available via the API, not just the UI.\n * **Cancel Scan with Results \u2013** The \"Cancel Scan with Results\" option is now available via the API, not just the UI.\n\nAPI updates are also included with this release:\n\n[Qualys Cloud Platform 2.42 API Notification 1](<https://discussions.qualys.com/community/developer/notifications-api/blog/2019/11/11/quayls-cloud-platform-v242-wasamsaq-api-notification-1>)\n\nThe specific day for deployment will differ depending on the platform. Release Dates will be published on the [Qualys Status page](<https://status.qualys.com/>) when available.\n\nFor more details about the above features \u2013 please review the release notes. Release notes will be posted as soon as they are available on the [Qualys Suite Release Notes page](<https://www.qualys.com/documentation/release-notes/>).", "modified": "2019-12-04T05:07:59", "published": "2019-12-04T05:07:59", "id": "QUALYSBLOG:071CEFFE0BE4AA94693239F9B1917F06", "href": "https://blog.qualys.com/technology/2019/12/03/qualys-cloud-platform-2-42-new-features", "type": "qualysblog", "title": "Qualys Cloud Platform 2.42 New Features", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2019-12-05T03:26:47", "bulletinFamily": "unix", "description": "This update for haproxy to version 2.0.10 fixes the following issues:\n\n HAProxy was updated to 2.0.10\n\n Security issues fixed:\n\n - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with\n transfer-encoding header missing the "chunked" (bsc#1154980).\n - Fixed an improper handling of headers which could have led to injecting\n LFs in H2-to-H1 transfers creating new attack space (bsc#1157712)\n - Fixed an issue where HEADER frames in idle streams are not rejected and\n thus trying to decode them HAPrpxy crashes (bsc#1157714).\n\n Other issue addressed:\n\n - Macro change in the spec file (bsc#1082318)\n\n More information regarding the release at:\n <a rel=\"nofollow\" href=\"http://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95d\">http://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95d</a>\n aae20954b3053ce87e\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "modified": "2019-12-05T00:15:11", "published": "2019-12-05T00:15:11", "id": "OPENSUSE-SU-2019:2645-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00019.html", "title": "Security update for haproxy (important)", "type": "suse", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-04T09:33:21", "bulletinFamily": "unix", "description": "This update for cloud-init to version 19.2 fixes the following issues:\n\n Security issue fixed:\n\n - CVE-2019-0816: Fixed the unnecessary extra ssh keys that were added to\n authorized_keys (bsc#1129124).\n\n Non-security issues fixed:\n\n - Short circuit the conditional for identifying the sysconfig renderer\n (bsc#1154092, bsc#1142988).\n - If /etc/resolv.conf is a symlink, break it. This will avoid netconfig\n from clobbering the changes cloud-init applied (bsc#1151488).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "modified": "2019-12-04T06:11:03", "published": "2019-12-04T06:11:03", "id": "OPENSUSE-SU-2019:2633-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00018.html", "title": "Security update for cloud-init (moderate)", "type": "suse", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-04T03:26:04", "bulletinFamily": "unix", "description": "This update for calamares fixes the following issues:\n\n - Launch with "pkexec calamares" in openSUSE Tumbleweed, but launch with\n "xdg-su -c calamares" in openSUSE Leap 15.\n\n Update to Calamares 3.2.15:\n\n - "displaymanager" module now treats "sysconfig" as a regular entry in the\n "displaymanagers" list, and the "sysconfigSetup" key is used as a\n shorthand to force only that entry in the list.\n - "machineid" module has been re-written in C++ and extended with a new\n configuration key to generate urandom pool data.\n - "unpackfs" now supports a special "sourcefs" value of file for copying\n single files (optionally with renaming) or directory trees to the target\n system.\n - "unpackfs" now support an "exclude" and "excludeFile" setting for\n excluding particular files or patters from unpacking.\n\n Update to Calamares 3.2.14:\n - "locale" module no longer recognizes the legacy GeoIP configuration.\n This has been deprecated since Calamares 3.2.8 and is now removed.\n - "packagechooser" module can now be custom-labeled in the overall\n progress (left-hand column).\n - "displaymanager" module now recognizes KDE Plasma 5.17.\n - "displaymanager" module now can handle Wayland sessions and can detect\n sessions from their .desktop files.\n - "unpackfs" now has special handling for sourcefs setting \u00e2\u0080\u009cfile\u00e2\u0080\u009d.\n\n Update to Calamares 3.2.13.\n\n More about upstream changes:\n\n <a rel=\"nofollow\" href=\"https://calamares.io/calamares-3.2.13-is-out/\">https://calamares.io/calamares-3.2.13-is-out/</a> and\n <a rel=\"nofollow\" href=\"https://calamares.io/calamares-3.2.12-is-out/\">https://calamares.io/calamares-3.2.12-is-out/</a>\n\n Update to Calamares 3.2.11:\n\n - Fix race condition in modules/luksbootkeyfile/main.py (boo#1140256,\n CVE-2019-13178)\n - more about upstream changes in 3.2 versions can be found in\n <a rel=\"nofollow\" href=\"https://calamares.io/\">https://calamares.io/</a> and <a rel=\"nofollow\" href=\"https://github.com/calamares/calamares/releases\">https://github.com/calamares/calamares/releases</a>\n\n", "modified": "2019-12-04T00:17:12", "published": "2019-12-04T00:17:12", "id": "OPENSUSE-SU-2019:2628-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00017.html", "title": "Security update for calamares (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-04T03:26:04", "bulletinFamily": "unix", "description": "This update for haproxy to version 2.0.10 fixes the following issues:\n\n HAProxy was updated to 2.0.10\n\n Security issues fixed:\n\n - CVE-2019-18277: Fixed a potential HTTP smuggling in messages with\n transfer-encoding header missing the "chunked" (bsc#1154980).\n - Fixed an improper handling of headers which could have led to injecting\n LFs in H2-to-H1 transfers creating new attack space (bsc#1157712)\n - Fixed an issue where HEADER frames in idle streams are not rejected and\n thus trying to decode them HAPrpxy crashes (bsc#1157714).\n\n Other issue addressed:\n\n - Macro change in the spec file (bsc#1082318)\n\n More information regarding the release at:\n <a rel=\"nofollow\" href=\"http://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95d\">http://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95d</a>\n aae20954b3053ce87e\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "modified": "2019-12-04T00:15:10", "published": "2019-12-04T00:15:10", "id": "OPENSUSE-SU-2019:2626-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00016.html", "title": "Security update for haproxy (important)", "type": "suse", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-12-04T03:26:04", "bulletinFamily": "unix", "description": "This update for libarchive fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2018-1000877: Fixed a double free vulnerability in RAR decoder\n (bsc#1120653).\n - CVE-2018-1000878: Fixed a Use-After-Free vulnerability in RAR decoder\n (bsc#1120654).\n - CVE-2019-1000019: Fixed an Out-Of-Bounds Read vulnerability in 7zip\n decompression (bsc#1124341).\n - CVE-2019-1000020: Fixed an Infinite Loop vulnerability in ISO9660 parser\n (bsc#1124342).\n - CVE-2019-18408: Fixed a use-after-free in RAR format support\n (bsc#1155079).\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "modified": "2019-12-04T00:14:09", "published": "2019-12-04T00:14:09", "id": "OPENSUSE-SU-2019:2632-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00015.html", "title": "Security update for libarchive (moderate)", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-04T03:26:04", "bulletinFamily": "unix", "description": "This update for ucode-intel fixes the following issues:\n\n - Updated to 20191115 security release (bsc#1157004)\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "modified": "2019-12-04T00:13:36", "published": "2019-12-04T00:13:36", "id": "OPENSUSE-SU-2019:2631-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00014.html", "title": "Security update for ucode-intel (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-04T03:26:04", "bulletinFamily": "unix", "description": "This update for libxml2 doesn't fix any additional security issues, but\n correct its rpm changelog to reflect all CVEs that have been fixed over\n the past. This update was imported from the SUSE:SLE-15:Update update\n project.\n\n", "modified": "2019-12-04T00:11:57", "published": "2019-12-04T00:11:57", "id": "OPENSUSE-SU-2019:2629-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00013.html", "title": "Security update for libxml2 (low)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "talos": [{"lastseen": "2019-12-05T17:26:43", "bulletinFamily": "info", "description": "# Talos Vulnerability Report\n\n### TALOS-2019-0890\n\n## AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability\n\n##### December 5, 2019\n\n##### CVE Number\n\nCVE-2019-5098\n\n### Summary\n\nAn exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. A specially crafted pixel shader can cause out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host.\n\n### Tested Versions\n\nAMD ATIDXX64.DLL (26.20.13001.29010) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.1.0 build-13591040) with Windows 10 x64 as guestVM\n\n### Product URLs\n\n[http://amd.com](<https://amd.com>) [http://vmware.com](<https://vmware.com>)\n\n### CVSSv3 Score\n\n6.5 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H 8.6 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\n\n### CWE\n\nCWE-125: Out-of-bounds Read\n\n### Details\n\nThis vulnerability can be triggered by supplying a malformed pixel shader inside a VMware guest OS. Such an attack can be triggered from VMware guest usermode to cause an out-of-bounds memory read on vmware-vmx.exe process on host, or theoretically through WEBGL (remote website).\n\nBy modifying the shader instruction operand (in this case `SINCOS` instruction) to a previously uninitialized one (in this case `V4`, since only `V0` is declared by `DCL_INPUT_PS_SIV`) it is possible to cause an out-of-bounds read.\n\nSample shader:\n \n \n dcl_input_ps_siv constant v0.xyzw, position ; Declares a shader-input register (v0)\n sincos r6.x, null, v4.xxxx ; Component-wise sin(theta) and cos(theta) for theta in radians.\n \n\nDebugger output:\n \n \n 00007FFC379F8EDA | 8B 83 A4 00 00 00 | mov eax,dword ptr ds:[rbx+A4] |\n 00007FFC379F8EE0 | 48 8B 7B 20 | mov rdi,qword ptr ds:[rbx+20] |\n 00007FFC379F8EE4 | 44 8B 74 84 30 | mov r14d,dword ptr ss:[rsp+rax*4+30] | * rax=-1\n \n\nThe `rax` register does not seem to be easily controllable, so this issue only leads to crashing the vmware-vmx.exe process.\n\n### Crash Information\n \n \n 0:016> !analyze -v\n *******************************************************************************\n * *\n * Exception Analysis *\n * *\n *******************************************************************************\n \n *** WARNING: Unable to verify checksum for amdihk64.dll\n \n KEY_VALUES_STRING: 1\n \n Key : AV.Fault\n Value: Read\n \n Key : Analysis.CPU.Sec\n Value: 3\n \n Key : Analysis.Elapsed.Sec\n Value: 34\n \n Key : Analysis.Memory.CommitPeak.Mb\n Value: 160\n \n Key : Timeline.Process.Start.DeltaSec\n Value: 193\n \n \n PROCESSES_ANALYSIS: 1\n \n SERVICE_ANALYSIS: 1\n \n STACKHASH_ANALYSIS: 1\n \n TIMELINE_ANALYSIS: 1\n \n Timeline: !analyze.Start\n Name: <blank>\n Time: 2019-08-25T13:26:28.621Z\n Diff: 283762621 mSec\n \n Timeline: Dump.Current\n Name: <blank>\n Time: 2019-08-22T06:37:06.0Z\n Diff: 0 mSec\n \n Timeline: Process.Start\n Name: <blank>\n Time: 2019-08-22T06:33:53.0Z\n Diff: 193000 mSec\n \n \n DUMP_CLASS: 2\n \n DUMP_QUALIFIER: 400\n \n MODLIST_WITH_TSCHKSUM_HASH: 13437b918b50e558b56f50c6a54bf0d11143a633\n \n MODLIST_SHA1_HASH: 79ac638f549732d19dbe903080e0744bb873a97d\n \n APPLICATION_VERIFIER_FLAGS: 0\n \n DUMP_FLAGS: 12\n \n DUMP_TYPE: 1\n \n CONTEXT: (.ecxr)\n rax=000001f9a5531ad8 rbx=00007fff53900000 rcx=00000000ffffffff\n rdx=000001f9a5531ab8 rsi=0000000000000006 rdi=000001f9a5530098\n rip=00007fff53d18a0d rsp=00000071801f8e20 rbp=0000000000440006\n r8=0000000000000004 r9=00007fff5425fed4 r10=0000000000000001\n r11=000001f9a57aa964 r12=000001f9a5530000 r13=0000000000000000\n r14=0000000000000000 r15=000001f9a55311a0\n iopl=0 nv up ei ng nz ac po nc\n cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010296\n atidxx64!AmdDxGsaFreeCompiledShader+0x3ae74d:\n 00007fff`53d18a0d 488b14c8 mov rdx,qword ptr [rax+rcx*8] ds:00000201`a5531ad0=????????????????\n Resetting default scope\n \n FAULTING_IP: \n atidxx64!AmdDxGsaFreeCompiledShader+3ae74d\n 00007fff`53d18a0d 488b14c8 mov rdx,qword ptr [rax+rcx*8]\n \n EXCEPTION_RECORD: (.exr -1)\n ExceptionAddress: 00007fff53d18a0d (atidxx64!AmdDxGsaFreeCompiledShader+0x00000000003ae74d)\n ExceptionCode: c0000005 (Access violation)\n ExceptionFlags: 00000000\n NumberParameters: 2\n Parameter[0]: 0000000000000000\n Parameter[1]: 00000201a5531ad0\n Attempt to read from address 00000201a5531ad0\n \n DEFAULT_BUCKET_ID: INVALID_POINTER_READ\n \n PROCESS_NAME: vmware-vmx.exe\n \n FOLLOWUP_IP: \n atidxx64!AmdDxGsaFreeCompiledShader+3ae74d\n 00007fff`53d18a0d 488b14c8 mov rdx,qword ptr [rax+rcx*8]\n \n READ_ADDRESS: 00000201a5531ad0 \n \n ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.\n \n EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s.\n \n EXCEPTION_CODE_STR: c0000005\n \n EXCEPTION_PARAMETER1: 0000000000000000\n \n EXCEPTION_PARAMETER2: 00000201a5531ad0\n \n WATSON_BKT_PROCSTAMP: 5cce82c7\n \n WATSON_BKT_PROCVER: 15.1.0.46741\n \n PROCESS_VER_PRODUCT: VMware Workstation\n \n WATSON_BKT_MODULE: atidxx64.dll\n \n WATSON_BKT_MODSTAMP: 5d4cabd4\n \n WATSON_BKT_MODOFFSET: 418a0d\n \n WATSON_BKT_MODVER: 26.20.13001.29010\n \n MODULE_VER_PRODUCT: Advanced Micro Devices, Inc. Radeon DirectX 11 Driver\n \n BUILD_VERSION_STRING: 18362.1.amd64fre.19h1_release.190318-1202\n \n ANALYSIS_SESSION_HOST: CLAB\n \n ANALYSIS_SESSION_TIME: 08-25-2019 15:26:28.0621\n \n ANALYSIS_VERSION: 10.0.18914.1001 amd64fre\n \n THREAD_ATTRIBUTES: \n BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ\n \n PRIMARY_PROBLEM_CLASS: APPLICATION_FAULT\n \n PROBLEM_CLASSES: \n \n ID: [0n313]\n Type: [@ACCESS_VIOLATION]\n Class: Addendum\n Scope: BUCKET_ID\n Name: Omit\n Data: Omit\n PID: [Unspecified]\n TID: [0x3268]\n Frame: [0] : atidxx64!AmdDxGsaFreeCompiledShader\n \n ID: [0n285]\n Type: [INVALID_POINTER_READ]\n Class: Primary\n Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)\n BUCKET_ID\n Name: Add\n Data: Omit\n PID: [Unspecified]\n TID: [0x3268]\n Frame: [0] : atidxx64!AmdDxGsaFreeCompiledShader\n \n LAST_CONTROL_TRANSFER: from 00007fff53cdd1c4 to 00007fff53d18a0d\n \n STACK_TEXT: \n 00000071`801f8e20 00007fff`53cdd1c4 : 000001f9`a5530000 00000000`00000000 000001f9`00000000 000001f9`00000000 : atidxx64!AmdDxGsaFreeCompiledShader+0x3ae74d\n 00000071`801f8f00 00007fff`53a763e6 : 000001f9`a5530098 000001f8`11e56700 000001f9`a553bf00 000001f8`11e56701 : atidxx64!AmdDxGsaFreeCompiledShader+0x372f04\n 00000071`801f9170 00007fff`53a666a0 : 000001f8`11f29560 000001f9`a554edf8 00000000`00000004 000001f8`11f29560 : atidxx64!AmdDxGsaFreeCompiledShader+0x10c126\n 00000071`801f9330 00007fff`53a458f4 : 000001f8`11f29560 000001f8`11edeea0 00000071`801f9b70 000001f8`11f29560 : atidxx64!AmdDxGsaFreeCompiledShader+0xfc3e0\n 00000071`801f93b0 00007fff`53989334 : 00000000`00000001 00000071`801f9b70 000001f8`11edeea0 00000071`801f9b70 : atidxx64!AmdDxGsaFreeCompiledShader+0xdb634\n 00000071`801f9930 00007fff`5410e4e8 : 00000000`00000000 00000071`801f9a60 00000071`801f9b70 000001f9`981fad10 : atidxx64!AmdDxGsaFreeCompiledShader+0x1f074\n 00000071`801f9960 00007fff`540f3c1b : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : atidxx64!AmdDxGsaFreeCompiledShader+0x7a4228\n 00000071`801f9ad0 00007fff`540f3752 : 00000000`00000000 000001f8`11edeba0 000001f9`981dea80 00000071`801fd7e0 : atidxx64!AmdDxGsaFreeCompiledShader+0x78995b\n 00000071`801f9b30 00007fff`54124173 : 000001f8`11edeba0 00000000`00000000 000001f9`981d5000 00000071`801fd7e0 : atidxx64!AmdDxGsaFreeCompiledShader+0x789492\n 00000071`801fd790 00007fff`540f3627 : 00000000`00000040 000001f8`11f28800 000001f9`981e2490 000001f9`981e9c10 : atidxx64!AmdDxGsaFreeCompiledShader+0x7b9eb3\n 00000071`801fd7c0 00007fff`541c3041 : 00000000`00000000 00000071`801fdaf0 00000000`00000000 00000000`00000000 : atidxx64!AmdDxGsaFreeCompiledShader+0x789367\n 00000071`801fd820 00007fff`53984cba : 00000000`00000000 00000000`00000000 00000071`801fdaf0 00007fff`c5e9833d : atidxx64!AmdDxGsaFreeCompiledShader+0x858d81\n 00000071`801fd860 00007fff`53984b03 : 000001f9`981b36e0 00000000`00000003 00000000`00000003 00000000`00000000 : atidxx64!AmdDxGsaFreeCompiledShader+0x1a9fa\n 00000071`801fd8a0 00007fff`5390c05e : 00000000`00000001 00000000`00000000 000001f8`102ec0d0 00000000`00000003 : atidxx64!AmdDxGsaFreeCompiledShader+0x1a843\n 00000071`801fd930 00007fff`54077e26 : 00000000`00000000 00000071`801fdaf0 00000000`00000000 ffffffff`ffffffff : atidxx64!XdxQueryTlsLookupTable+0x6d6e\n 00000071`801fd970 00007fff`5391d8b1 : 000001f9`9dbb0508 000001f9`9dac4efc 000001f9`975f4b00 00007fff`c0426933 : atidxx64!AmdDxGsaFreeCompiledShader+0x70db66\n 00000071`801fdad0 00007fff`c0408ecc : 00000000`00000000 00000071`801fdcf0 000001f9`9dbb04f8 00007fff`c5ebb9a7 : atidxx64!XdxQueryTlsLookupTable+0x185c1\n 00000071`801fdbf0 00007fff`c041279f : 00000071`00000001 000001f9`975f0f18 000001f9`9dbb04f8 000001f9`975e7000 : d3d11!CPixelShader::CLS::FinalConstruct+0x23c\n 00000071`801fde50 00007fff`c04126da : 00000071`801fe530 00007fff`c05c23c8 000001f9`9dbb03b0 00000000`00000000 : d3d11!CLayeredObjectWithCLS<CPixelShader>::FinalConstruct+0xa3\n 00000071`801fdee0 00007fff`c03fee48 : 000001f9`9dbb03e8 00000071`801fe530 00000071`801fe560 00007fff`c05c23c8 : d3d11!CLayeredObjectWithCLS<CPixelShader>::CreateInstance+0x152\n 00000071`801fdf40 00007fff`c040b16d : 000001f8`00000000 000001f9`9dbb03b0 00000000`00000000 000001f8`0e990000 : d3d11!CDevice::CreateLayeredChild+0xc88\n 00000071`801fe380 00007fff`c040b940 : 000001f9`9dbb03b0 00000000`00000009 00000000`00000188 00000000`00000030 : d3d11!NDXGI::CDevice::CreateLayeredChild+0x6d\n 00000071`801fe4f0 00007fff`c03f14f4 : 000001f8`116d3730 00000000`00000009 000001f9`9dac4e60 000001f8`116d3f68 : d3d11!NOutermost::CDevice::CreateLayeredChild+0x1b0\n 00000071`801fe6e0 00007fff`c03f1463 : 000001f9`9dac4e60 00000000`0000b000 00000071`801fe9c9 00000000`00000000 : d3d11!CDevice::CreateAndRecreateLayeredChild<SD3D11LayeredPixelShaderCreationArgs>+0x64\n 00000071`801fe740 00007fff`c03f11e8 : 000001f8`116d3f68 000001f9`9dac4e60 00000000`00000b54 00000000`00000000 : d3d11!CDevice::CreatePixelShader_Worker+0x203\n 00000071`801fe8f0 00007ff6`ae368af2 : 000001f9`a7b00160 00007ff6`ae0b0000 000001f8`116d3f68 000001f9`9e0c4520 : d3d11!CDevice::CreatePixelShader+0x28\n 00000071`801fe940 00007ff6`ae36a3d5 : 000001f9`a7b00160 00007ff6`ae0b0000 00007ff6`ae0b0000 000001f9`97fc0cc0 : vmware_vmx+0x2b8af2\n 00000071`801fea30 00007ff6`ae369252 : 000001f9`a7b080e0 00007ff6`ae0b0000 000001f9`a7b00160 000001f9`a7b00160 : vmware_vmx+0x2ba3d5\n 00000071`801ffa80 00007ff6`ae365741 : 00000000`fffe4000 000001f9`a7b00160 00000000`00000003 000001f9`9e370160 : vmware_vmx+0x2b9252\n 00000071`801ffad0 00007ff6`ae2c1af9 : 00007ff6`ae2c1a30 000001f9`9e370150 00000000`00000028 00007ff6`ae3a4120 : vmware_vmx+0x2b5741\n 00000071`801ffb10 00007ff6`ae252ad2 : 00000000`00000020 00007ff6`ae2c1a30 00000071`801ffc70 00000000`00000028 : vmware_vmx+0x211af9\n 00000071`801ffb70 00007ff6`ae250b9f : 00000071`801ffd90 00000000`00000020 00000000`00000000 00000000`00000001 : vmware_vmx+0x1a2ad2\n 00000071`801ffd30 00007ff6`ae1a65c0 : 00000000`00000000 000001f8`10fb06e0 00000000`00000001 00000000`00000000 : vmware_vmx+0x1a0b9f\n 00000071`801ffd60 00007ff6`ae6cc800 : 00007ff6`ae1a64a0 00000000`00000000 00000000`00000000 00000000`00000000 : vmware_vmx+0xf65c0\n 00000071`801ffdb0 00007fff`c4c77bd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : vmware_vmx+0x61c800\n 00000071`801ffe40 00007fff`c5eece71 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14\n 00000071`801ffe70 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21\n \n \n THREAD_SHA1_HASH_MOD_FUNC: 3fa94a1f85e4f43faa127ed96cd9d3a8a7f2e6dc\n \n THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 63d3ad5da187eccdbf6cfaca1763fe0d4d5b2789\n \n THREAD_SHA1_HASH_MOD: 4aa76dab8657f0bc99ca0a6f86ebd46f8e0744d8\n \n FAULT_INSTR_CODE: c8148b48\n \n SYMBOL_STACK_INDEX: 0\n \n SYMBOL_NAME: atidxx64!AmdDxGsaFreeCompiledShader+3ae74d\n \n FOLLOWUP_NAME: MachineOwner\n \n MODULE_NAME: atidxx64\n \n IMAGE_NAME: atidxx64.dll\n \n DEBUG_FLR_IMAGE_TIMESTAMP: 5d4cabd4\n \n STACK_COMMAND: ~16s ; .ecxr ; kb\n \n FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_atidxx64.dll!AmdDxGsaFreeCompiledShader\n \n BUCKET_ID: APPLICATION_FAULT_INVALID_POINTER_READ_atidxx64!AmdDxGsaFreeCompiledShader+3ae74d\n \n FAILURE_EXCEPTION_CODE: c0000005\n \n FAILURE_IMAGE_NAME: atidxx64.dll\n \n BUCKET_ID_IMAGE_STR: atidxx64.dll\n \n FAILURE_MODULE_NAME: atidxx64\n \n BUCKET_ID_MODULE_STR: atidxx64\n \n FAILURE_FUNCTION_NAME: AmdDxGsaFreeCompiledShader\n \n BUCKET_ID_FUNCTION_STR: AmdDxGsaFreeCompiledShader\n \n BUCKET_ID_OFFSET: 3ae74d\n \n BUCKET_ID_MODTIMEDATESTAMP: 5d4cabd4\n \n BUCKET_ID_MODCHECKSUM: 1acdd90\n \n BUCKET_ID_MODVER_STR: 26.20.13001.29010\n \n BUCKET_ID_PREFIX_STR: APPLICATION_FAULT_INVALID_POINTER_READ_\n \n FAILURE_PROBLEM_CLASS: APPLICATION_FAULT\n \n FAILURE_SYMBOL_NAME: atidxx64.dll!AmdDxGsaFreeCompiledShader\n \n TARGET_TIME: 2019-08-22T06:37:06.000Z\n \n OSBUILD: 18362\n \n OSSERVICEPACK: 86\n \n SERVICEPACK_NUMBER: 0\n \n OS_REVISION: 0\n \n SUITE_MASK: 256\n \n PRODUCT_TYPE: 1\n \n OSPLATFORM_TYPE: x64\n \n OSNAME: Windows 10\n \n OSEDITION: Windows 10 WinNt SingleUserTS\n \n OS_LOCALE: \n \n USER_LCID: 0\n \n OSBUILD_TIMESTAMP: unknown_date\n \n BUILDDATESTAMP_STR: 190318-1202\n \n BUILDLAB_STR: 19h1_release\n \n BUILDOSVER_STR: 10.0.18362.1.amd64fre.19h1_release.190318-1202\n \n ANALYSIS_SESSION_ELAPSED_TIME: 8750\n \n ANALYSIS_SOURCE: UM\n \n FAILURE_ID_HASH_STRING: um:invalid_pointer_read_c0000005_atidxx64.dll!amddxgsafreecompiledshader\n \n FAILURE_ID_HASH: {08b458dc-1323-2abb-9f1a-d0ac543a793c}\n \n Followup: MachineOwner\n ---------\n \n\n### Timeline\n\n2019-09-03 - Vendor disclosure \n2019-11-08 - Vendor patched \n2019-12-04 - Vendor updated release notes<br? 2019-12-05 - Public release\n\n##### Credit\n\nDiscovered by Piotr Bania of Cisco Talos.\n\n* * *\n\nVulnerability Reports Previous Report\n\nTALOS-2019-0958\n", "modified": "2019-12-05T00:00:00", "published": "2019-12-05T00:00:00", "id": "TALOS-2019-0890", "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0890", "title": "AMD ATI Radeon ATIDXX64.DLL shader functionality sincos denial-of-service vulnerability", "type": "talos", "cvss": {"score": 0.0, "vector": "NONE"}}], "ics": [{"lastseen": "2019-12-05T19:26:09", "bulletinFamily": "info", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 9.8**\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor:** Weidmueller\n * **Equipment: **Industrial Ethernet Switches\n * **Vulnerabilities:** Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Missing Encryption of Sensitive Data, Unprotected Storage of Credentials, and Predictable from Observable State\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of these vulnerabilities could allow a remote attacker to gain unauthorized access to the device, affecting the confidentiality, integrity, and availability of the device the attacker is targeting.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following versions of industrial Ethernet switches are affected:\n\n * IE-SW-VL05M-5TX firmware v3.6.6 Build 16102415 and prior\n * IE-SW-VL05MT-5TX firmware v3.6.6 Build 16102415 and prior\n * IE-SW-VL05M-3TX-2SC firmware v3.6.6 Build 16102415 and prior\n * IE-SW-VL05MT-3TX-2SC firmware v3.6.6 Build 16102415 and prior\n * IE-SW-VL05M-3TX-2ST firmware v3.6.6 Build 16102415 and prior\n * IE-SW-VL05MT-3TX-2ST firmware v3.6.6 Build 16102415 and prior\n * IE-SW-VL08MT-8TX firmware v3.5.2 Build 16102415 and prior\n * IE-SW-VL08MT-5TX-3SC firmware v3.5.2 Build 16102415 and prior\n * IE-SW-VL08MT-5TX-1SC-2SCS firmware v3.5.2 Build 16102415 and prior\n * IE-SW-VL08MT-6TX-2ST firmware v3.5.2 Build 16102415 and prior\n * IE-SW-VL08MT-6TX-2SC firmware v3.5.2 Build 16102415 and prior\n * IE-SW-VL08MT-6TX-2SCS firmware v3.5.2 Build 16102415 and prior\n * IE-SW-PL08M-8TX firmware v3.3.8 Build 16102416 and prior\n * IE-SW-PL08MT-8TX firmware v3.3.8 Build 16102416 and prior\n * IE-SW-PL08M-6TX-2SC firmware v3.3.8 Build 16102416 and prior\n * IE-SW-PL08MT-6TX-2SC firmware v3.3.8 Build 16102416 and prior\n * IE-SW-PL08M-6TX-2ST firmware v3.3.8 Build 16102416 and prior\n * IE-SW-PL08MT-6TX-2ST firmware v3.3.8 Build 16102416 and prior\n * IE-SW-PL08M-6TX-2SCS firmware v3.3.8 Build 16102416 and prior\n * IE-SW-PL08MT-6TX-2SCS firmware v3.3.8 Build 16102416 and prior\n * IE-SW-PL10M-3GT-7TX firmware v3.3.16 Build 16102416 and prior\n * IE-SW-PL10MT-3GT-7TX firmware v3.3.16 Build 16102416 and prior\n * IE-SW-PL10M-1GT-2GS-7TX firmware v3.3.16 Build 16102416 and prior\n * IE-SW-PL10MT-1GT-2GS-7TX firmware v3.3.16 Build 16102416 and prior\n * IE-SW-PL16M-16TX firmware v3.4.2 Build 16102416 and prior\n * IE-SW-PL16MT-16TX firmware v3.4.2 Build 16102416 and prior\n * IE-SW-PL16M-14TX-2SC firmware v3.4.2 Build 16102416 and prior\n * IE-SW-PL16MT-14TX-2SC firmware v3.4.2 Build 16102416 and prior\n * IE-SW-PL16M-14TX-2ST firmware v3.4.2 Build 16102416 and prior\n * IE-SW-PL16MT-14TX-2ST firmware v3.4.2 Build 16102416 and prior\n * IE-SW-PL18M-2GC-16TX firmware v3.4.4 Build 16102416 and prior\n * IE-SW-PL18MT-2GC-16TX firmware v3.4.4 Build 16102416 and prior\n * IE-SW-PL18M-2GC14TX2SC firmware v3.4.4 Build 16102416 and prior\n * IE-SW-PL18MT-2GC14TX2SC firmware v3.4.4 Build 16102416 and prior\n * IE-SW-PL18M-2GC14TX2ST firmware v3.4.4 Build 16102416 and prior\n * IE-SW-PL18MT-2GC14TX2ST firmware v3.4.4 Build 16102416 and prior\n * IE-SW-PL18M-2GC14TX2SCS firmware v3.4.4 Build 16102416 and prior\n * IE-SW-PL18MT-2GC14TX2SCS firmware v3.4.4 Build 16102416 and prior\n * IE-SW-PL09M-5GC-4GT firmware v3.3.4 Build 16102416 and prior\n * IE-SW-PL09MT-5GC-4GT firmware v3.3.4 Build 16102416 and prior\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [IMPROPER RESTRICTION OF EXCESSIVE AUTHENTICATION ATTEMPTS CWE-307](<https://cwe.mitre.org/data/definitions/307.html>)\n\nThe authentication mechanism has no brute-force prevention.\n\n[CVE-2019-16670](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16670>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.2 [UNCONTROLLED RESOURCE CONSUMPTION CWE-400](<https://cwe.mitre.org/data/definitions/400.html>)\n\nRemote authenticated users can crash a device by using a special packet.\n\n[CVE-2019-16671](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16671>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n#### 3.2.3 [MISSING ENCRYPTION OF SENSITIVE DATA CWE-311](<https://cwe.mitre.org/data/definitions/311.html>)\n\nSensitive credentials data is transmitted in cleartext.\n\n[CVE-2019-16672](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16672>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n#### 3.2.4 [UNPROTECTED STORAGE OF CREDENTIALS CWE-256](<https://cwe.mitre.org/data/definitions/256.html>)\n\nPasswords are stored in cleartext and can be read by anyone with access to the device.\n\n[CVE-2019-16673](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16673>) has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N>)).\n\n#### 3.2.5 [PREDICTABLE FROM OBSERVABLE STATE CWE-341](<https://cwe.mitre.org/data/definitions/341.html>)\n\nAuthentication information used in a cookie is predictable and can lead to admin password compromise when captured on the network.\n\n[CVE-2019-16674](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-16674>) has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS: **Critical Manufacturing, Information Technology\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION: **Germany\n\n### 3.4 RESEARCHER\n\nCERT@VDE reported these vulnerabilities to CISA.\n\n## 4\\. MITIGATIONS\n\nCERT@VDE and Weidmueller report the following mitigations:\n\n**Solutions for CVE-2019-16672**\n\nSolution for vulnerabilities, valid for switch series IE-SW-VL05M and IE-SW-VL08MT\n\n * To avoid the vulnerabilities referred to in this section, it is necessary to install patched firmware. After installation of patched firmware, the web interface can be accessed via encrypted communication using https, and web interface access can be configured to ensure encrypted connections by selecting \u201chttps only.\u201d\n * The respective web interface menu section for this setting can be reached via the following path: Main Menu > Basic Settings > System: Set the \u201cWeb Configuration\u201d to \u201chttps only.\u201d\n\nSolution for vulnerabilities valid for switch series IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, and IE-SW-PL09M\n\n * To avoid the vulnerabilities referred to in this section, installation of patched firmware is not necessary. Web interface access can be configured to ensure encrypted connections by selecting \u201chttps only.\u201d\n * The respective web interface menu section for this setting can be reached via the following path: Main Menu > Basic Settings > System: Set the \u201cWeb Configuration\u201d to \u201chttps only.\u201d\n\n**Solution for CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, and CVE-2019-16674**\n\nValid for switch series IE-SW-VL05M, IE-SW-VL08MT, IE-SW-PL08M, IE-SW-PL10M, IE-SW-PL16M, IE-SW-PL18M, and IE-SW-PL09M\n\n * After installing the patched firmware on the switch, it is possible to disable the unencrypted search service via Weidmueller configuration software named \u201cWM Switch Utility\u201d for Windows OS and to enable an encrypted search service, which will be working with the new \u201cWeidmueller Switch Configuration Utility\u201d (available soon).\n * Both services\u2014the encrypted and the unencrypted search service\u2014are enabled by default. To avoid the vulnerabilities referred to in this section, the unencrypted search service should be disabled.\n * The respective web interface menu section for this setting can be reached via the following path: Main Menu > Basic Settings > Security > Management Interface: Uncheck the checkbox \u201cEnable Search Service.\u201d\n\n**Note:** After disabling the unencrypted search service, the switches can no longer be found or configured with the current \u201cWM Switch Utility.\u201d\n\nWeb interface settings are not affected by this configuration.\n\nBelow are the patched versions available for the respective industrial ethernet switch model:\n\n * IE-SW-VL05M-5TX firmware v3.6.24 Build 19062809 and prior\n * IE-SW-VL05MT-5TX firmware v3.6.24 Build 19062809 and prior\n * IE-SW-VL05M-3TX-2SC firmware v3.6.24 Build 19062809 and prior\n * IE-SW-VL05MT-3TX-2SC firmware v3.6.24 Build 19062809 and prior\n * IE-SW-VL05M-3TX-2ST firmware v3.6.24 Build 19062809 and prior\n * IE-SW-VL05MT-3TX-2ST firmware v3.6.24 Build 19062809 and prior\n * IE-SW-VL08MT-8TX firmware v3.5.22 Build 19062810 and prior\n * IE-SW-VL08MT-5TX-3SC firmware v3.5.22 Build 19062810 and prior\n * IE-SW-VL08MT-5TX-1SC-2SCS firmware v3.5.22 Build 19062810 and prior\n * IE-SW-VL08MT-6TX-2ST firmware v3.5.22 Build 19062810 and prior\n * IE-SW-VL08MT-6TX-2SC firmware v3.5.22 Build 19062810 and prior\n * IE-SW-VL08MT-6TX-2SCS firmware v3.5.22 Build 19062810 and prior\n * IE-SW-PL08M-8TX firmware v3.3.16 Build 19062811 and prior\n * IE-SW-PL08MT-8TX firmware v3.3.16 Build 19062811 and prior\n * IE-SW-PL08M-6TX-2SC firmware v3.3.16 Build 19062811 and prior\n * IE-SW-PL08MT-6TX-2SC firmware v3.3.16 Build 19062811 and prior\n * IE-SW-PL08M-6TX-2ST firmware v3.3.16 Build 19062811and prior\n * IE-SW-PL08MT-6TX-2ST firmware v3.3.16 Build 19062811 and prior\n * IE-SW-PL08M-6TX-2SCS firmware v3.3.16 Build 19062811 and prior\n * IE-SW-PL08MT-6TX-2SCS firmware v3.3.16 Build 19062811 and prior\n * IE-SW-PL10M-3GT-7TX firmware v3.3.24 Build 19062813 and prior\n * IE-SW-PL10MT-3GT-7TX firmware v3.3.24 Build 19062813 and prior\n * IE-SW-PL10M-1GT-2GS-7TX firmware v3.3.24 Build 19062813 and prior\n * IE-SW-PL10MT-1GT-2GS-7TX firmware v3.3.24 Build 19062813 and prior\n * IE-SW-PL16M-16TX firmware v3.4.18 Build 19062814 and prior\n * IE-SW-PL16MT-16TX firmware v3.4.18 Build 19062814 and prior\n * IE-SW-PL16M-14TX-2SC firmware v3.4.18 Build 19062814 and prior\n * IE-SW-PL16MT-14TX-2SC firmware v3.4.18 Build 19062814 and prior\n * IE-SW-PL16M-14TX-2ST firmware v3.4.18 Build 19062814 and prior\n * IE-SW-PL16MT-14TX-2ST firmware v3.4.18 Build 19062814 and prior\n * IE-SW-PL18M-2GC-16TX firmware v3.4.30 Build 19062817 and prior\n * IE-SW-PL18MT-2GC-16TX firmware v3.4.30 Build 19062817 and prior\n * IE-SW-PL18M-2GC14TX2SC firmware v3.4.30 Build 19062817 and prior\n * IE-SW-PL18MT-2GC14TX2SC firmware v3.4.30 Build 19062817 and prior\n * IE-SW-PL18M-2GC14TX2ST firmware v3.4.30 Build 19062817 and prior\n * IE-SW-PL18MT-2GC14TX2ST firmware v3.4.30 Build 19062817 and prior\n * IE-SW-PL18M-2GC14TX2SCS firmware v3.4.30 Build 19062817 and prior\n * IE-SW-PL18MT-2GC14TX2SCS firmware v3.4.30 Build 19062817 and prior\n * IE-SW-PL09M-5GC-4GT firmware v3.3.20 Build 19070111 and prior\n * IE-SW-PL09MT-5GC-4GT firmware v3.3.20 Build 19070111 and prior\n\nFor more information see the CERT@VDE advisory located at: <https://cert.vde.com/en-us/advisories/vde-2019-018> or contact Weidmueller at [www.weidmueller.com/service](<http://www.weidmueller.com/service>).\n\nCISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:\n\n * Minimize network exposure for all control system devices and/or systems, and ensure that they are [not accessible from the Internet](<https://www.us-cert.gov/ics/alerts/ICS-ALERT-10-301-01>).\n * Locate control system networks and remote devices behind firewalls, and isolate them from the business network.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://www.us-cert.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://www.us-cert.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target these vulnerabilities.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the NCCIC at: \n \nEmail: [NCCICCUSTOMERSERVICE@hq.dhs.gov](<mailto:NCCICCUSTOMERSERVICE@hq.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: http://ics-cert.us-cert.gov \nor incident reporting: https://ics-cert.us-cert.gov/Report-Incident?\n\nThe NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "modified": "2019-12-05T00:00:00", "published": "2019-12-05T00:00:00", "id": "ICSA-19-339-02", "href": "https://www.us-cert.gov//ics/advisories/icsa-19-339-02", "title": "Weidmueller Industrial Ethernet Switches", "type": "ics", "cvss": {"score": 0.0, "vector": "NONE"}}], "oraclelinux": [{"lastseen": "2019-12-05T21:29:44", "bulletinFamily": "unix", "description": "docker-engine\n[19.03.1-1.0.0]\n- update to 19.03.1\n[19.03-0.0.1]\n- update to 19.03", "modified": "2019-12-05T00:00:00", "published": "2019-12-05T00:00:00", "id": "ELSA-2019-4827", "href": "http://linux.oracle.com/errata/ELSA-2019-4827.html", "title": "docker-engine docker-cli security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "threatpost": [{"lastseen": "2019-12-04T17:09:20", "bulletinFamily": "info", "description": "Prosecutors in the Netherlands are asking for three years in prison for a Dutch politician who hacked into women\u2019s personal iCloud accounts and stole nude photos and other personal digital material belonging to them, then leaked some of it online.\n\nThe public prosecutor of the North Holland Public Prosecution Service has requested that Mitchel van der K., a member of the VVD political party in the Netherlands, face three years in prison for hacking into personal accounts of \u201cwomen from his own environment, and of women he knew from the media,\u201d according to a translated version of [the request,](<https://www.om.nl/actueel/nieuwsberichten/@107256/drie-jaar-geeist/>) which was made public during the case\u2019s pre-sentencing process.\n\nVan der K was part of what the media dubbed \u201cThe Fappening,\u201d or \u201cCelebgate,\u201d in which the personal accounts of women, including some celebrities, were hacked and personal photos and other digital material\u2014most of it sexually provocative\u2013found on those accounts was publicly disseminated on social media.[](<https://threatpost.com/newsletter-sign/>)Van der K\u2019s victims in the Netherlands included Dutch YouTube star [Laura Ponticorvo](<https://nltimes.nl/2017/03/17/dutch-vlogger-laura-ponticorvo-sex-videos-hacked-fappening-20>) and Dutch field hockey star Fatima Moreira de Melo. Celebrities in the United States also were part of [the global incident](<https://threatpost.com/apple-fixes-glitch-in-find-my-iphone-app-connected-to-celbrity-photo-leak/107997/>), in which personal, nude photos from the iCloud accounts of celebrities including Jennifer Lawrence and Kirsten Dunst were leaked online. In response, Dunst [publicly criticized](<https://pagesix.com/2014/09/02/kirsten-dunst-on-nude-photo-hack-thank-you-icloud/>) iCloud for the breach.\n\nIn response to the hacks, Apple [patched a vulnerability](<https://threatpost.com/apple-fixes-glitch-in-find-my-iphone-app-connected-to-celbrity-photo-leak/107997/>) in its Find My iPhone app that likely was used by attackers in the breach.\n\nIn addition to intimate or nude photos, Van der K also stole myriad other personal material that he found in his victim\u2019s accounts, including family photos, insurance documents and agendas, according to Dutch authorities. The extent of Van der K\u2019s hacking \u201cis unprecedented,\u201d they said.\n\n\u201cHe has invaded hundreds of accounts, frequently and repeatedly violating the privacy of the victims,\u201d according to the prosecution\u2019s sentencing request. \u201cIn their reports, the victims describe in a penetrating way what this invasion of their privacy has unleashed: \u2018It feels like someone broke into my house. It feels like a digital assault. I feel dirty and I feel watched. I also have a private life and I am very careful with that.'\u201d\n\nAuthorities believe Van der K began his involvement in the incident in 2015, but it wasn\u2019t discovered until 2017, when he leaked nude photos and sexually explicit material that he stole from Ponticorvo\u2019s account and she reported it to the police.\n\nWhen he was apprehended, Van der K had just been elected to the city council of the town in which he was living, Almere. He promptly resigned after his troubles with authorities began, according to [a published report](<https://www.zdnet.com/article/dutch-politician-faces-three-years-in-prison-for-hacking-icloud-accounts-and-leaking-nudes/#ftag=RSSbaffb68>).\n\nVan der K has acknowledged that he frequently hacked or attempted to hack iCloud accounts, but said he was under pressure by an \u201cunknown extortioner\u201d or said that his own visual material would be leaked if he did not comply, according to Dutch authorities. The prosecutor in the case said he didn\u2019t buy Van der K\u2019s story, however.\n\n\u201cThe cases that the police have investigated in detail show that more than half of the accounts hacked by the suspect were women who had no (national) fame, but who did interact with him in his work or private environment,\u201d the prosecutor said in a statement. \u201cWhy an unknown extortioner would have forced suspects to browse their accounts for photos and videos, I don\u2019t understand at all.\u201d\n\nVan der K should know his sentencing fate just in time for Christmas, as the Dutch court is expected to rule on the case on Dec. 24, according to the prosecution.\n\n**[Free Threatpost Webinar:](<https://attendee.gotowebinar.com/register/7725318633369800449?source=art>)** _**Risk around third-party vendors is real and can lead to data disasters. We rely on third-party vendors, but that doesn\u2019t mean forfeiting security. [Join us on Dec. 18th at 2 pm EST](<https://attendee.gotowebinar.com/register/7725318633369800449?source=art>) as Threatpost looks at managing third-party relationship risks with industry experts Dr. Larry Ponemon, of Ponemon Institute; Harlan Carvey, with Digital Guardian and Flashpoint\u2019s Lance James. [Click here to register](<https://attendee.gotowebinar.com/register/7725318633369800449?source=art>).**_\n", "modified": "2019-12-04T13:52:44", "published": "2019-12-04T13:52:44", "id": "THREATPOST:46DF105291764706CA0406E60EADC8FF", "href": "https://threatpost.com/dutch-politician-could-get-three-years-in-prison-for-hacking-icloud-accounts/150799/", "type": "threatpost", "title": "Dutch Politician Could Get Three Years in Prison for Hacking iCloud Accounts", "cvss": {"score": 0.0, "vector": "NONE"}}], "mskb": [{"lastseen": "2019-12-04T10:19:56", "bulletinFamily": "microsoft", "description": "<html><body><p>Lists the available updates for Skype for Business Server 2019.</p><h2></h2><p>This article specifies the applicability of Microsoft Skype for Business Server 2019\u00a0updates for each server role.</p><h2>Improvements and fixes in the December 2019 update</h2><p>This update enables Location-Based Routing to support Skype for Business mobile clients. It also fixes the following issues:</p><ul><li><a data-content-id=\"4525498\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4525498\u00a0Ability to add server roles in tri-existence mode will be blocked in Skype for Business Server 2019</a></li><li><a data-content-id=\"4525496\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4525496\u00a0Skype for Business Server 2019 continues to write to CLS ETL even after CLS logging is stopped</a></li><li><a data-content-id=\"4507233\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4507233\u00a0Enterprise users can't request control of an anonymous user's shared screen in Skype for Business Server 2019</a></li><li><a data-content-id=\"4507232\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4507232\u00a0Resuming a PSTN call that was put on hold results in one-way audio in Skype for Business Server 2019</a></li><li><a data-content-id=\"4510851\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4510851\u00a0SCOM SQL alerts are created every hour on SQL secondary replica server if \"Always On\" for Monitoring server is set in Skype for Business Server 2019</a></li><li><a data-content-id=\"4510844\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4510844\u00a0Can't find the response group agent that's synced from an existing distribution list in Skype for Business Server 2019</a></li><li><a data-content-id=\"4510855\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4510855\u00a0Can\u2019t edit interactive RGS workflows via the web interface in Skype for Business Server 2019</a></li><li><a data-content-id=\"4526182\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4526182\u00a0In-a-meeting and Presenting presence states are available for UCWA clients in Skype for Business Server 2019</a></li><li><a data-content-id=\"4510850\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4510850\u00a0Skype for Business on Mac user's latest photo can't be seen until signing in to a Windows client in Skype for Business Server 2019</a></li><li><a data-content-id=\"4510846\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4510846\u00a0\u00a0\"InstallDatabaseInternalFailure: An internal error has occurred\u2026\" error when you install new databases in Skype for Business Server 2019</a></li><li><a data-content-id=\"4525504\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4525504\u00a0bootstrapper.exe doesn\u2019t work in Skype for Business Server 2019</a></li><li><a data-content-id=\"4511313\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4511313\u00a0\"Too many outstanding requests for a single user\" error occurs on Front-End servers in Skype for Business Server 2019</a></li><li><a data-content-id=\"4532748\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4532748\u00a0New registry key \"\\SOFTWARE\\Microsoft\\ExchangeServer\\v15\\MSExchange OWA\" for Skype for Business Server 2019</a></li><li><a data-content-id=\"4503584\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4503584\u00a0\u201cThe Audio/Video Conferencing Server has failed to create a conference\u201d error (ID 32005) occurs on Audio/Video Conferencing Server in Skype for Business Server 2019</a></li><li><a data-content-id=\"4525500\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4525500\u00a0Users who\u2019re not Enterprise Voice enabled can dial out when PreventPSTNTollBypass is true in Skype for Business Server 2019</a></li><li><a data-content-id=\"4525499\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4525499\u00a0Call forwarding and voice mail not working for LBR users who're signed out of all clients in Skype for Business Server 2019</a></li><li><a data-content-id=\"4518680\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4518680\u00a0Can\u2019t transfer external calls by using Polycom VVX phones in Skype for Business Server 2019</a></li><li><a data-content-id=\"4510847\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4510847\u00a0Rate My Call on UCWA clients still shows in Skype for Business Server 2019</a></li><li><a data-content-id=\"4525503\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4525503\u00a0Support Skype Meetings App loading the latest source from CDN if ECS request fails in Skype for Business Server 2019</a></li><li><a data-content-id=\"4487817\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4487817\u00a0Conversation History time stamp in Outlook differs from the time stamp of UCWA clients in Skype for Business Server 2019</a></li></ul><h2>Get the updates that are released for Skype for Business Server 2019</h2><ul><li><a data-content-id=\"4528667\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4528667 </a>December 2019 cumulative update 7.0.2046.151 for Skype for Business Server 2019, Core Components</li><li><a data-content-id=\"4528668\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4528668\u00a0</a>December 2019 cumulative update 7.0.2046.151 for Skype for Business Server 2019, Mediation Server</li><li><a data-content-id=\"4528675\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4528675\u00a0</a>December 2019 cumulative update 7.0.2046.151 for Skype for Business Server 2019 and Unified Communications Managed API 5.0 Runtime</li><li><a data-content-id=\"4528670\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4528670\u00a0</a>December\u00a02019 cumulative update 7.0.2046.151 for Skype for Business Server 2019, Response Group Service</li><li><a data-content-id=\"4528674\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4528674\u00a0</a>December 2019 cumulative update 7.0.2046.151 for Skype for Business Server 2019, Web Components Server</li><li><a data-content-id=\"4528671\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4528671\u00a0</a>Description of the cumulative update 7.0.2046.151 for Skype for Business Server 2019, Administrative Tools: December 2019</li><li><a data-content-id=\"4528672\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4528672\u00a0</a>December 2019 cumulative update 7.0.2046.151 for Skype for Business Server 2019, Front End Server and Edge Server</li><li><a data-content-id=\"4528669\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4528669\u00a0</a>December\u00a02019 cumulative update 7.0.2046.151 for Skype for Business Server 2019, Conferencing Server</li><li><a data-content-id=\"4528673\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4528673\u00a0</a>December 2019 cumulative update 7.0.2046.151 for Skype for Business Server 2019, Enterprise Web App</li><li><a data-content-id=\"4528677\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4528677\u00a0</a>December 2019 cumulative update 7.0.2046.151 for the Skype for Business Server 2019 Centralized Logging Service</li><li><a data-content-id=\"4499965\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4499965\u00a0</a>July 2019 cumulative update 7.0.2046.123 for the Skype for Business Server 2019 Backup Service</li><li><a data-content-id=\"4499970\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4499970 </a>July 2019 cumulative update 7.0.2046.123 for the Skype for Business Server 2019 Application Host</li><li><a data-content-id=\"4499978\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4499978\u00a0</a>July 2019 cumulative update 7.0.2046.123 for the Skype for Business Server 2019, Core Management Server</li><li><a data-content-id=\"4499980\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4499980\u00a0</a>July 2019 cumulative update 7.0.2046.123 for the Skype for Business Server 2019 Replica Replicator Agent</li><li><a data-content-id=\"4499972\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4499972\u00a0</a>July 2019 cumulative update 7.0.2046.123 for Skype for Business Server 2019, Conferencing Attendant</li><li><a data-content-id=\"4499973\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4499973\u00a0</a>July 2019 cumulative update 7.0.2046.123 for Skype for Business Server 2019, Conferencing Announcement</li><li><a data-content-id=\"4499975\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4499975\u00a0</a>July 2019 cumulative update 7.0.2046.123 for Skype for Business Server 2019, Call Park service</li><li><a data-content-id=\"4499976\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4499976\u00a0</a>July 2019 cumulative update 7.0.2046.123 for Skype for Business Server 2019, Web Conferencing Server</li><li><a data-content-id=\"4499979\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4499979\u00a0</a>July 2019 cumulative update 7.0.2046.123 for Skype for Business Server 2019, Bandwidth Policy Service</li><li><a data-content-id=\"4499983\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4499983\u00a0</a>July 2019 cumulative update 7.0.2046.123 for Skype for Business Server 2019, Video Interop Server</li><li><a data-content-id=\"4499971\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4499971\u00a0</a>July 2019 cumulative update 7.0.2046.123 for the Skype for Business Server 2019 Audio Test service</li></ul><h2>Installation methods</h2><h3>Prerequisites</h3><p>To apply this update, you must have Microsoft .NET Framework 4.5.2 (<a data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/download/details.aspx?id=42642\" managed-link=\"\" target=\"_blank\">Offline Installer</a> or <a data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/download/details.aspx?id=42643\" managed-link=\"\" target=\"_blank\">Web Installer</a>) installed.</p><h3>Install the update</h3><p>The Server Update Installer applies all updates for the appropriate server role in one operation.<br/><br/><strong>Note </strong>If User Account Control (UAC) is turned on, you must start the Server Update Installer by using elevated permissions to make sure that all updates are installed correctly.</p><div class=\"indent\"><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/en-us/download/details.aspx?id=58347\" managed-link=\"\" target=\"_blank\">Download the December 2019 Server Update Installer</a></div><p><br/><strong>Note</strong> Updates for Skype for Business Server 2019\u00a0will no longer be auto-installed by Microsoft Update. You must manually download SkypeServerUpdateInstaller.exe from Microsoft Update, and then use the following installation steps.</p><h3>To apply the update to the Front End servers in a pool</h3><ol class=\"sbody-num_list\"><li>Type the following cmdlet:<pre class=\"sbody-pre\"><strong>Get-CsPoolFabricState -PoolFqdn <PoolFQDN> </strong></pre>If this cmdlet reveals any missing replicas, run the following cmdlet to recover the pool before you apply any updates:<pre class=\"sbody-pre\"><strong>Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery </strong></pre></li><li>On the first server that you want to update, run the following cmdlet:<pre class=\"sbody-pre\"><strong>Invoke-CsComputerFailOver -ComputerName <Front End Server to be patched> </strong></pre>This cmdlet moves all services to other Front End servers in the pool, and takes this server offline.</li><li>\u00a0Install the required additional Windows Features.<br/><br/><strong>Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Windows-Identity-Foundation, Server-Media-Foundation, Telnet-Client, BITS, ManagementOData, Web-Mgmt-Console, Web-Metabase, Web-Lgcy-Mgmt-Console, Web-Lgcy-Scripting, Web-WMI, Web-Scripting-Tools, Web-Mgmt-Service</strong></li><li>Run the Server Update Installer, and then click <strong>Install Updates </strong>to upgrade the server role.<br/><br/>You can also run the following parameters together with the <strong>SkypeServerUpdateInstaller.exe </strong>command:<br/>\u00a0<ul class=\"sbody-free_list\"><li>The <strong>/silentmode</strong> switch applies all applicable updates in the background.</li><li>The <strong>/silentmode</strong> <strong>/forcereboot</strong> switch applies all applicable updates in the background, and then automatically restarts the server at the end of the installation process, if this is necessary.</li><li>The <strong>/extractall</strong> switch extracts the updates from the installer, and saves the updates in a subfolder that is named \"Extracted\" in the folder in which you ran the command.</li></ul></li><li>Run BootStrapper.exe to install control panel.</li><li>On the upgraded server, run the following cmdlet:<pre class=\"sbody-pre\"><strong>Invoke-CsComputerFailBack -ComputerName <Front End Server to be patched> </strong></pre>The server is returned to service.</li><li>Repeat steps\u00a02\u20136\u00a0for each server that has to be upgraded.</li></ol><h3 class=\"sbody-h4\">To apply the update to a Back End server or Standard Edition server</h3><ol class=\"sbody-num_list\"><li>Log on to the server that you are upgrading as a member of the CsAdministrator role.</li><li>Start the Skype for Business Server Management Shell: Click <strong class=\"uiterm\">Start</strong>, click <strong class=\"uiterm\">All Programs</strong>, click <strong class=\"uiterm\">Skype for Business 2019</strong>, and then click <strong class=\"uiterm\">Skype for Business Server Management Shell</strong>.</li><li>Stop Skype for Business Server services. At the command line, type:<pre class=\"sbody-pre\"><strong>Stop-CsWindowsService </strong></pre></li><li>Stop the World Wide Web service. At the command line, type:<pre class=\"sbody-pre\"><strong>net stop w3svc </strong></pre></li><li>Close all Skype for Business Server Management Shell windows.</li><li>Run the Server Update Installer, and then click <strong>Install Updates </strong>to upgrade the server role.<br/><br/>You can also run the following parameters together with the <strong>SkypeServerUpdateInstaller.exe </strong>command:<br/>\u00a0<ul class=\"sbody-free_list\"><li>The <strong>/silentmode</strong> switch applies all applicable updates in the background.</li><li>The <strong>/silentmode /forcereboot</strong> switch applies all applicable updates in the background, and then automatically restarts the server at the end of the installation process if this is necessary.</li><li>The <strong>/extractall</strong> switch extracts the updates from the installer, and saves the updates in a subfolder that is named \"Extracted\" in the folder in which you ran the command.</li></ul></li><li>Start the Skype for Business Server Management Shell: Click <strong class=\"uiterm\">Start</strong>, click <strong class=\"uiterm\">All Programs</strong>, click <strong class=\"uiterm\">Skype for Business 2019</strong>, and then click <strong class=\"uiterm\">Skype for Business Server Management Shell</strong>.</li><li>Start Skype for Business Server services. At the command line, type:<pre class=\"sbody-pre\"><strong>Start-CsWindowsService </strong></pre></li><li>Restart the World Wide Web service. At the command line, type:<pre class=\"sbody-pre\"><strong>net start w3svc </strong></pre></li><li>Apply the changes made to the SQL Server databases by doing one of the following.<br/><br/><strong>Note</strong>\u00a0When you run the <strong>Install-CsDatabase</strong> cmdlet, you\u00a0receive an error message that you can safely ignore. The error message in the request is expected if you are updating the database on a computer that isn't hosting the Central Management Store.<br/>\u00a0<ul class=\"sbody-free_list\"><li>If this is an Enterprise Edition Back End Server, and there are no collocated databases on this server, such as Archiving or Monitoring databases, type the following at a command line:<pre class=\"sbody-pre\"><strong>Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn <SQL Server FQDN> </strong></pre></li><li>If this is an Enterprise Edition Back End Server, and there are collocated databases on this server, type the following at a command line:<pre class=\"sbody-pre\"><strong>Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn <SQL Server FQDN> -ExcludeCollocatedStores </strong></pre></li><li>If this is a\u00a0Standard Edition server, type the following at a command line:<pre class=\"sbody-pre\"><strong>Install-CsDatabase -Update -LocalDatabases </strong></pre></li></ul></li><li><span>If the Skype for Business Back End pool uses SQL AlwaysOn Availability Group, </span>update the AlwaysOn databases accordingly as follows:<ol style=\"list-style-type:lower-alpha\" type=\"a\"><li>Install the update on your Skype for Business server or servers.</li><li><p>Run the following PowerShell command in your Skype for Business Management Shell (logged in by using\u00a0an account that's appropriately permissioned to apply changes to the SQL AlwaysOn databases), as follows:</p><pre class=\"indent-1\"><strong>Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn [sqlpool.contoso.com] -Verbose</strong></pre><p><strong>Note</strong> In this command, replace [sqlpool.contoso.com] with the fully qualified domain name (FQDN) of your AlwaysOn availability group.</p></li></ol></li></ol><h2>Uninstallation methods</h2><h3>Uninstall the update</h3><h4>Remove the update\u00a0from an Enterprise Edition pool that has two front-end servers</h4><p>To do this, follow these steps:</p><ol class=\"sbody-num_list\"><li>Stop new connections to other front-end servers by running the following command on both front-end servers:<pre class=\"sbody-pre\"><strong>Stop-CsWindowsService -ComputerName <Computer.FQDN> </strong></pre></li><li>Uninstall any updates.</li><li>Restart the server, and make sure that both front-end servers are accepting new connections.</li><li>After both front-end servers are updated, you must run the following command:<pre class=\"sbody-pre\"><strong>Reset-CsPoolRegistrarState -ResetType FullReset </strong></pre>Then, run the following command:<pre class=\"sbody-pre\"><strong>Start-CsPool -PoolFqdn <Pool.FQDN> </strong></pre></li></ol><h4><br/>Remove the update\u00a0from an Enterprise Edition pool that has at least three front-end servers</h4><p>To do this, follow these steps:<br/>\u00a0</p><ol class=\"sbody-num_list\"><li>Obtain the list of the upgrade domains for the Enterprise Edition pool that is associated with a front-end server. To do this, run the <strong>Get-CsPoolUpgradeReadinessState</strong> cmdlet on the front-end server.</li><li>Uninstall any updates for\u00a0each upgrade domain.<br/><br/><strong>Notes</strong><br/>\u00a0<ul class=\"sbody-free_list\"><li>You must uninstall updates from one upgrade domain at a time.</li><li>You can remove updates in parallel from all servers that are in the same upgrade domain.</li></ul><br/>To uninstall all servers that are in the same upgrade domain, follow these steps:<br/>\u00a0<ol class=\"sbody-num_list\" start=\"1\"><li>Run the following command:<pre class=\"sbody-pre\"><strong>Invoke-CsComputerFailover -ComputerName <Computer.FQDN></strong> </pre></li><li>Uninstall updates on front-end servers that are associated with an upgrade domain.</li><li>Run the following command:<pre class=\"sbody-pre\"><strong>Invoke-CsComputerFailback -ComputerName <Computer.FQDN></strong> </pre></li></ol><strong>Note </strong>You must repeat step 2 to uninstall updates from every upgrade domain until all upgrade domains in the pool are updated.</li></ol><p>You must perform several configuration operations, depending on the kind of Skype for Business 2019\u00a0Enterprise Edition back-end servers that you are using.<br/><br/><strong>Note </strong>If database mirroring is enabled for the back-end databases, we strongly recommend that you use the <strong>Invoke-CsDatabaseFailover -NewPrincipal Primary</strong> command, and then run the Get-<strong>CsDatabaseMirrorState -PoolFqdn <fqdn of pool></strong> cmdlet to verify that the primary server is principal for all databases before you run the <strong>Install-CsDatabase</strong> cmdlet.\u00a0If Persistent Chat is collocated (that is, the Persistent Chat front-end service and back-end database are running on the same server), you must run the<strong> Install-CsDatabase</strong> cmdlet together with the <strong>ExcludeCollocatedStores</strong> parameter.</p><h4 class=\"sbody-h4\"><br/>Skype for Business Server 2019\u00a0Monitoring Databases</h4><p>If Skype for Business Monitoring databases are deployed on stand-alone SQL databases, run the following command:<span class=\"text-base\"></span></p><pre class=\"sbody-pre\"><span class=\"text-base\">Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn <FEBE.FQDN>-Verbose </span></pre><p>In this command, <<em><strong class=\"sbody-strong\">FEBE.FQDN</strong></em>> is a placeholder for the actual value.</p><h4 class=\"sbody-h4\">Skype for Business Server 2019\u00a0Standard Edition and other roles</h4><ol class=\"sbody-num_list\"><li>Uninstall updates on the Standard Edition or any other server role.</li><li>Restart the server if it is required to do this after you uninstall these updates.</li></ol><h2>List of server roles and the updates that apply to them</h2><ul class=\"sbody-free_list\"><li><a bookmark-id=\"1\" href=\"#1\" managed-link=\"\" target=\"\">Skype for Business Server 2019 - Standard Edition server</a></li><li><a bookmark-id=\"3\" href=\"#3\" managed-link=\"\" target=\"\">Skype for Business Server 2019 - Enterprise Edition - front-end server and back-end server</a></li><li><a bookmark-id=\"6\" href=\"#6\" managed-link=\"\" target=\"\">Skype for Business Server 2019 - Edge server</a></li><li><a bookmark-id=\"8\" href=\"#8\" managed-link=\"\" target=\"\">Skype for Business Server 2019 - stand-alone Mediation server</a></li><li><a bookmark-id=\"9\" href=\"#9\" managed-link=\"\" target=\"\">Skype for Business Server 2019 - Director server</a></li><li><a bookmark-id=\"11\" href=\"#11\" managed-link=\"\" target=\"\">Skype for Business Server 2019 - Persistent Chat front-end server</a></li><li><a bookmark-id=\"12\" href=\"#12\" managed-link=\"\" target=\"\">Skype for Business Server 2019 - Administration Tools</a></li><li><a bookmark-id=\"13\" href=\"#13\" managed-link=\"\">Skype for Business Server 2019 - Video Interop server</a></li></ul><p><a class=\"bookmark\" id=\"1\"></a></p><h3>Skype for Business Server 2019\u00a0- Standard Edition server</h3><ul class=\"sbody-free_list\"><li>Update for Front End Server and Edge Server (Standard or Enterprise edition server): KB\u00a04528672</li><li>Update for Core Components: KB\u00a04528667</li><li>Update for Web Components Server: KB\u00a04528674</li><li>Update for Unified Communications Managed API 5.0, Core Runtime 64-bit: KB\u00a04528675</li><li>Update for Administrative Tools: KB 4528671</li><li>Update for\u00a0Enterprise Web App: KB 4528673</li><li>Update for\u00a0Conferencing Server: KB 4528669</li><li>Update for\u00a0Conferencing Attendant: KB 4499972</li><li>Update for\u00a0Conferencing Announcement: KB 4499973</li><li>Update for\u00a0Call Park service: KB 4499975</li><li>Update for\u00a0Web Conferencing Server: KB 4499976</li><li>Update for\u00a0Mediation Server: KB 4528668</li><li>Update for\u00a0Bandwidth Policy Service: KB 4499979</li><li>Update for\u00a0Response Group Service: KB 4528670</li><li>Update for\u00a0Video Interop Server: KB 4499983</li><li>Update for\u00a0Audio Test service: KB 4499971</li><li>Update for Backup\u00a0Service: KB\u00a04499965</li><li>Update for Application Host: KB 4499970</li><li>Update for\u00a0<span><span><span><span><span>Replica Replicator Agent: KB 4499980</span></span></span></span></span></li><li>Update for\u00a0<span><span><span><span><span>Core Management Server: KB 4499978</span></span></span></span></span></li><li>Update for\u00a0<span><span><span><span><span>Centralized Logging Service: KB 4528677</span></span></span></span></span></li></ul><p><a class=\"bookmark\" id=\"3\"></a></p><h3>Skype for Business Server 2019\u00a0- Enterprise Edition - Front End server and Back End server</h3><ul class=\"sbody-free_list\"><li>Update for Front End server and Edge server (Standard or Enterprise edition server): KB\u00a04528672</li><li>Update for Core Components: KB 4528667</li><li>Update for Web Components Server: KB 4528674</li><li>Update for Unified Communications Managed API 5.0, Core Runtime 64-bit: KB 4528675</li><li>Update for\u00a0Bandwidth Policy Service: KB 4499979</li><li>Update for Conferencing Announcement: KB 4499973</li><li>Update for Response Group Service: KB 4528670</li><li>Update for Administrative Tools: KB 4528671</li><li>Update for Enterprise Web App: KB 4528673</li><li>Update for Conferencing Attendant: KB 4499972</li><li>Update for Conferencing Server: KB 4528669</li><li>Update for Video Interop Server: KB 4499983</li><li>Update for Web Conferencing Server: KB 4499976</li></ul><p><a class=\"bookmark\" id=\"6\"></a></p><h3>Skype for Business Server 2019\u00a0- Edge server</h3><ul class=\"sbody-free_list\"><li>Update for Front End server and Edge server (Standard or Enterprise edition server): KB\u00a04528672</li><li>Update for Core Components: KB 4528667</li><li>Update for Unified Communications Managed API 5.0, Core Runtime 64-bit: KB 4528675</li><li>Update for Administrative Tools: KB\u00a04528671</li></ul><p><a class=\"bookmark\" id=\"8\"></a></p><h3><span class=\"text-base\"></span>Skype for Business Server 2019\u00a0- stand-alone Mediation server</h3><ul class=\"sbody-free_list\"><li>Update for Core Components: KB\u00a04528667</li><li>Update for Unified Communications Managed API 5.0, Core Runtime 64-bit: KB\u00a04528675</li></ul><h3>Skype for Business Server 2019\u00a0- Director server</h3><ul class=\"sbody-free_list\"><li>Update for Front End server and Edge server (Standard or Enterprise edition server): KB\u00a04528672</li><li>Update for Core Components: KB\u00a04528667</li><li>Update for Unified Communications Managed API 5.0, Core Runtime 64-bit: KB\u00a04528675</li><li>Update for Web Components server: KB\u00a04528674</li></ul><h3>Skype for Business Server 2019\u00a0- Persistent Chat Front End server</h3><ul><li>Update for Core Components: KB\u00a04528667</li><li>Update for Unified Communications Managed API 5.0, Core Runtime 64-bit: KB\u00a04528675</li></ul><h3>Skype for Business Server 2019\u00a0- Administration Tools</h3><ul><li>Update for Core Components: KB\u00a04528667</li><li>Update for Unified Communications Managed API 5.0, Core Runtime 64-bit: KB\u00a04528675</li></ul><p><a id=\"13\"></a></p><h3>Skype for Business Server 2019\u00a0- Video Interop server</h3><ul><li>Update for Core Components: KB\u00a04528667</li></ul><h2>References</h2><div class=\"kb-references-section section\">Learn about the <a data-content-id=\"\" data-content-type=\"\" href=\"help/824684\" id=\"kb-link-26\" managed-link=\"\" target=\"_blank\">terminology </a> that Microsoft uses to describe software updates.</div></body></html>", "modified": "2019-12-04T02:02:09", "id": "KB4470124", "href": "https://support.microsoft.com/en-us/help/4470124/", "published": "2019-12-04T02:02:02", "title": "Updates for Skype for Business Server 2019", "type": "mskb", "cvss": {"score": 0.0, "vector": "NONE"}}]}