Microsoft Visual Studio CVE-2019-1079 XML External Entity Information Disclosure Vulnerability
2019-07-09T00:00:00
ID SMNTC-108932 Type symantec Reporter Symantec Security Response Modified 2019-07-09T00:00:00
Description
Description
Microsoft Visual Studio is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.
Technologies Affected
Microsoft Visual Studio 2010 SP1
Microsoft Visual Studio 2012 Update 5
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2015 Update 3
Recommendations
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit.
Do not accept or execute files from untrusted or unknown sources.
To limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.
Do not follow links provided by unknown or untrusted sources.
To reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.
Implement multiple redundant layers of security.
As an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.
Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality.
Updates are available. Please see the references or vendor advisory for more information.
{"id": "SMNTC-108932", "type": "symantec", "bulletinFamily": "software", "title": "Microsoft Visual Studio CVE-2019-1079 XML External Entity Information Disclosure Vulnerability", "description": "### Description\n\nMicrosoft Visual Studio is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.\n\n### Technologies Affected\n\n * Microsoft Visual Studio 2010 SP1 \n * Microsoft Visual Studio 2012 Update 5 \n * Microsoft Visual Studio 2013 Update 5 \n * Microsoft Visual Studio 2015 Update 3 \n\n### Recommendations\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from a successful exploit. \n\n**Do not accept or execute files from untrusted or unknown sources.** \nTo limit exposure to these and other latent vulnerabilities, never handle files that originate from unfamiliar or untrusted sources.\n\n**Do not follow links provided by unknown or untrusted sources.** \nTo reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.\n\n**Implement multiple redundant layers of security.** \nAs an added precaution, deploy memory-protection schemes (such as nonexecutable stack/heap configuration and randomly mapped memory segments). This may complicate exploits of memory-corruption vulnerabilities.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo reduce the impact of latent vulnerabilities, run applications with the minimal amount of privileges required for functionality. \n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2019-07-09T00:00:00", "modified": "2019-07-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/108932", "reporter": "Symantec Security Response", "references": [], "cvelist": ["CVE-2019-1079"], "lastseen": "2019-07-10T00:40:12", "viewCount": 20, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-1079"]}, {"type": "mskb", "idList": ["KB4506162", "KB4506163", "KB4506161", "KB4506164"]}, {"type": "mscve", "idList": ["MS:CVE-2019-1079"]}, {"type": "nessus", "idList": ["SMB_NT_MS19_JUL_VISUAL_STUDIO.NASL"]}, {"type": "talosblog", "idList": ["TALOSBLOG:07D81B04EFE21AC0E3C8DD9F1F76E7A4"]}], "modified": "2019-07-10T00:40:12", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2019-07-10T00:40:12", "rev": 2}, "vulnersScore": 5.9}, "affectedSoftware": [{"name": "Microsoft Visual Studio", "operator": "eq", "version": "2013 Update 5 "}, {"name": "Microsoft Visual Studio", "operator": "eq", "version": "2012 Update 5 "}, {"name": "Microsoft Visual Studio", "operator": "eq", "version": "2010 SP1 "}, {"name": "Microsoft Visual Studio", "operator": "eq", "version": "2015 Update 3 "}], "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T07:12:47", "description": "An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.", "edition": 6, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2019-07-15T19:15:00", "title": "CVE-2019-1079", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1079"], "modified": "2020-08-24T17:37:00", "cpe": ["cpe:/a:microsoft:visual_studio:2015", "cpe:/a:microsoft:visual_studio:2012", "cpe:/a:microsoft:visual_studio:2010", "cpe:/a:microsoft:visual_studio:2013"], "id": "CVE-2019-1079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1079", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:visual_studio:2012:update_5:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio:2010:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio:2013:update_5:*:*:*:*:*:*", "cpe:2.3:a:microsoft:visual_studio:2015:update_3:*:*:*:*:*:*"]}], "mskb": [{"lastseen": "2021-01-01T22:51:34", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1079"], "description": "<html><body><p>Resolves an information disclosure vulnerability in Microsoft Visual Studio.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\"><strong>Notice</strong></p><div class=\"row\"><div class=\"col-xs-24\"><p><span><span>Starting on March 10, 2020, Microsoft Update is now offering this security update to additional versions of the Windows OS.</span></span></p></div></div></div></div><p><br/><strong>Note</strong> This security update applies to Visual Studio 2013 Update 5\u00a0except for Visual Studio Isolated and Integrated Shells.\u00a0\u00a0</p><h2>Summary</h2><p>An information disclosure vulnerability exists if Microsoft Visual Studio 2013 incorrectly\u00a0parses XML input in certain settings files.</p><p>To learn more about the vulnerability, go to <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1079\" id=\"kb-link-2\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">CVE-2019-1079</a>.<br/>\u00a0</p><h3>Known issues in this update</h3><p class=\"indent\"><strong>Symptom</strong><br/>Visual Studio 2013 customers may experience issues that affect the offering of this update through Microsoft Update. In some cases, this update is offered to products for which the update was not intended or needed, such as Visual Studio Isolated and Integrated Shells.<br/><br/><strong>Status</strong><br/>On August 5, 2019, a detection revision was made to address issues that affect the Microsoft Update offering for this update. Customers who observed unexpected issues in the offering of this update can rescan Microsoft Update for the latest content within their Windows Server Update Services (WSUS) and update management environments. Customers who rely on the Wsusscan2.cab file will receive this revision as part of the August 2019 broad Windows Update releases..</p><h2>How to obtain and install the update</h2><h3>Method 1: Microsoft Download</h3><p>The following file is available for download:<br/><br/><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"https://aka.ms/vs/12/release/4506163\" managed-link=\"\" target=\"_blank\">Download the hotfix package now</a><a data-content-id=\"\" data-content-type=\"\" href=\"https://aka.ms/vs/12/release/4506163\" managed-link=\"\" target=\"_blank\">.</a></p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the standalone package for this update, go to the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=4506163\" id=\"kb-link-14\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a> website.</p><h2>More information</h2><h3>Prerequisites</h3><p>To apply this security update, you must have <a data-content-id=\"\" data-content-type=\"\" href=\"https://aka.ms/vs/12/docs/2013_Update5\" managed-link=\"\" target=\"_blank\">Visual Studio 2013 Update 5</a> installed.</p><h3>Restart requirement</h3><p>You may have to restart the computer after you apply this security update if an instance of Visual Studio is being used.</p><h3>Security update\u00a0replacement information</h3><p>This security update doesn't replace other security updates.</p><h3>Deployment information</h3><p>For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:</p><p class=\"indent\"><a href=\"http://support.microsoft.com/help/20190709\" managed-link=\"\" target=\"_blank\">Security update deployment information: July 9, 2019</a></p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>VS12-KB4506163.exe</td><td>82EA6AB14CB97EB4F37C2D46A52A921D1E2EF4DB</td><td>AE62A60ADD146B35DD58E8BD7E5919BE2D0786481BF8D60E0663535A07178E61</td></tr></tbody></table><h3><br/>File information</h3><p>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.</p><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\">VS12-KB4506163.exe file information</span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><table class=\"table\"><tbody><tr><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th><th>Platform</th></tr><tr><td>Bootstrapperapplicationdata.xml</td><td>Not applicable</td><td>24,746</td><td>11-Jun-2019</td><td>14:42</td><td>Not applicable</td></tr><tr><td>Bootstrappercore.config</td><td>Not applicable</td><td>897</td><td>06-Sep-2018</td><td>07:04</td><td>Not applicable</td></tr><tr><td>Bootstrappercore.dll</td><td>3.7.2514.0</td><td>77,824</td><td>14-Jan-2014</td><td>07:38</td><td>x86</td></tr><tr><td>Highcontrastskuresources.xaml</td><td>Not applicable</td><td>12,495</td><td>11-Dec-2018</td><td>11:39</td><td>Not applicable</td></tr><tr><td>Highcontrastthemes.xaml</td><td>Not applicable</td><td>5,892</td><td>06-Sep-2018</td><td>07:04</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>2,668</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>51,521</td><td>11-Jun-2019</td><td>11:41</td><td>Not applicable</td></tr><tr><td>Managedux.dll</td><td>12.0.40680.1</td><td>564,480</td><td>11-Jun-2019</td><td>11:22</td><td>x86</td></tr><tr><td>Manifest.xml</td><td>Not applicable</td><td>29,676</td><td>11-Jun-2019</td><td>14:42</td><td>Not applicable</td></tr><tr><td>Mbahost.dll</td><td>3.7.2514.0</td><td>66,048</td><td>14-Jan-2014</td><td>07:38</td><td>x86</td></tr><tr><td>Mbapreq.dll</td><td>3.7.2514.0</td><td>120,320</td><td>14-Jan-2014</td><td>07:38</td><td>x86</td></tr><tr><td>Mbapreq.png</td><td>Not applicable</td><td>797</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Mbapreq.thm</td><td>Not applicable</td><td>3,356</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>1,795</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Dec-2018</td><td>11:39</td><td>Not applicable</td></tr><tr><td>Sqmapi.dll</td><td>6.2.9200.16384</td><td>226,456</td><td>11-Dec-2018</td><td>11:38</td><td>x86</td></tr><tr><td>Themes.xaml</td><td>Not applicable</td><td>4,213</td><td>06-Sep-2018</td><td>07:04</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>4,613</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>50,235</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>1,985</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>2,814</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>55,322</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,418</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,246</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>3,202</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>55,933</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,352</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>3,360</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,195</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>3,193</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>56,668</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,266</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,352</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>2,911</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>54,596</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,264</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>4,365</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>62,793</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,505</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>8,616</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>55,845</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,196</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,272</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,131</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>2,932</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>55,687</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,328</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>2,764</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>54,300</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,107</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>4,571</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>70,192</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,840</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,294</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,092</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>3,447</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>54,266</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,263</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,160</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>4,464</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>50,073</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>1,940</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,171</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>3,006</td><td>11-Dec-2018</td><td>11:19</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>55,214</td><td>11-Jun-2019</td><td>11:42</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>2,360</td><td>16-Apr-2013</td><td>04:38</td><td>Not applicable</td></tr><tr><td>Info.ico</td><td>Not applicable</td><td>2,862</td><td>06-Sep-2018</td><td>07:04</td><td>Not applicable</td></tr><tr><td>Stop.ico</td><td>Not applicable</td><td>2,862</td><td>06-Sep-2018</td><td>07:04</td><td>Not applicable</td></tr><tr><td>Warn.ico</td><td>Not applicable</td><td>2,862</td><td>06-Sep-2018</td><td>07:04</td><td>Not applicable</td></tr></tbody></table></div></div></div><h2>How to get help and support for this security update</h2><p>Help for installing updates:\u00a0<a aria-live=\"assertive\" bookmark-id=\"\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/safety/pc-security/updates.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Protect yourself online</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware:\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-17\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Security</a><br/><br/>Local support according to your country:\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-18\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">International Support</a></p></body></html>", "edition": 3, "modified": "2020-03-18T17:05:13", "id": "KB4506163", "href": "https://support.microsoft.com/en-us/help/4506163/", "published": "2019-07-09T00:00:00", "title": "Description of the security update for the information disclosure vulnerability in Microsoft Visual Studio 2013 Update 5: July 9, 2019", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T22:38:12", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1079"], "description": "<html><body><p>Resolves an information disclosure vulnerability in Microsoft Visual Studio.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\"><strong>Notice</strong></p><div class=\"row\"><div class=\"col-xs-24\"><p><span><span>Starting on March 10, 2020, Microsoft Update is now offering this security update to additional versions of the Windows OS.</span></span></p></div></div></div></div><h2></h2><p><strong>Note</strong> This security update applies to Visual Studio 2010 Service Pack 1\u00a0except for Visual Studio Isolated and Integrated Shells.\u00a0\u00a0</p><h2>Summary</h2><p>An information disclosure vulnerability exists when Microsoft Visual Studio 2010 incorrectly\u00a0parses XML input in certain settings files.</p><p>To learn more about the vulnerability, see <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1079\" id=\"kb-link-2\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">CVE-2019-1079</a>.<br/>\u00a0</p><h3>Known issues in this update</h3><p class=\"indent\"><strong>Symptom</strong><br/>Visual Studio 2010 customers may experience issues that affect the offering of this update through Microsoft Update. In some cases, this update is offered to products for which the update was not intended or needed, such as Visual Studio Isolated and Integrated Shells.<br/><br/><strong>Status</strong><br/>On August 5, 2019, a detection revision was made to address issues that affect the Microsoft Update offering for this update. Customers who observed unexpected issues in the offering of this update can rescan Microsoft Update for the latest content within their Windows Server Update Services (WSUS) and update management environments. Customers who rely on the Wsusscan2.cab file will receive this revision as part of the August 2019 broad Windows Update releases.</p><h2>How to obtain and install the update</h2><h3>Method 1: Microsoft Download</h3><p>The following file is available for download:</p><p><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"https://aka.ms/vs/10/release/4506161\" managed-link=\"\" target=\"_blank\"> Download the hotfix package now</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the standalone package for this update, go to the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=4506161\" id=\"kb-link-14\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a> website.</p><h2>More information</h2><h3><strong><span lang=\"EN-US\"></span></strong><span lang=\"EN-US\">Prerequisites</span></h3><p><span lang=\"EN-US\">To apply this security update, you must have <a data-content-id=\"\" data-content-type=\"\" href=\"https://aka.ms/vs/10/docs/2010_SP1\" managed-link=\"\" target=\"_blank\">Visual Studio 2010 Service Pack 1</a> installed. </span></p><h3><span lang=\"EN-US\">Restart requirement</span></h3><p><span lang=\"EN-US\">You may have to restart the computer after you apply this security update if an\u00a0instance of Visual Studio is being used. </span></p><h3><span lang=\"EN-US\">Security update\u00a0<span lang=\"EN-US\">replacement information</span></span></h3><p><span lang=\"EN-US\">This security update doesn't replace other security updates.</span></p><h3>Deployment information</h3><p>For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:</p><p class=\"indent\"><a href=\"http://support.microsoft.com/help/20190709\" managed-link=\"\" target=\"_blank\">Security update deployment information: July 9, 2019</a></p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>VS10-KB4506161-x86.exe</td><td>11E1F5E1FC0B34A657015949794E59C378E2B5D6</td><td>0E65F4E6538AAD8F0D710005A493AE0E07193877241EE15A1203F258285DE98C</td></tr></tbody></table><h3><br/>File information</h3><p>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.</p><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\">VS10-KB4506161-x86.exe file information</span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><table class=\"table\"><tbody><tr><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th><th>Platform</th></tr><tr><td>Dhtmlheader.html</td><td>Not applicable</td><td>16,118</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Header.bmp</td><td>Not applicable</td><td>7,308</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Setup.exe</td><td>10.0.40219.505</td><td>79,040</td><td>21-Jun-2019</td><td>03:22</td><td>x86</td></tr><tr><td>Setupengine.dll</td><td>10.0.40219.505</td><td>810,160</td><td>21-Jun-2019</td><td>03:22</td><td>x86</td></tr><tr><td>Setupui.dll</td><td>10.0.40219.505</td><td>296,112</td><td>21-Jun-2019</td><td>03:22</td><td>x86</td></tr><tr><td>Setupui.xsd</td><td>Not applicable</td><td>30,120</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Splashscreen.bmp</td><td>Not applicable</td><td>196,662</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Sqmapi.dll</td><td>6.0.6000.16386</td><td>144,416</td><td>21-Jun-2019</td><td>01:41</td><td>x86</td></tr><tr><td>Vs10-kb4506161.msp</td><td>Not applicable</td><td>41,725,952</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Watermark.bmp</td><td>Not applicable</td><td>325,760</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Eula.rtf</td><td>Not applicable</td><td>2,060</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Localizeddata.xml</td><td>Not applicable</td><td>28,064</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Setupresources.dll</td><td>10.0.40219.505</td><td>15,024</td><td>21-Jun-2019</td><td>03:35</td><td>x86</td></tr><tr><td>Eula.rtf</td><td>Not applicable</td><td>1,307</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Localizeddata.xml</td><td>Not applicable</td><td>38,260</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Setupresources.dll</td><td>10.0.40219.505</td><td>19,632</td><td>21-Jun-2019</td><td>03:35</td><td>x86</td></tr><tr><td>Eula.rtf</td><td>Not applicable</td><td>1,015</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Localizeddata.xml</td><td>Not applicable</td><td>35,954</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Setupresources.dll</td><td>10.0.40219.505</td><td>18,096</td><td>21-Jun-2019</td><td>03:22</td><td>x86</td></tr><tr><td>Eula.rtf</td><td>Not applicable</td><td>1,206</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Localizeddata.xml</td><td>Not applicable</td><td>37,998</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Setupresources.dll</td><td>10.0.40219.505</td><td>19,632</td><td>21-Jun-2019</td><td>03:35</td><td>x86</td></tr><tr><td>Eula.rtf</td><td>Not applicable</td><td>1,244</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Localizeddata.xml</td><td>Not applicable</td><td>37,346</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Setupresources.dll</td><td>10.0.40219.505</td><td>19,120</td><td>21-Jun-2019</td><td>03:35</td><td>x86</td></tr><tr><td>Eula.rtf</td><td>Not applicable</td><td>2,882</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Localizeddata.xml</td><td>Not applicable</td><td>31,236</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Setupresources.dll</td><td>10.0.40219.505</td><td>16,560</td><td>21-Jun-2019</td><td>03:35</td><td>x86</td></tr><tr><td>Eula.rtf</td><td>Not applicable</td><td>3,723</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Localizeddata.xml</td><td>Not applicable</td><td>30,320</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Setupresources.dll</td><td>10.0.40219.505</td><td>16,048</td><td>21-Jun-2019</td><td>03:35</td><td>x86</td></tr><tr><td>Eula.rtf</td><td>Not applicable</td><td>3,219</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Localizeddata.xml</td><td>Not applicable</td><td>37,872</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Setupresources.dll</td><td>10.0.40219.505</td><td>19,632</td><td>21-Jun-2019</td><td>03:35</td><td>x86</td></tr><tr><td>Eula.rtf</td><td>Not applicable</td><td>1,932</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Localizeddata.xml</td><td>Not applicable</td><td>28,038</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Setupresources.dll</td><td>10.0.40219.505</td><td>15,024</td><td>21-Jun-2019</td><td>03:35</td><td>x86</td></tr><tr><td>Eula.rtf</td><td>Not applicable</td><td>1,197</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Localizeddata.xml</td><td>Not applicable</td><td>37,468</td><td>21-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Setupresources.dll</td><td>10.0.40219.505</td><td>19,632</td><td>21-Jun-2019</td><td>03:35</td><td>x86</td></tr><tr><td>Print.ico</td><td>Not applicable</td><td>1,150</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Rotate1.ico</td><td>Not applicable</td><td>894</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Rotate2.ico</td><td>Not applicable</td><td>894</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Rotate3.ico</td><td>Not applicable</td><td>894</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Rotate4.ico</td><td>Not applicable</td><td>894</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Rotate5.ico</td><td>Not applicable</td><td>894</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Rotate6.ico</td><td>Not applicable</td><td>894</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Rotate7.ico</td><td>Not applicable</td><td>894</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Rotate8.ico</td><td>Not applicable</td><td>894</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Save.ico</td><td>Not applicable</td><td>1,150</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Setup.ico</td><td>Not applicable</td><td>36,710</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Stop.ico</td><td>Not applicable</td><td>10,134</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Sysreqmet.ico</td><td>Not applicable</td><td>1,150</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Sysreqnotmet.ico</td><td>Not applicable</td><td>1,150</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr><tr><td>Warn.ico</td><td>Not applicable</td><td>10,134</td><td>21-Jun-2019</td><td>03:18</td><td>Not applicable</td></tr></tbody></table></div></div></div><h2>How to get help and support for this security update</h2><p>Help for installing updates:\u00a0<a aria-live=\"assertive\" bookmark-id=\"\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/safety/pc-security/updates.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Protect yourself online</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware:\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-17\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Security</a><br/><br/>Local support according to your country:\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-18\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">International Support</a></p></body></html>", "edition": 3, "modified": "2020-03-18T17:05:14", "id": "KB4506161", "href": "https://support.microsoft.com/en-us/help/4506161/", "published": "2019-07-09T00:00:00", "title": "Description of the security update for the information disclosure vulnerability in Microsoft Visual Studio 2010 Service Pack 1: July 9, 2019", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T22:47:38", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1079"], "description": "<html><body><p>Resolves an information disclosure vulnerability in Microsoft Visual Studio.</p><h2></h2><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\"><strong>Notice</strong></p><div class=\"row\"><div class=\"col-xs-24\"><p><span><span>Starting on March 10, 2020, Microsoft Update is now offering this security update to additional versions of the Windows OS.</span></span></p></div></div></div></div><p><br/><strong>Note</strong>\u00a0This security update applies to Visual Studio 2012 Update 5\u00a0except for Visual Studio Isolated and Integrated Shells.\u00a0\u00a0</p><h2>Summary</h2><p>An information disclosure vulnerability exists if Microsoft Visual Studio 2012 incorrectly\u00a0parses XML input in certain settings files.</p><p>To learn more about the vulnerability, go to <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1079\" id=\"kb-link-2\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">CVE-2019-1079</a>.</p><h3>Known issues in this update</h3><p class=\"indent\"><strong>Symptom</strong><br/>Visual Studio 2012 customers may experience issues that affect the offering of this update through Microsoft Update. In some cases, this update is offered to products for which the update was not intended or needed, such as Visual Studio Isolated and Integrated Shells.<br/><br/><strong>Status</strong><br/>On August 5, 2019, a detection revision was made to address issues that affect the Microsoft Update offering for this update. Customers who observed unexpected issues in the offering of this update can rescan Microsoft Update for the latest content within their Windows Server Update Services (WSUS) and update management environments. Customers who rely on the Wsusscan2.cab file will receive this revision as part of the August 2019 broad Windows Update releases.</p><h2>How to obtain and install the update</h2><h3>Method 1: Microsoft Download</h3><p>The following file is available for download:</p><p><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"https://aka.ms/vs/11/release/4506162\" managed-link=\"\" target=\"_blank\">Download the hotfix package now</a>.</p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the standalone package for this update, go to the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=4506162\" id=\"kb-link-14\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a> website.</p><h2>More information</h2><h3>Prerequisites</h3><p>To apply this security update, you must have <a data-content-id=\"\" data-content-type=\"\" href=\"https://aka.ms/vs/11/docs/2012_Update5\" managed-link=\"\" target=\"_blank\">Visual Studio 2012 Update 5</a> installed.</p><h3>Restart requirement</h3><p>You may have to restart the computer after you apply this security update if an instance of Visual Studio is being used.</p><h3>Security update replacement information</h3><p>This security update doesn't replace other security updates.</p><h3>Deployment information</h3><p>For deployment details for this security update, go to the following article in the Microsoft Knowledge Base:</p><p class=\"indent\"><a href=\"http://support.microsoft.com/help/20190709\" managed-link=\"\" target=\"_blank\">Security update deployment information: July 9, 2019</a></p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>VS11-KB4506162.exe</td><td>BDA8A420B3EA1488A8B23F98504A1FAEBEE74FB7</td><td>8E3EBB0109125C61F64717F159E2C0806AB44784A2CD62CD9D7A3CD067BDE95A</td></tr></tbody></table><h3><br/>File information</h3><p>The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.</p><div class=\"faq-section\" faq-section=\"\"><div class=\"faq-panel\"><div class=\"faq-panel-heading\" faq-panel-heading=\"\"><span class=\"link-expand-image\"><span class=\"faq-chevron win-icon win-icon-ChevronUpSmall\"></span></span><span class=\"bold btn-link link-expand-text\">VS11-KB4506162.exe file information</span></div><div class=\"faq-panel-body\" faq-panel-body=\"\"><table class=\"table\"><tbody><tr><th>File name</th><th>File version</th><th>File size</th><th>Date</th><th>Time</th><th>Platform</th></tr><tr><td>Admindeployment.xsd</td><td>Not applicable</td><td>3,131</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Bootstrapperapplicationdata.xml</td><td>Not applicable</td><td>13,288</td><td>12-Jun-2019</td><td>01:22</td><td>Not applicable</td></tr><tr><td>Bootstrappercore.config</td><td>Not applicable</td><td>897</td><td>06-Sep-2018</td><td>07:10</td><td>Not applicable</td></tr><tr><td>Bootstrappercore.dll</td><td>3.6.3408.0</td><td>73,728</td><td>08-Oct-2012</td><td>23:52</td><td>x86</td></tr><tr><td>Highcontrastthemes.xaml</td><td>Not applicable</td><td>5,892</td><td>06-Sep-2018</td><td>07:10</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>2,129</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>42,011</td><td>19-Nov-2018</td><td>04:01</td><td>Not applicable</td></tr><tr><td>Managedux.dll</td><td>11.0.61241.400</td><td>542,768</td><td>11-Jun-2019</td><td>21:39</td><td>x86</td></tr><tr><td>Manifest.xml</td><td>Not applicable</td><td>30,020</td><td>12-Jun-2019</td><td>01:22</td><td>Not applicable</td></tr><tr><td>Mbahost.dll</td><td>3.6.3408.0</td><td>77,312</td><td>08-Oct-2012</td><td>23:52</td><td>x86</td></tr><tr><td>Mbapreq.dll</td><td>3.6.3408.0</td><td>129,536</td><td>08-Oct-2012</td><td>23:52</td><td>x86</td></tr><tr><td>Mbapreq.png</td><td>Not applicable</td><td>797</td><td>05-Jul-2012</td><td>00:50</td><td>Not applicable</td></tr><tr><td>Mbapreq.thm</td><td>Not applicable</td><td>3,356</td><td>05-Jul-2012</td><td>00:50</td><td>Not applicable</td></tr><tr><td>Mbapreq.wxl</td><td>Not applicable</td><td>1,972</td><td>05-Jul-2012</td><td>00:50</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Sqmapi.dll</td><td>6.1.7600.16385</td><td>196,416</td><td>11-Jun-2019</td><td>15:09</td><td>x86</td></tr><tr><td>Themes.xaml</td><td>Not applicable</td><td>4,213</td><td>06-Sep-2018</td><td>07:10</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>4,284</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>40,814</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>2,769</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>45,111</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>3,459</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>45,779</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>19,679</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>46,185</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>19,855</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>44,502</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>21,364</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>51,391</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>25,809</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>45,700</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>2,474</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>45,816</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>2,321</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>44,229</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>6,182</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>57,741</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>3,379</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>44,185</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>5,304</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>40,749</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>License.htm</td><td>Not applicable</td><td>2,832</td><td>11-Jun-2019</td><td>15:20</td><td>Not applicable</td></tr><tr><td>Localizablestrings.xml</td><td>Not applicable</td><td>45,199</td><td>11-Jun-2019</td><td>21:46</td><td>Not applicable</td></tr><tr><td>Skuresources.xaml</td><td>Not applicable</td><td>12,444</td><td>11-Jun-2019</td><td>15:21</td><td>Not applicable</td></tr><tr><td>Info.ico</td><td>Not applicable</td><td>2,862</td><td>06-Sep-2018</td><td>07:10</td><td>Not applicable</td></tr><tr><td>Stop.ico</td><td>Not applicable</td><td>2,862</td><td>06-Sep-2018</td><td>07:10</td><td>Not applicable</td></tr><tr><td>Warn.ico</td><td>Not applicable</td><td>2,862</td><td>06-Sep-2018</td><td>07:10</td><td>Not applicable</td></tr></tbody></table></div></div></div><h2>How to get help and support for this security update</h2><p>Help for installing updates:\u00a0<a aria-live=\"assertive\" bookmark-id=\"\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/safety/pc-security/updates.aspx\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Protect yourself online</a><br/><br/>Help for protecting your Windows-based computer from viruses and malware:\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" id=\"kb-link-17\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Microsoft Security</a><br/><br/>Local support according to your country:\u00a0<a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://www.microsoft.com/en-us/locale.aspx\" id=\"kb-link-18\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">International Support</a></p></body></html>", "edition": 3, "modified": "2020-03-18T17:05:13", "id": "KB4506162", "href": "https://support.microsoft.com/en-us/help/4506162/", "published": "2019-07-09T00:00:00", "title": "Description of the security update for the information disclosure vulnerability in Microsoft Visual Studio 2012 Update 5: July 9, 2019", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T22:52:30", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1079"], "description": "<html><body><p>Resolves a vulnerability in Microsoft Visual Studio 2015 Update 3.</p><h2></h2><p><strong>Applies to:</strong>\u00a0All Visual Studio 2015 Update 3 SKUs except for Isolated and Integrated Shells and Build Tools</p><div class=\"alert-band\"><div class=\"alert alert-info\" role=\"alert\"><p class=\"alert-title\"><strong>Notice</strong></p><div class=\"row\"><div class=\"col-xs-24\"><p>In November 2020, the content of this article was updated to clarify the affected products, prerequisites, and restart requirements. Additionally, the update metadata in WSUS was revised to fix a Microsoft System Center Configuration Manager reporting bug.\u00a0</p></div></div></div></div><h2>Summary</h2><p>An information disclosure vulnerability exists when Microsoft Visual Studio 2015 incorrectly\u00a0parses XML input in certain settings files.</p><p>To learn more about the vulnerability, go to <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1079\" id=\"kb-link-2\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">CVE-2019-1079</a>.</p><h2>How to obtain and install the update</h2><h3>Method 1: Microsoft Download</h3><p>The following file is available for download:<br/><br/><img alt=\"Download \" class=\"graphic\" src=\"/library/images/support/kbgraphics/public/en-us/download.gif\" title=\"Download \"/><a href=\"https://aka.ms/vs/14/release/4506164\" managed-link=\"\" target=\"_blank\">Download the hotfix package now</a><a data-content-id=\"\" data-content-type=\"\" href=\"https://aka.ms/vs/12/release/4506163\" managed-link=\"\" target=\"_blank\">.</a></p><h3>Method 2: Microsoft Update Catalog</h3><p>To get the standalone package for this update, go to the <a data-content-id=\"\" data-content-type=\"\" href=\"http://www.catalog.update.microsoft.com/Search.aspx?q=4506164\" id=\"kb-link-14\" managed-link=\"\" target=\"_blank\">Microsoft Update Catalog</a> website.</p><h2>More information</h2><h3>Prerequisites</h3><p>To apply this security update, you must have both <a href=\"https://aka.ms/vs/14/docs/2015_Update3\" managed-link=\"\" target=\"_blank\">Visual Studio 2015 Update 3</a> and the subsequent <a href=\"https://aka.ms/vs/14/release/3165756\" managed-link=\"\" target=\"_blank\">Cumulative Servicing Release KB 3165756</a>\u00a0installed. Typically, KB 3165756 is installed automatically when you install Visual Studio 2015 Update 3. However, in some cases, you have to install the two packages separately.</p><h3>Restart requirement</h3><p>We recommend that you close Visual Studio 2015 before you install this security update.\u00a0Otherwise, you may have to restart the computer after you apply this security update if a file that is being updated is open or in use by Visual Studio.</p><h3>Security update replacement information</h3><p>This security update doesn't replace other security updates.</p><h3>File hash information</h3><table class=\"table\"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>vs14-kb4506164.exe</td><td>3D8FCF805756BE2CA9E8E36EA60E85F1CBBFA58A</td><td>2945C671E0A57F993DE67C80A612EE3E7F4EB850F1EB2AF60926D9DADF78F6B7</td></tr></tbody></table><h2>Installation verification</h2><p>To verify that this security update was applied correctly, follow these steps:</p><ol><li>Open the Visual Studio 2015 folder.</li><li>Locate the Microsoft.VisualStudio.QualityTools.Common.dll\u00a0file.</li><li>Verify that the file version is\u00a0<strong>14.0.27536</strong>.</li></ol><h2>Information about protection, security, and support</h2><ul><li>Protect yourself online: <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/hub/4099151\" managed-link=\"\" target=\"_blank\">Windows Security support</a><br/>\u00a0</li><li>Learn how we guard against cyber threats: <a href=\"https://www.microsoft.com/security\" managed-link=\"\" target=\"_blank\">Microsoft Security</a><br/>\u00a0</li><li>Obtain localized support per your country: <a href=\"https://www.microsoft.com/en-us/locale.aspx\" managed-link=\"\" target=\"_blank\">International Support</a><br/>\u00a0</li><li>Get more information about the Visual Studio support policy: <a aria-live=\"assertive\" data-bi-name=\"content-anchor-link\" data-content-id=\"\" data-content-type=\"\" href=\"https://www.visualstudio.com/productinfo/vs-servicing-vs\" managed-link=\"\" tabindex=\"0\" target=\"_blank\">Visual Studio Product Lifecycle and Servicing</a>.</li></ul></body></html>", "edition": 4, "modified": "2020-11-19T17:31:01", "id": "KB4506164", "href": "https://support.microsoft.com/en-us/help/4506164/", "published": "2019-07-09T00:00:00", "title": "Description of the security update for the information disclosure vulnerability in Microsoft Visual Studio 2015 Update 3: July 9, 2019", "type": "mskb", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "mscve": [{"lastseen": "2021-03-18T19:16:22", "bulletinFamily": "microsoft", "cvelist": ["CVE-2019-1079"], "description": "An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.\n\nTo exploit the vulnerability, an attacker could create specially crafted XML data and convince an authenticated user to open the file.\n\nThe update addresses the vulnerability by modifying the way that Visual Studio parses XML input.\n", "modified": "2019-07-09T07:00:00", "published": "2019-07-09T07:00:00", "id": "MS:CVE-2019-1079", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-1079", "type": "mscve", "title": "Visual Studio Information Disclosure Vulnerability", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2020-09-14T05:30:27", "description": "The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple\nvulnerabilities:\n\n - An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain\n settings files. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-1079)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source\n markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the\n context of the current user. If the current user is logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker could then install programs; view, change, or delete\n data; or create new accounts with full user rights. (CVE-2019-1113)\n\n - An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file\n permissions. An attacker who successfully exploited this vulnerability overwrite arbitrary files with XML content\n in the security context of the local system. (CVE-2019-1077)", "edition": 13, "cvss3": {"score": 8.8, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-07-11T00:00:00", "title": "Security Updates for Microsoft Visual Studio Products (July 2019)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-1079", "CVE-2019-1113", "CVE-2019-1077"], "modified": "2019-07-11T00:00:00", "cpe": ["cpe:/a:microsoft:visual_studio"], "id": "SMB_NT_MS19_JUL_VISUAL_STUDIO.NASL", "href": "https://www.tenable.com/plugins/nessus/126604", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(126604);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/10\");\n\n script_cve_id(\"CVE-2019-1077\", \"CVE-2019-1079\", \"CVE-2019-1113\");\n script_bugtraq_id(108931, 108977);\n script_xref(name:\"MSKB\", value:\"4506161\");\n script_xref(name:\"MSKB\", value:\"4506162\");\n script_xref(name:\"MSKB\", value:\"4506163\");\n script_xref(name:\"MSKB\", value:\"4506164\");\n script_xref(name:\"MSFT\", value:\"MS19-4506161\");\n script_xref(name:\"MSFT\", value:\"MS19-4506162\");\n script_xref(name:\"MSFT\", value:\"MS19-4506163\");\n script_xref(name:\"MSFT\", value:\"MS19-4506164\");\n script_xref(name:\"IAVA\", value:\"2019-A-0225\");\n\n script_name(english:\"Security Updates for Microsoft Visual Studio Products (July 2019)\");\n script_summary(english:\"Checks for Microsoft security updates.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft Visual Studio Products are affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple\nvulnerabilities:\n\n - An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain\n settings files. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML\n external entity (XXE) declaration. (CVE-2019-1079)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source\n markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the\n context of the current user. If the current user is logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker could then install programs; view, change, or delete\n data; or create new accounts with full user rights. (CVE-2019-1113)\n\n - An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file\n permissions. An attacker who successfully exploited this vulnerability overwrite arbitrary files with XML content\n in the security context of the local system. (CVE-2019-1077)\");\n # https://support.microsoft.com/en-us/help/4506161/security-update-for-information-disclosure-vulnerability-in-vs-2010\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0160558d\");\n # https://support.microsoft.com/en-us/help/4506162/security-update-for-information-disclosure-vulnerability-in-vs-2012\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8979a8ff\");\n # https://support.microsoft.com/en-us/help/4506163/security-update-for-information-disclosure-vulnerability-in-vs-2013\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9d195815\");\n # https://support.microsoft.com/en-us/help/4506164/security-update-for-elevation-of-privilege-vulnerability-vs-2015\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e0583a4c\");\n # https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes-v15.0#15.0.26228.92\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?04ba0c0e\");\n # https://docs.microsoft.com/en-us/visualstudio/releasenotes/vs2017-relnotes#15.9.14\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6fee2f9\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes-v16.0#16.0.6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fe31e5ea\");\n # https://docs.microsoft.com/en-us/visualstudio/releases/2019/release-notes#16.1.6\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e30ad270\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB4506161\n -KB4506162\n -KB4506163\n -KB4506164\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-1113\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/07/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:visual_studio\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ms_bulletin_checks_possible.nasl\", \"microsoft_visual_studio_installed.nbin\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\", \"installed_sw/Microsoft Visual Studio\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('misc_func.inc');\ninclude('install_func.inc');\ninclude('global_settings.inc');\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\n\nget_kb_item_or_exit('installed_sw/Microsoft Visual Studio');\n\nport = kb_smb_transport();\nappname = 'Microsoft Visual Studio';\n\ninstalls = get_installs(app_name:appname, exit_if_not_found:TRUE);\n\nreport = '';\n\nforeach install (installs[1])\n{\n version = install['version'];\n path = install['path'];\n prod = install['Product'];\n\n fix = '';\n\n # VS 2010 SP1\n if (version =~ '^10\\\\.0\\\\.')\n {\n fix = '10.0.40219.505';\n file = \"Common7\\IDE\\QTAgent.exe\";\n fver = hotfix_get_fversion(path:path + file);\n if (fver['error'] != 0)\n continue;\n if (empty_or_null(fver['value']))\n continue;\n fversion = join(sep:\".\", fver['value']);\n if (ver_compare(ver: fversion, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path + file +\n '\\n Installed version : ' + fversion +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2012 Up5\n else if (version =~ '^11\\\\.0\\\\.')\n {\n fix = '11.0.61241.400';\n file = \"Common7\\IDE\\ReferenceAssemblies\\v2.0\\Microsoft.VisualStudio.QualityTools.Common.dll\";\n fver = hotfix_get_fversion(path:path+file);\n if (fver['error'] != 0)\n continue;\n if (empty_or_null(fver['value']))\n continue;\n fversion = join(sep:\".\", fver['value']);\n if (ver_compare(ver: fversion, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path + file +\n '\\n Installed version : ' + fversion +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2013 Up5\n else if (version =~ '^12\\\\.0\\\\.')\n {\n patch_installed = false;\n foreach name (get_kb_list('SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName'))\n if ('4506163' >< name)\n patch_installed = true;\n\n if (!patch_installed)\n report +=\n '\\nNote: The fix for this issue is available in the following update:\\n' +\n '\\n - KB4506163 : Security update for the information disclosure vulnerability in Microsoft Visual Studio 2013 Update 5: July 9, 2019\\n' +\n '\\n';\n }\n # VS 2015 Up3\n # File Check change: using file 'StandardCollector.Service.exe'\n else if (version =~ '^14\\\\.0\\\\.')\n {\n fix = '14.0.27536.0';\n file = \"Common7\\IDE\\ReferenceAssemblies\\v2.0\\Microsoft.VisualStudio.QualityTools.Common.dll\";\n fver = hotfix_get_fversion(path:path + file);\n if (fver['error'] != HCF_OK)\n continue;\n fversion = join(sep:'.', fver['value']);\n\n if (ver_compare(ver:fversion, fix:fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path + file +\n '\\n Installed version : ' + fversion +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2017 (15.0)\n else if (prod == '2017' && version =~ '^15\\\\.0\\\\.')\n {\n fix = '15.0.26228.92';\n\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n # VS 2017 version 15.9\n # On 15.7.5, it asks to update to 15.9.7.\n else if (prod == '2017' && version =~ '^15\\\\.[1-9]\\\\.')\n {\n fix = '15.9.28307.770';\n\n if (ver_compare(ver: version, fix: fix, strict:FALSE) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n }\n}\n\nhotfix_check_fversion_end();\n\nif (empty(report))\n audit(AUDIT_INST_VER_NOT_VULN, appname);\n\nsecurity_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:53:10", "bulletinFamily": "info", "cvelist": ["CVE-2019-1076", "CVE-2019-1079", "CVE-2018-15664", "CVE-2019-1072", "CVE-2019-1006", "CVE-2019-1075", "CVE-2019-1113", "CVE-2019-1083", "CVE-2019-1077"], "description": "### *Detect date*:\n07/09/2019\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface, cause denial of service, obtain sensitive information.\n\n### *Affected products*:\nMicrosoft Visual Studio 2019 version 16.1 \nMicrosoft Visual Studio 2019 version 16.0 \nMicrosoft .NET Framework 3.5 \nMicrosoft .NET Framework 3.5 AND 4.7.2 \nMicrosoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 \nMicrosoft .NET Framework 4.6 \nMicrosoft .NET Framework 4.8 \nMicrosoft .NET Framework 4.6/4.6.1/4.6.2 \nMicrosoft Visual Studio 2017 \nMicrosoft .NET Framework 4.5.2 \nMicrosoft .NET Framework 3.5 AND 4.8 \nMicrosoft .NET Framework 2.0 Service Pack 2 \nMicrosoft .NET Framework 3.0 Service Pack 2 \nMicrosoft .NET Framework 3.5.1 \nMicrosoft Azure Kubernetes Service \nAzure IoT Edge \nASP.NET Core 2.1 \nASP.NET Core 2.2 \nAzure DevOps Server 2019.0.1 \nTeam Foundation Server 2018 Update 3.2 \nTeam Foundation Server 2018 Update 1.2 \nTeam Foundation Server 2017 Update 3.1 \nTeam Foundation Server 2012 Update 4 \nTeam Foundation Server 2010 SP1 (x64) \nTeam Foundation Server 2010 SP1 (x86) \nTeam Foundation Server 2013 Update 5 \nTeam Foundation Server 2015 Update 4.2 \nMicrosoft Visual Studio 2010 Service Pack 1 \nMicrosoft Visual Studio 2013 Update 5 \nMicrosoft Visual Studio 2012 Update 5 \nMicrosoft Visual Studio 2015 Update 3 \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows 10 Version 1703 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2019 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows Server 2008 R2 for Itanium-Based Systems Service Pack 1 \nWindows Server, version 1803 (Server Core Installation) \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nMicrosoft.IdentityModel 7.0.0 \nMicrosoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) \nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 1903 for ARM64-based Systems \nMicrosoft SharePoint Foundation 2013 Service Pack 1 \nWindows 8.1 for 32-bit systems \nWindows Server 2012 \nMicrosoft SharePoint Foundation 2010 Service Pack 2 \nWindows RT 8.1 \nWindows 10 Version 1903 for 32-bit Systems \nWindows 10 Version 1607 for x64-based Systems \nWindows 10 Version 1803 for 32-bit Systems \nWindows 10 Version 1709 for ARM64-based Systems \nWindows 10 for 32-bit Systems \nWindows Server, version 1903 (Server Core installation) \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 1803 for x64-based Systems \nWindows Server 2016 \nMicrosoft SharePoint Enterprise Server 2016 \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1809 for ARM64-based Systems \nWindows Server 2012 R2 \nWindows Server 2016 (Server Core installation) \nMicrosoft SharePoint Enterprise Server 2013 Service Pack 1 \nWindows 10 Version 1803 for ARM64-based Systems \nWindows 10 Version 1709 for 32-bit Systems \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 1903 for x64-based Systems \nWindows 10 for x64-based Systems \nWindows 10 Version 1709 for x64-based Systems \nWindows Server 2019 \nWindows 10 Version 1703 for 32-bit Systems \nWindows 10 Version 1809 for 32-bit Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nMicrosoft SharePoint Server 2019 \nWindows Server 2008 for Itanium-Based Systems Service Pack 2 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows 8.1 for x64-based systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-15664](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-15664>) \n[CVE-2019-1113](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1113>) \n[CVE-2019-1076](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1076>) \n[CVE-2019-1079](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1079>) \n[CVE-2019-1006](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1006>) \n[CVE-2019-1072](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1072>) \n[CVE-2019-1077](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1077>) \n[CVE-2019-1075](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1075>) \n[CVE-2019-1083](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-1083>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft .NET Framework](<https://threats.kaspersky.com/en/product/Microsoft-.NET-Framework/>)\n\n### *CVE-IDS*:\n[CVE-2019-1006](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1006>)0.0Unknown \n[CVE-2019-1077](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1077>)0.0Unknown \n[CVE-2019-1113](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1113>)0.0Unknown \n[CVE-2018-15664](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664>)0.0Unknown \n[CVE-2019-1075](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1075>)0.0Unknown \n[CVE-2019-1083](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1083>)0.0Unknown \n[CVE-2019-1076](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1076>)0.0Unknown \n[CVE-2019-1072](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1072>)0.0Unknown \n[CVE-2019-1079](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1079>)0.0Unknown\n\n### *KB list*:\n[4507460](<http://support.microsoft.com/kb/4507460>) \n[4507435](<http://support.microsoft.com/kb/4507435>) \n[4507455](<http://support.microsoft.com/kb/4507455>) \n[4507458](<http://support.microsoft.com/kb/4507458>) \n[4507450](<http://support.microsoft.com/kb/4507450>) \n[4507412](<http://support.microsoft.com/kb/4507412>) \n[4507421](<http://support.microsoft.com/kb/4507421>) \n[4507419](<http://support.microsoft.com/kb/4507419>) \n[4507420](<http://support.microsoft.com/kb/4507420>) \n[4507411](<http://support.microsoft.com/kb/4507411>) \n[4507423](<http://support.microsoft.com/kb/4507423>) \n[4507414](<http://support.microsoft.com/kb/4507414>) \n[4506989](<http://support.microsoft.com/kb/4506989>) \n[4506988](<http://support.microsoft.com/kb/4506988>) \n[4506987](<http://support.microsoft.com/kb/4506987>) \n[4506991](<http://support.microsoft.com/kb/4506991>) \n[4507413](<http://support.microsoft.com/kb/4507413>) \n[4507422](<http://support.microsoft.com/kb/4507422>) \n[4506986](<http://support.microsoft.com/kb/4506986>) \n[4506161](<http://support.microsoft.com/kb/4506161>) \n[4506163](<http://support.microsoft.com/kb/4506163>) \n[4506164](<http://support.microsoft.com/kb/4506164>) \n[4506162](<http://support.microsoft.com/kb/4506162>)\n\n### *Microsoft official advisories*:", "edition": 1, "modified": "2020-07-17T00:00:00", "published": "2019-07-09T00:00:00", "id": "KLA11513", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11513", "title": "\r KLA11513Multiple vulnerabilities in Microsoft Developer Tools ", "type": "kaspersky", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "talosblog": [{"lastseen": "2019-07-17T08:29:26", "bulletinFamily": "blog", "cvelist": ["CVE-2018-15664", "CVE-2019-0709", "CVE-2019-0722", "CVE-2019-0785", "CVE-2019-0811", "CVE-2019-0865", "CVE-2019-0880", "CVE-2019-0887", "CVE-2019-0962", "CVE-2019-0966", "CVE-2019-0975", "CVE-2019-0985", "CVE-2019-0990", "CVE-2019-0999", "CVE-2019-1001", "CVE-2019-1004", "CVE-2019-1006", "CVE-2019-1037", "CVE-2019-1038", "CVE-2019-1051", "CVE-2019-1052", "CVE-2019-1056", "CVE-2019-1059", "CVE-2019-1062", "CVE-2019-1063", "CVE-2019-1067", "CVE-2019-1068", "CVE-2019-1071", "CVE-2019-1072", "CVE-2019-1073", "CVE-2019-1074", "CVE-2019-1075", "CVE-2019-1076", "CVE-2019-1077", "CVE-2019-1079", "CVE-2019-1082", "CVE-2019-1083", "CVE-2019-1084", "CVE-2019-1085", "CVE-2019-1086", "CVE-2019-1087", "CVE-2019-1088", "CVE-2019-1089", "CVE-2019-1090", "CVE-2019-1091", "CVE-2019-1092", "CVE-2019-1093", "CVE-2019-1094", "CVE-2019-1095", "CVE-2019-1096", "CVE-2019-1097", "CVE-2019-1098", "CVE-2019-1099", "CVE-2019-1100", "CVE-2019-1101", "CVE-2019-1102", "CVE-2019-1103", "CVE-2019-1104", "CVE-2019-1106", "CVE-2019-1107", "CVE-2019-1108", "CVE-2019-1109", "CVE-2019-1110", "CVE-2019-1111", "CVE-2019-1112", "CVE-2019-1113", "CVE-2019-1116", "CVE-2019-1117", "CVE-2019-1118", "CVE-2019-1119", "CVE-2019-1120", "CVE-2019-1121", "CVE-2019-1122", "CVE-2019-1123", "CVE-2019-1124", "CVE-2019-1126", "CVE-2019-1127", "CVE-2019-1128", "CVE-2019-1129", "CVE-2019-1130", "CVE-2019-1132", "CVE-2019-1134", "CVE-2019-1136", "CVE-2019-1137"], "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \nMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 77 vulnerabilities, 16 of which are rated \u201ccritical,\" 60 that are considered \"important\" and one \"moderate.\" \n \nThis month\u2019s security update covers security issues in a variety of Microsoft\u2019s products, including the Chakra scripting engine, Internet Explorer and the Windows Server DHCP service. For more on our coverage of these bugs, check out the SNORT\u00ae blog post [here](<https://blog.snort.org/2019/07/snort-rule-update-for-july-9-2019.html>), covering all of the new rules we have for this release. \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed 16 critical vulnerabilities this month, nine of which we will highlight below. \n \n[CVE-2019-0785](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0785>) is a memory corruption vulnerability in the Windows Server DHCP service. The bug arises when specially crafted packets are sent to a DHCP failover server. A malicious user could exploit this vulnerability by sending a specially crafted packet to a DHCP over failover mode. This could allow them to gain the ability to run arbitrary code on the DHCP failover server or cause the DHCP server to become unresponsive. \n \n[CVE-2019-1001](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1001>) and [CVE-2019-1004](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1004>) are both memory corruption vulnerabilities that exist in the way the scripting engine handles objects in memory in Microsoft browsers. These bugs could corrupt memory on machines in such a way that attackers could gain the ability to execute arbitrary code in the context of the current user. An attacker could exploit these bugs by tricking a user into visiting a specially crafted, malicious web page through Internet Explorer. They could also embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document that uses the Internet Explorer-rendering engine. \n \n[CVE-2019-1062](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1062>), [CVE-2019-1092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1092>), [CVE-2019-1103](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1103>), [CVE-2019-1106](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1106>) and [CVE-2019-1107](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1107>) are all memory corruption vulnerabilities in the Chakra Scripting Engine that could allow an attacker to gain the ability to execute arbitrary code on the victim's machine. An attacker could exploit these bugs by tricking a user into visiting a specially crafted, malicious web page on Microsoft Edge, or by visiting a site with attacker-created content. \n \n[CVE-2019-1113 ](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113>)is a remote code execution vulnerability in the .NET Framework. The vulnerability exists in the way the software checks the source markup of a file. An attacker could exploit this vulnerability by supplying the user with a specially crafted file, and then tricking them into opening it using an affected version of the .NET Framework. An attacker could then gain the ability to execute arbitrary code in the context of the current user. \n \nThe other critical vulnerabilities are: \n\n\n[](<http://cve-2019-0709%20cve-2019-0722%20%20%20cve-2019-0985%20%20%20cve-2019-0990%20%20%20%20%20%20%20cve-2019-1038%20cve-2019-1051%20cve-2019-1052%20cve-2019-0709/>)\n * [CVE-2019-1006](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006>)[](<http://cve-2019-0709%20cve-2019-0722%20%20%20cve-2019-0985%20%20%20cve-2019-0990%20%20%20%20%20%20%20cve-2019-1038%20cve-2019-1051%20cve-2019-1052%20cve-2019-0709/>)\n * [CVE-2019-1056](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1056>)\n * [CVE-2019-1059](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1059>)\n * [CVE-2019-1063](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1063>)\n * [CVE-2019-1072](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1072>)\n * [CVE-2019-1102](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1102>)\n * [CVE-2019-1104](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1104>)\n\n### Important vulnerabilities\n\nThis release also contains 60 important vulnerabilities, two of which we will highlight below. \n \n[CVE-2018-15664](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15664>) is an elevation of privilege vulnerability in Docker that affects Microsoft Azure internet-of-things edge devices and Azure Kubernetes Service. The bug allows a malicious or compromised container to acquire full read/write access on the host operating system where the container is running. While a fix is still ongoing in Docker, Microsoft recommends customers do not use the Docker copy command on their AKS clusters and the Azure IoT devices. \n \n[CVE-2019-1132](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1132>) is an elevation of privilege vulnerability in Windows when the Win32k component fails to properly handle objects in memory. An attacker could exploit this bug to run arbitrary code in kernel mode. Microsoft disclosed that this vulnerability has been exploited in the wild. \n \nThe other important vulnerabilities are: \n\n\n * [CVE-2019-0811](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0811>)\n * [CVE-2019-0865](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0865>)\n * [CVE-2019-0880](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0880>)\n * [CVE-2019-0887](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0887>)\n * [CVE-2019-0962](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0962>)\n * [CVE-2019-0966](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0966>)\n * [CVE-2019-0975](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0975>)\n * [CVE-2019-0999](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0999>)\n * [CVE-2019-1037](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1037>)\n * [CVE-2019-1067](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1067>)\n * [CVE-2019-1068](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068>)\n * [CVE-2019-1071](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1071>)\n * [CVE-2019-1073](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1073>)\n * [CVE-2019-1074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1074>)\n * [CVE-2019-1076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1076>)\n * [CVE-2019-1077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1077>)\n * [CVE-2019-1079](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1079>)\n * [CVE-2019-1082](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1082>)\n * [CVE-2019-1083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1083>)\n * [CVE-2019-1084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1084>)\n * [CVE-2019-1085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1085>)\n * [CVE-2019-1086](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1086>)\n * [CVE-2019-1087](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1087>)\n * [CVE-2019-1088](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1088>)\n * [CVE-2019-1089](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1089>)\n * [CVE-2019-1090](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1090>)\n * [CVE-2019-1091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1091>)\n * [CVE-2019-1093](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1093>)\n * [CVE-2019-1094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1094>)\n * [CVE-2019-1095](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1095>)\n * [CVE-2019-1096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1096>)\n * [CVE-2019-1097](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1097>)\n * [CVE-2019-1098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1098>)\n * [CVE-2019-1099](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1099>)\n * [CVE-2019-1100](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1100>)\n * [CVE-2019-1101](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1101>)\n * [CVE-2019-1108](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1108>)\n * [CVE-2019-1109](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1109>)\n * [CVE-2019-1110](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1110>)\n * [CVE-2019-1111](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1111>)\n * [CVE-2019-1112](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1112>)\n * [CVE-2019-1116](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1116>)\n * [CVE-2019-1117](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1117>)\n * [CVE-2019-1118](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1118>)\n * [CVE-2019-1119](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1119>)\n * [CVE-2019-1120](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1120>)\n * [CVE-2019-1121](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1121>)\n * [CVE-2019-1122](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1122>)\n * [CVE-2019-1123](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1123>)\n * [CVE-2019-1124](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1124>)\n * [CVE-2019-1126](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1126>)\n * [CVE-2019-1127](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1127>)\n * [CVE-2019-1128](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1128>)\n * [CVE-2019-1129](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1129>)\n * [CVE-2019-1130](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1130>)\n * [CVE-2019-1134](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1134>)\n * [CVE-2019-1136](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1136>)\n * [CVE-2019-1137](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1137>)\n\n### Moderate vulnerability\n\nThere is one moderate vulnerability, [CVE-2019-1075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1075>), which is an information disclosure vulnerability in Windows Event Manager. \n\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing the following SNORT\u24c7 rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort rules: [45142, 45143, 46548, 46549, 49380, 49381, 50198, 50199, 50662 - 50683](<https://snort.org/advisories/talos-rules-2019-07-09>)\n\n", "modified": "2019-07-09T11:51:34", "published": "2019-07-09T11:51:34", "id": "TALOSBLOG:07D81B04EFE21AC0E3C8DD9F1F76E7A4", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/RHbSOXkTWQA/microsoft-patch-tuesday-july-2019.html", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 July 2019: Vulnerability disclosures and Snort coverage", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
