Microsoft Security Bulletin Coverage for July 2019

By

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of July 2019. A list of issues reported, along with SonicWall coverage information are as follows:
CVE-2018-15664 Docker Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0785 Windows DHCP Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0811 Windows DNS Server Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0865 SymCrypt Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0880 Microsoft splwow64 Elevation of Privilege Vulnerability
ASPY 5570:Malformed-File exe.MP.89
CVE-2019-0887 Remote Desktop Services Remote Code Execution Vulnerability
ASPY 5571:Malformed-File cmd.MP.1
CVE-2019-0962 Azure Automation Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0966 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0975 ADFS Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-0999 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1001 Scripting Engine Memory Corruption Vulnerability
IPS 14288:Scripting Engine Memory Corruption Vulnerability (JUL 19) 1
CVE-2019-1004 Scripting Engine Memory Corruption Vulnerability
IPS 14289:Scripting Engine Memory Corruption Vulnerability (JUL 19) 2
CVE-2019-1006 WCF/WIF SAML Token Authentication Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1037 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1056 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-1059 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-1062 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14290:Chakra Scripting Engine Memory Corruption Vulnerability (JUL 19) 3
CVE-2019-1063 Internet Explorer Memory Corruption Vulnerability
IPS 14291:Internet Explorer Memory Corruption Vulnerability (JUL 19) 1
CVE-2019-1067 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1068 Microsoft SQL Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1071 Windows Kernel Information Disclosure Vulnerability
ASPY 5572:Malformed-File exe.MP.90
CVE-2019-1072 Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1073 Windows Kernel Information Disclosure Vulnerability
ASPY 5566:Malformed-File exe.MP.86
CVE-2019-1074 Microsoft Windows Elevation of Privilege Vulnerability
ASPY 5568:Malformed-File ps1.MP.1
CVE-2019-1075 ASP.NET Core Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-1076 Team Foundation Server Cross-site Scripting Vulnerability
There are no known exploits in the wild.
CVE-2019-1077 Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1079 Visual Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1082 Microsoft Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1083 .NET Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-1084 Microsoft Exchange Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1085 Windows WLAN Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1086 Windows Audio Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1087 Windows Audio Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1088 Windows Audio Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1089 Windows RPCSS Elevation of Privilege Vulnerability
ASPY 5567:Malformed-File exe.MP.87
CVE-2019-1090 Windows dnsrlvr.dll Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1091 Microsoft unistore.dll Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1092 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14129:Chakra Scripting Engine Memory Corruption Vulnerability GM 1
CVE-2019-1093 DirectWrite Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1094 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1095 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1096 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1097 DirectWrite Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1098 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1099 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1100 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1101 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1102 GDI+ Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1103 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14292:Chakra Scripting Engine Memory Corruption Vulnerability (JUL 19) 4
CVE-2019-1104 Microsoft Browser Memory Corruption Vulnerability
IPS 14293:Microsoft Browser Memory Corruption Vulnerability (JUL 19)
CVE-2019-1106 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14283:Chakra Scripting Engine Memory Corruption Vulnerability (JUL 19) 1
CVE-2019-1107 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 14284:Chakra Scripting Engine Memory Corruption Vulnerability (JUL 19) 2
CVE-2019-1108 Remote Desktop Protocol Client Information Disclosure Vulnerability
ASPY 5569:Malformed-File exe.MP.88
CVE-2019-1109 Microsoft Office Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-1110 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1111 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1112 Microsoft Excel Information Disclosure Vulnerability
ASPY 5563:Malformed-File xls.MP.66
CVE-2019-1113 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1116 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1117 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1118 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1119 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1120 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1121 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1122 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1123 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1124 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1126 ADFS Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1127 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1128 DirectWrite Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1129 Windows Elevation of Privilege Vulnerability
ASPY 5565:Malformed-File exe.MP.85
CVE-2019-1130 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1132 Win32k Elevation of Privilege Vulnerability
ASPY 5564:Malformed-File exe.MP.84
CVE-2019-1134 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2019-1136 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1137 Microsoft Exchange Server Spoofing Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.