Security News

Microsoft Security Bulletin Coverage for November 2019

By

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of November 2019. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2018-12207 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0712 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0719 Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0721 Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-11135 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1234 Azure Stack Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-1309 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-1310 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-1324 Windows TCP/IP Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1370 Open Enclave SDK Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1373 Microsoft Exchange Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1374 Windows Error Reporting Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1379 Windows Data Sharing Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1380 Microsoft splwow64 Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1381 Microsoft Windows Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1382 Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1383 Windows Data Sharing Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1384 Microsoft Windows Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1385 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1388 Windows Certificate Dialog Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1389 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1390 VBScript Remote Code Execution Vulnerability
IPS 14574:VBScript Remote Code Execution Vulnerability (NOV 19) 1
CVE-2019-1391 Windows Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-1392 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1393 Win32k Elevation of Privilege Vulnerability
ASPY 5844:Malformed-File exe.MP.113
CVE-2019-1394 Win32k Elevation of Privilege Vulnerability
ASPY 5844:Malformed-File exe.MP.113
CVE-2019-1395 Win32k Elevation of Privilege Vulnerability
ASPY 5844:Malformed-File exe.MP.113
CVE-2019-1396 Win32k Elevation of Privilege Vulnerability
ASPY 5844:Malformed-File exe.MP.113
CVE-2019-1397 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1398 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1399 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-1402 Microsoft Office Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1405 Windows UPnP Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1406 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1407 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1408 Win32k Elevation of Privilege Vulnerability
ASPY 5844:Malformed-File exe.MP.113
CVE-2019-1409 Windows Remote Procedure Call Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1411 DirectWrite Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1412 OpenType Font Driver Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1413 Microsoft Edge Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1415 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1416 Windows Subsystem for Linux Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1417 Windows Data Sharing Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1418 Windows Modules Installer Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1419 OpenType Font Parsing Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1420 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1422 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1423 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1424 NetLogon Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1425 Visual Studio Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1426 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-1427 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-1428 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-1429 Scripting Engine Memory Corruption Vulnerability
ASPY 5843:Malformed-File html.MP.82
CVE-2019-1430 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1432 DirectWrite Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1433 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1434 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1435 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5839:Malformed-File exe.MP.109
CVE-2019-1436 Win32k Information Disclosure Vulnerability
ASPY 5840:Malformed-File exe.MP.110
CVE-2019-1437 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5841:Malformed-File exe.MP.111
CVE-2019-1438 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5842:Malformed-File exe.MP.112
CVE-2019-1439 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1440 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1441 Win32k Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1442 Microsoft Office Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1443 Microsoft SharePoint Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1445 Microsoft Office Online Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-1446 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1447 Microsoft Office Online Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-1448 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1449 Microsoft Office ClickToRun Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1456 OpenType Font Parsing Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1457 Microsoft Office Excel Security Feature Bypass
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Microsoft Security Bulletin Coverage for June 2018
Critical Vulnerabilities Of Network Security Devices Being Utilized By Mirai Botnet Malware
Research Paper: Blackhole Exploit Kit - Rise and Evolution (Sep 17, 2012)
Lotus ransomware charges 1 BTC ($49K USD). Multi PC discount possible
SymmiWare Ransomware will only decrypt after Nov 25th
Vigilante malware removes cryptominers from the infected device
New Phishing Campaign Leverages Fileless PowerShell execution using LNK
CVE-2013-3893 exploit actively serving malware (September 26, 2013)