Windows 10: CVE-2019-1255 Microsoft Defender Denial of Service Vulnerability

Brink · Sep 26, 2019

Security Vulnerability
Published: 09/23/2019

MITRE CVE-2019-1255

A denial of service vulnerability exists when Microsoft Defender improperly handles files. An attacker could exploit the vulnerability to prevent legitimate accounts from executing legitimate system binaries.

To exploit the vulnerability, an attacker would first require execution on the victim system.

The security update addresses the vulnerability by ensuring Microsoft Defender properly handles files.

Exploitability Assessment

The following table provides an exploitability assessment for this vulnerability at the time of original publication.

Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service No No Not Applicable Not Applicable Not Applicable
Security Updates

To determine the support life cycle for your software version or edition, see the Microsoft Support Lifecycle.

Product Platform Article Download Impact Severity Supersedence Microsoft Forefront Endpoint Protection 2010 Denial of Service Important Microsoft Security Essentials Denial of Service Important Microsoft System Center 2012 Endpoint Protection Denial of Service Important Microsoft System Center 2012 R2 Endpoint Protection Denial of Service Important Microsoft System Center Endpoint Protection Denial of Service Important Windows Defender Windows 10 Version 1703 for 32-bit Systems Denial of Service Important Windows Defender Windows 10 Version 1703 for x64-based Systems Denial of Service Important Windows Defender Windows 10 Version 1803 for 32-bit Systems Denial of Service Important Windows Defender Windows 10 Version 1803 for x64-based Systems Denial of Service Important Windows Defender Windows Server, version 1803 (Server Core Installation) Denial of Service Important Windows Defender Windows 10 Version 1803 for ARM64-based Systems Denial of Service Important Windows Defender Windows 10 Version 1809 for 32-bit Systems Denial of Service Important Windows Defender Windows 10 Version 1809 for x64-based Systems Denial of Service Important Windows Defender Windows 10 Version 1809 for ARM64-based Systems Denial of Service Important Windows Defender Windows Server 2019 Denial of Service Important Windows Defender Windows Server 2019 (Server Core installation) Denial of Service Important Windows Defender Windows 10 Version 1709 for 32-bit Systems Denial of Service Important Windows Defender Windows 10 Version 1709 for 64-based Systems Denial of Service Important Windows Defender Windows 10 Version 1709 for ARM64-based Systems Denial of Service Important Windows Defender Windows 10 Version 1903 for 32-bit Systems Denial of Service Important Windows Defender Windows 10 Version 1903 for x64-based Systems Denial of Service Important Windows Defender Windows 10 Version 1903 for ARM64-based Systems Denial of Service Important Windows Defender Windows Server, version 1903 (Server Core installation) Denial of Service Important Windows Defender Windows 10 for 32-bit Systems Denial of Service Important Windows Defender Windows 10 for x64-based Systems Denial of Service Important Windows Defender Windows 10 Version 1607 for 32-bit Systems Denial of Service Important Windows Defender Windows 10 Version 1607 for x64-based Systems Denial of Service Important Windows Defender Windows Server 2016 Denial of Service Important Windows Defender Windows Server 2016 (Server Core installation) Denial of Service Important Windows Defender Windows 7 for 32-bit Systems Service Pack 1 Denial of Service Important Windows Defender Windows 7 for x64-based Systems Service Pack 1 Denial of Service Important Windows Defender Windows 8.1 for 32-bit systems Denial of Service Important Windows Defender Windows 8.1 for x64-based systems Denial of Service Important Windows Defender Windows RT 8.1 Denial of Service Important Windows Defender Windows Server 2008 for 32-bit Systems Service Pack 2 Denial of Service Important Windows Defender Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Denial of Service Important Windows Defender Windows Server 2008 for Itanium-Based Systems Service Pack 2 Denial of Service Important Windows Defender Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Denial of Service Important Windows Defender Windows Server 2008 R2 for x64-based Systems Service Pack 1 Denial of Service Important Windows Defender Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Denial of Service Important Windows Defender Windows Server 2012 Denial of Service Important Windows Defender Windows Server 2012 (Server Core installation) Denial of Service Important Windows Defender Windows Server 2012 R2 Denial of Service Important Windows Defender Windows Server 2012 R2 (Server Core installation) Denial of Service Important
Mitigations

Microsoft has not identified any mitigating factors for this vulnerability.

Workarounds

Microsoft has not identified any workarounds for this vulnerability.

FAQ

References Identification Last version of the Microsoft Malware Protection Engine affected by this vulnerability Version 1.1.16300.1 First version of the Microsoft Malware Protection Engine with this vulnerability addressed Version 1.1.16400.2
Why is no action required to install this update? In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner.

For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating.

Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment.

How often are the Microsoft Malware Protection Engine and malware definitions updated? Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed.

Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time.

What is the Microsoft Malware Protection Engine? The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software.
Does this update contain any additional security-related changes to functionality? Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features.

Where can I find more information about Microsoft antimalware technology? For more information, visit the Microsoft Malware Protection Center website.
Suggested Actions Verify that the update is installed Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.

For more information on how to verify the version number for the Microsoft Malware Protection Engine that your software is currently using, see the section, "Verifying Update Installation", in Microsoft Knowledge Base Article 2510781.

For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.14700.5 or later.

If necessary, install the update Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment.

For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration.

End users that do not wish to wait can manually update their antimalware software.

For more information on how to manually update the Microsoft Malware Protection Engine and malware definitions, refer to Microsoft Knowledge Base Article 2510781.

Acknowledgements

Charalampos Billinis of F-Secure Countercept @fsecure

Wenxu Wu (@ma7h1as) of Tencent Security Xuanwu Lab

See acknowledgements for more information.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

Version Date Description 1.0 09/23/2019 Information published.
Click to expand...

Source: https://portal.msrc.microsoft.com/en.../CVE-2019-1255

:)

NICK ADSL UK · Sep 26, 2019

Microsoft February 2019 Security Updates

Release Notes

February 2019 Security Updates

Release Date: February 12, 2019

The February security release consists of security updates for the following software:

Adobe Flash Player

Internet Explorer

Microsoft Edge

Microsoft Windows

Microsoft Office and Microsoft Office Services and Web Apps

ChakraCore

.NET Framework

Microsoft Exchange Server

Microsoft Visual Studio

Azure IoT SDK

Microsoft Dynamics

Team Foundation Server

Visual Studio Code

Please note the following information regarding the security updates:

A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.

Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.

Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.

For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.

In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates.

ADV190003

ADV190007 *

ADV990001

CVE-2019-0540 *

CVE-2019-0600

CVE-2019-0601

CVE-2019-0602

CVE-2019-0615

CVE-2019-0616

CVE-2019-0619

CVE-2019-0621

CVE-2019-0628

CVE-2019-0635

CVE-2019-0636

CVE-2019-0643

CVE-2019-0648

CVE-2019-0658

CVE-2019-0660

CVE-2019-0661

CVE-2019-0664

CVE-2019-0669

CVE-2019-0676

CVE-2019-0686 *

CVE-2019-0724 *

CVE-2019-0741

Known Issues

44****2

{{windowTitle}}

NICK ADSL UK · Sep 26, 2019

microsoft June 2019 Security Updates

Release Notes

June 2019 Security Updates

Release Date: June 11, 2019

The June security release consists of security updates for the following software:

Adobe Flash Player

Microsoft Windows

Internet Explorer

Microsoft Edge

Microsoft Office and Microsoft Office Services and Web Apps

ChakraCore

Skype for Business and Microsoft Lync

Microsoft Exchange Server

Azure

Please note the following information regarding the security updates:

A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.

Windows 10 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10, in addition to non-security updates. The updates are available via the Microsoft Update Catalog.

Updates for Windows RT 8.1 and Microsoft Office RT software are only available via Windows Update.

For information on lifecycle and support dates for Windows 10 operating systems, please see Windows Lifecycle Facts Sheet.

In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

The following CVEs have FAQs with additional information and may include * further steps to take after installing the updates. Please note that this is not a complete list of CVEs for this release.

ADV190015

ADV990001

CVE-2019-0904

CVE-2019-0905

CVE-2019-0906

CVE-2019-0907

CVE-2019-0908

CVE-2019-0909

CVE-2019-0948

CVE-2019-0968

CVE-2019-0974

CVE-2019-0977

CVE-2019-0990

CVE-2019-1009

CVE-2019-1010

CVE-2019-1011

CVE-2019-1012

CVE-2019-1013

CVE-2019-1015

CVE-2019-1016

CVE-2019-1023

CVE-2019-1031

CVE-2019-1032

CVE-2019-1033

CVE-2019-1034

CVE-2019-1035

CVE-2019-1036

CVE-2019-1039

CVE-2019-1046

CVE-2019-1047

CVE-2019-1048

CVE-2019-1049

CVE-2019-1050

CVE-2019-1081

Known Issues

KB Article Applies To

4493730 Windows Server 2008 Service Pack 2 Servicing stack update

4503027 Exchange Server 2019, Exchange Server 2016

4503028 Exchange Server 2010 Service Pack 3, Exchange Server 2013

4503263 Windows Server 2012 (Security-only update)

4503267 Windows 10, version 1607, Windows Server 2016

4503276 Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)

4503279 Windows 10, version 1703

4503284 Windows 10, version 1709

4503285 Windows Server 2012 (Monthly Rollup)

4503286 Windows 10, version 1803

4503290 Windows 8.1 Windows Server 2012 R2 (Security-only update)

4503291 Windows 10

4503292 Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Security-only update)

4503293 Windows 10, version 1903

4503327 Windows 10, version 1809, Windows Server 2019

{{windowTitle}}

Brink · Sep 26, 2019

CVE-2019-1215 | Windows Elevation of Privilege Vulnerability

MITRE CVE-2019-1215

An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges.

To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

The security update addresses the vulnerability by ensuring that ws2ifsl.sys properly handles objects in memory.

[table][tr]Publicly Disclosed Exploited Latest Software Release Older Software Release Denial of Service [/tr] [tr][td]No[/td] [td]No[/td] [td]1 - Exploitation More Likely[/td] [td]1 - Exploitation More Likely[/td] [td]Not Applicable[/td] [/tr] [/table]
Click to expand...

Read more: https://portal.msrc.microsoft.com/en.../CVE-2019-1215

Windows 10: CVE-2019-1255 Microsoft Defender Denial of Service Vulnerability

CVE-2019-1255 Microsoft Defender Denial of Service Vulnerability

CVE-2019-1255 Microsoft Defender Denial of Service Vulnerability

CVE-2019-1255 Microsoft Defender Denial of Service Vulnerability

CVE-2019-1255 Microsoft Defender Denial of Service Vulnerability - Similar Threads - CVE 2019 1255

Recommended way to fix vulnerabilities and CVE in Microsoft Windows Server 2019 Standard...

Recommended way to fix vulnerabilities and CVE in Microsoft Windows Server 2019 Standard...

Microsoft Windows Defender Elevation of Privilege Vulnerability CVE-2020-1163 & CVE-2020-1170

CVE-2019-1460 - Outlook for Android Spoofing Vulnerability

CVE-2019-1292 | Windows Elevation of Privilege Vulnerability

CVE-2019-1215 | Windows Elevation of Privilege Vulnerability

CVE-2019-1105 - Outlook for Android Spoofing Vulnerability

Security Advisory ADV180022 | Windows Denial of Service Vulnerability

Intel Puma Chipset Denial of Service Vulnerabilities

Users found this page by searching for:

how do you stop evevation of privilege vulnerability