Microsoft September Patch Tuesday: fix 81 security issues
Microsoft released the September security update patch on Tuesday, fixing 81 security issues ranging from simple spoofing attacks to remote code execution. Products include .NET Core, .NET Framework, Active Directory, Adobe Flash Player, ASP.NET, Common. Log File System Driver, Microsoft Browsers, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Microsoft Yammer, Project Rome, Servicing Stack Updates, Skype for Business and Microsoft Lync, Team Foundation Server, Visual Studio, Windows Hyper-V, Windows Kernel, and Windows RDP.
Product | CVE number | CVE title | severity |
.NET Core | CVE-2019-1301 | .NET Core Denial of Service Vulnerability | Important |
.NET Framework | CVE-2019-1142 | .NET Framework Privilege Escalation Vulnerability | Important |
Active Directory | CVE-2019-1273 | Active Directory Federation Services XSS Vulnerability | Important |
Adobe Flash Player | ADV190022 | September 2019 Adobe Flash Security Update | Critical |
ASP.NET | CVE-2019-1302 | ASP.NET Core Elevation Of Privilege Vulnerability | Important |
Common Log File System Driver | CVE-2019-1214 | Windows Common Log File System Driver Privilege Escalation Vulnerability | Important |
Common Log File System Driver | CVE-2019-1282 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important |
Microsoft Browsers | CVE-2019-1220 | Microsoft Browser Security Feature Bypass Vulnerability | Important |
Microsoft Edge | CVE-2019-1299 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | Important |
Microsoft Exchange Server | CVE-2019-1233 | Microsoft Exchange Denial of Service Vulnerability | Important |
Microsoft Exchange Server | CVE-2019-1266 | Microsoft Exchange Spoofing Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1216 | DirectX Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1244 | DirectWrite Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1245 | DirectWrite Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1251 | DirectWrite Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1252 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1283 | Microsoft Graphics Components Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1284 | DirectX privilege elevation vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1286 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-1240 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-1241 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-1242 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-1243 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-1246 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-1247 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-1248 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-1249 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-1250 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-1297 | Microsoft Excel Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-1263 | Microsoft Excel Information Disclosure Vulnerability | Important |
Microsoft Office | CVE-2019-1264 | Microsoft Office Security Feature Bypass Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1257 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2019-1259 | Microsoft SharePoint Spoofing Vulnerability | Moderate |
Microsoft Office SharePoint | CVE-2019-1260 | Microsoft SharePoint privilege elevation vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1261 | Microsoft SharePoint Spoofing Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1262 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1295 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
Microsoft Office SharePoint | CVE-2019-1296 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1138 | Chakra Scripting Engine Memory Corruption Vulnerability | Moderate |
Microsoft Scripting Engine | CVE-2019-1208 | VBScript Remote Code Execution Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1217 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1221 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1236 | VBScript Remote Code Execution Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1237 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1298 | Chakra Scripting Engine Memory Corruption Vulnerability | Moderate |
Microsoft Scripting Engine | CVE-2019-1300 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Windows | CVE-2019-1215 | Windows privilege elevation vulnerability | Important |
Microsoft Windows | CVE-2019-1219 | Windows Transaction Manager Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2019-1267 | Microsoft Compatibility Appraiser Privilege Escalation Vulnerability | Important |
Microsoft Windows | CVE-2019-1268 | Winlogon Privilege Escalation Vulnerability | Important |
Microsoft Windows | CVE-2019-1269 | Windows ALPC Privilege Escalation Vulnerability | Important |
Microsoft Windows | CVE-2019-1270 | Microsoft Windows Store Installer Privilege Escalation Vulnerability | Important |
Microsoft Windows | CVE-2019-1271 | Windows Media privilege elevation vulnerability | Important |
Microsoft Windows | CVE-2019-1272 | Windows ALPC Privilege Escalation Vulnerability | Important |
Microsoft Windows | CVE-2019-1235 | Windows Text Service Framework Privilege Escalation Vulnerability | Important |
Microsoft Windows | CVE-2019-1253 | Windows privilege elevation vulnerability | Important |
Microsoft Windows | CVE-2019-1277 | Windows Audio Service Privilege Escalation Vulnerability | Important |
Microsoft Windows | CVE-2019-1278 | Windows privilege elevation vulnerability | Important |
Microsoft Windows | CVE-2019-1280 | LNK Remote Code Execution Vulnerability | Critical |
Microsoft Windows | CVE-2019-1287 | Windows Network Connectivity Assistant Privilege Escalation Vulnerability | Important |
Microsoft Windows | CVE-2019-1289 | Windows Update Delivery Optimization Privilege Escalation Vulnerability | Important |
Microsoft Windows | CVE-2019-1292 | Windows Denial of Service Vulnerability | Important |
Microsoft Windows | CVE-2019-1294 | Windows Secure Boot Security Feature Bypass Vulnerability | Important |
Microsoft Windows | CVE-2019-1303 | Windows privilege elevation vulnerability | Important |
Microsoft Yammer | CVE-2019-1265 | Microsoft Yammer Security Feature Bypass Vulnerability | Important |
Project Rome | CVE-2019-1231 | Rome SDK Information Disclosure Vulnerability | Important |
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
Skype for Business and Microsoft Lync | CVE-2019-1209 | Lync 2013 Information Disclosure Vulnerability | Important |
Team Foundation Server | CVE-2019-1305 | Team Foundation Server Cross-site Scripting Vulnerability | Important |
Team Foundation Server | CVE-2019-1306 | Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability | Critical |
Visual Studio | CVE-2019-1232 | Diagnostics Hub Standard Collector Service Privilege Escalation Vulnerability | Important |
Windows Hyper-V | CVE-2019-0928 | Windows Hyper-V Denial of Service Vulnerability | Important |
Windows Hyper-V | CVE-2019-1254 | Windows Hyper-V Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2019-1274 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2019-1256 | Win32k Privilege Escalation Vulnerability | Important |
Windows Kernel | CVE-2019-1285 | Win32k Privilege Escalation Vulnerability | Important |
Windows Kernel | CVE-2019-1293 | Windows SMB Client Driver Information Disclosure Vulnerability | Important |
Windows RDP | CVE-2019-0787 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
Windows RDP | CVE-2019-0788 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
Windows RDP | CVE-2019-1290 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
Windows RDP | CVE-2019-1291 | Remote Desktop Client Remote Code Execution Vulnerability | Critical |
Solution
Microsoft officially has released an update patch to fix these vulnerabilities, please check your Windows Update as soon as possible.