September 2019 - Microsoft Releases Security Patches
Data notifica: 12 settembre 2019
Descrizione
Microsoft addresses several vulnerabilities in its September security bulletin. Trend Micro Deep Security covers the following:
- CVE-2019-1257 - Microsoft SharePoint Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the failure of Microsoft SharePoint to check an application package's source markup. Attackers looking to exploit this vulnerability must find a way to convince a user to open a malicious SharePoint application package. - CVE-2019-1295 - Microsoft SharePoint Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the improper protection of data input in Microsoft SharePoint APIs. Attackers looking to exploit this vulnerability must find a way for a vulnerable Microsoft SharePoint version to input data in a susceptible API. - CVE-2019-1296 - Microsoft SharePoint Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the improper protection of data input in Microsoft SharePoint APIs. Attackers looking to exploit this vulnerability must find a way for a vulnerable Microsoft SharePoint version to input data in a susceptible API.
Informazioni esposizione:
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection are also protected from attacks using these vulnerabilities.
| Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection Compatibility |
| CVE-2019-1257, CVE-2019-1295, CVE-2019-1296 | 1009971 | Microsoft SharePoint Multiple Remote Code Execution Vulnerabilities (Sep-2019) | 10-Sep-19 | YES |