VMWare Security Advisory on DoS Vulnerability in ESXi
VMWare has released patches for ESXi that address a denial of service vulnerablility in hostd. ESXi 6.0 is unaffected, 6.5 has a patch, and 6.7 has a patch pending. This addresses a vulnerability described in CVE-2019-5528 and is rated important (CVSSv3 = 5.3). A workaround has also been published. If you run ESXi, you should take a look at this as well today.
--
John Bambenek
bambenek \at\ gmail /dot/ com
ThreatSTOP
MSFT July 2019 Patch Tuesday
July 2019 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET Denial of Service Vulnerability | |||||||
| CVE-2019-1083 | No | No | Less Likely | Less Likely | Important | ||
| .NET Framework Remote Code Execution Vulnerability | |||||||
| CVE-2019-1113 | No | No | More Likely | More Likely | Critical | ||
| ADFS Security Feature Bypass Vulnerability | |||||||
| CVE-2019-0975 | No | No | Less Likely | Less Likely | Important | 4.3 | 3.9 |
| CVE-2019-1126 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.8 |
| ASP.NET Core Spoofing Vulnerability | |||||||
| CVE-2019-1075 | No | No | Less Likely | Less Likely | Moderate | ||
| Azure Automation Elevation of Privilege Vulnerability | |||||||
| CVE-2019-0962 | Yes | No | Less Likely | Less Likely | Important | ||
| Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability | |||||||
| CVE-2019-1072 | No | No | Less Likely | Less Likely | Critical | ||
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2019-1062 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2019-1092 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2019-1103 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2019-1106 | No | No | - | - | Critical | 4.2 | 3.8 |
| CVE-2019-1107 | No | No | - | - | Critical | 4.2 | 3.8 |
| DirectWrite Information Disclosure Vulnerability | |||||||
| CVE-2019-1093 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
| CVE-2019-1097 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
| DirectWrite Remote Code Execution Vulnerability | |||||||
| CVE-2019-1117 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| CVE-2019-1118 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| CVE-2019-1119 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| CVE-2019-1120 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| CVE-2019-1121 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| CVE-2019-1122 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| CVE-2019-1123 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| CVE-2019-1124 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| CVE-2019-1127 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| CVE-2019-1128 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| DirectX Elevation of Privilege Vulnerability | |||||||
| CVE-2019-0999 | No | No | - | - | Important | 7.8 | 7.0 |
| Docker Elevation of Privilege Vulnerability | |||||||
| CVE-2018-15664 | Yes | No | Less Likely | Less Likely | Important | ||
| GDI+ Remote Code Execution Vulnerability | |||||||
| CVE-2019-1102 | No | No | Less Likely | Less Likely | Critical | 8.4 | 7.6 |
| Internet Explorer Memory Corruption Vulnerability | |||||||
| CVE-2019-1063 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| Latest Servicing Stack Updates | |||||||
| ADV990001 | No | No | - | - | Critical | ||
| Microsoft Browser Memory Corruption Vulnerability | |||||||
| CVE-2019-1104 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| Microsoft Excel Information Disclosure Vulnerability | |||||||
| CVE-2019-1112 | No | No | More Likely | More Likely | Important | ||
| Microsoft Excel Remote Code Execution Vulnerability | |||||||
| CVE-2019-1110 | No | No | Less Likely | Less Likely | Important | ||
| CVE-2019-1111 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Exchange Information Disclosure Vulnerability | |||||||
| CVE-2019-1084 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1136 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Exchange Server Spoofing Vulnerability | |||||||
| CVE-2019-1137 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Office SharePoint XSS Vulnerability | |||||||
| CVE-2019-1134 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft Office Spoofing Vulnerability | |||||||
| CVE-2019-1109 | No | No | Less Likely | Less Likely | Important | ||
| Microsoft SQL Server Remote Code Execution Vulnerability | |||||||
| CVE-2019-1068 | Yes | No | Less Likely | Less Likely | Important | ||
| Microsoft Windows Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1074 | No | No | More Likely | More Likely | Important | 5.3 | 5.3 |
| CVE-2019-1082 | No | No | - | - | Important | 7.7 | 7.7 |
| Microsoft splwow64 Elevation of Privilege Vulnerability | |||||||
| CVE-2019-0880 | No | Yes | Detected | More Likely | Important | 7.0 | 6.3 |
| Microsoft unistore.dll Information Disclosure Vulnerability | |||||||
| CVE-2019-1091 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
| Outlook on the web Cross-Site Scripting Vulnerability | |||||||
| ADV190021 | No | No | - | - | Important | ||
| Remote Desktop Protocol Client Information Disclosure Vulnerability | |||||||
| CVE-2019-1108 | No | No | More Likely | More Likely | Important | 6.5 | 5.9 |
| Remote Desktop Services Remote Code Execution Vulnerability | |||||||
| CVE-2019-0887 | Yes | No | More Likely | More Likely | Important | 8.0 | 7.2 |
| Scripting Engine Memory Corruption Vulnerability | |||||||
| CVE-2019-1056 | No | No | - | - | Critical | 6.4 | 5.8 |
| CVE-2019-1059 | No | No | Less Likely | Less Likely | Critical | 6.4 | 5.8 |
| CVE-2019-1001 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| CVE-2019-1004 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
| SymCrypt Denial of Service Vulnerability | |||||||
| CVE-2019-0865 | Yes | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
| Team Foundation Server Cross-site Scripting Vulnerability | |||||||
| CVE-2019-1076 | No | No | Less Likely | Less Likely | Important | ||
| Visual Studio Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1077 | No | No | Less Likely | Less Likely | Important | ||
| Visual Studio Information Disclosure Vulnerability | |||||||
| CVE-2019-1079 | No | No | Less Likely | Less Likely | Important | ||
| WCF/WIF SAML Token Authentication Bypass Vulnerability | |||||||
| CVE-2019-1006 | No | No | Less Likely | Less Likely | Important | ||
| Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1132 | No | Yes | - | - | Important | 7.8 | 7.2 |
| Win32k Information Disclosure Vulnerability | |||||||
| CVE-2019-1096 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
| Windows Audio Service Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1086 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| CVE-2019-1087 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| CVE-2019-1088 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| Windows DHCP Server Remote Code Execution Vulnerability | |||||||
| CVE-2019-0785 | No | No | Less Likely | Less Likely | Critical | 9.8 | 8.8 |
| Windows DNS Server Denial of Service Vulnerability | |||||||
| CVE-2019-0811 | No | No | Less Likely | Less Likely | Important | 7.5 | 6.7 |
| Windows Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1129 | Yes | No | More Likely | More Likely | Important | 7.8 | 7.0 |
| CVE-2019-1130 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| Windows Error Reporting Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1037 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
| Windows GDI Information Disclosure Vulnerability | |||||||
| CVE-2019-1094 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
| CVE-2019-1095 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
| CVE-2019-1098 | No | No | - | - | Important | 5.5 | 5.0 |
| CVE-2019-1099 | No | No | - | - | Important | 5.5 | 5.0 |
| CVE-2019-1100 | No | No | - | - | Important | 5.5 | 5.0 |
| CVE-2019-1101 | No | No | - | - | Important | 5.5 | 5.0 |
| CVE-2019-1116 | No | No | - | - | Important | 5.5 | 5.0 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2019-0966 | No | No | Less Likely | Less Likely | Important | 6.8 | 6.1 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1067 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2019-1071 | No | No | More Likely | More Likely | Important | 5.5 | 5.0 |
| CVE-2019-1073 | No | No | More Likely | More Likely | Important | 5.5 | 5.0 |
| Windows RPCSS Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1089 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
| Windows WLAN Service Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1085 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
| Windows dnsrlvr.dll Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1090 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
--
John Bambenek
bambenek \at\ gmail /dot/ com
ThreatSTOP
Solving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS
Recently, due to GDPR, WHOIS records for domains have been redacted in many places and access to the information that has been relied on by investigators and abuse fighters is either much harder to get or simply unavailable. In theory, ICANN should be setting up a gated system that will give tiered access to various classes of people, but having participated in those discussions, it does not seem such a system would allow for access to the data we need to investigate, correlate, and respond to abuse and cybercrime.
To help solve this problem, fellow handler Richard Porter and myself have created an Internet-Draft to put information formerly available in WHOIS into DNS TXT records so the information can be voluntarily made available by domain owners. This will allow for programmatic access that can be used in automation to make policy decisions quickly (for instance, should I accept email from this domain). The gist of the proposal is to use a _whois subdomain record and have a variety of TXT records for adminstrative, technical, network, and security/abuse contacts (name, phone number, email, address). As the system relies on self-disclosure, it bypasses some of the sticker issues with privacy laws.
Take a look and chime in on your thoughts in comments or on the DNSOP mailing list where this is being discussed.
--
John Bambenek
bambenek \at\ gmail /dot/ com
ThreatSTOP
Comments