CVE-2019-1372
published 2019-10-10CVE-2019-1372: An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to…
PriorityP272critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
17.83%
96.8th percentile
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_app_service_on_azure_stack | < 1.7 | 1.7 |
| microsoft | azure_app_service_on_azure_stack | — | — |
| msrc | azure_app_service_on_azure_stack | — | — |
| msrc | windows_azure_pack_web_sites_v2 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on DWASSVC (the Azure App Service worker management service) crashing or spawning unexpected child processes, as a successful exploit causes DWASSVC to crash and can lead to code execution as NT AUTHORITY\SYSTEM. ↗
- ·The vulnerability exists specifically in Azure App Service on Azure Stack (code-named Antares); it affects the DWASSVC service via the named pipe IPC mechanism in DWASInterop.dll. The flaw is a missing buffer-length check before a memory copy in IPM_MESSAGE_PIPE::MessagePipeCompletion. ↗
- ·Microsoft confirmed the vulnerability was present and exploitable on both Azure Cloud and Azure Stack environments. ↗
- ·As of the October 2019 Patch Tuesday disclosure, Microsoft rated exploitation as 'Less Likely' for both latest and older software releases, and there is no evidence of in-the-wild exploitation. ↗
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-649f-8c3w-9g8g: An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying me
ghsa_unreviewed·2022-05-24
CVE-2019-1372 [HIGH] GHSA-649f-8c3w-9g8g: An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying me
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'.
Microsoft
Azure Stack Remote Code Execution Vulnerability
vendor_msrc·2019-10-08·CVSS 10.0
CVE-2019-1372 [CRITICAL] Azure Stack Remote Code Execution Vulnerability
Azure Stack Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when Azure Stack fails to check the length of a buffer prior to copying memory to it.
An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.
The security update addresses the vulnerability by ensuring that Azure Stack sanitizes user inputs.
Azure: Azure
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: https://www.micro
No detection rules found.
No public exploits indexed.
Checkpoint
3rd February – Threat Intelligence Bulletin
blogs_checkpoint·2020-02-03·CVSS 9.8
CVE-2019-19871 [CRITICAL] 3rd February – Threat Intelligence Bulletin
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 3rd February – Threat Intelligence Bulletin
For the latest discoveries in cyber research for the week of 3rd February 2020, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Crooks are exploiting the global panic concerning the outbreak of the Coronavirus to infect Japanese users with Emotet through emails pretending to be a notice regarding infection prevention measures.
Check Point SandBlast and Anti-Bot blades provide protection against this threat (Trojan.Win32.Emotet)
The Japane
Checkpoint
Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part II)
blogs_checkpoint·2020-01-30
CVE-2019-1372 Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part II)
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part II)
Research by Ronen Shustin
## Cloud Attack Part II
In the previous part we talked about the Azu
Qualys
October 2019 Patch Tuesday – 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting
blogs_qualys·2019-10-08·CVSS 7.8
[HIGH] October 2019 Patch Tuesday – 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting
This month’s Microsoft Patch Tuesday addresses 59 vulnerabilities with only 9 of them labeled as Critical. Of the 9 Critical vulns, 7 of them are for browsers and scripting engines. The remaining 2 are for Azure App Service and Remote Desktop Client. In addition, PoC code has been published for an Important Windows Error Reporting vulnerability. Adobe has not posted any patches for Patch Tuesday, but did issue out-of-band patches for ColdFusion on September 24th.
## Workstation Patches
Scripting Engine, Browser, and MSXML patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
## Azure App Service RCE
A Remote Code Execution
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-10-08·CVSS 6.4
[MEDIUM] Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here.
### Critical vulnerabilities Microsoft disclosed nine critical vulnerabilities this month, eight of which we will highlight below.
CVE-2019-1333 is a client-side remote execution vulne
Tenable
Microsoft's October 2019 Patch Tuesday: Tenable Roundup
blogs_tenable·2019-10-08
Microsoft's October 2019 Patch Tuesday: Tenable Roundup
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
October 2019 Patch Tuesday - 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting | Qualys
blogs_qualys·2019-10-08·CVSS 7.8
[HIGH] October 2019 Patch Tuesday - 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting | Qualys
This month’s Microsoft Patch Tuesday addresses 59 vulnerabilities with only 9 of them labeled as Critical. Of the 9 Critical vulns, 7 of them are for browsers and scripting engines. The remaining 2 are for Azure App Service and Remote Desktop Client. In addition, PoC code has been published for an Important Windows Error Reporting vulnerability. Adobe has not posted any patches for Patch Tuesday, but did issue out-of-band patches for ColdFusion on September 24th.
### Workstation Patches
Scripting Engine, Browser, and MSXML patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
### Azure App Service RCE
A Remote Code Executi
Fortinet
October Patch Tuesday
blogs_fortinet·2019-10-08·CVSS 8.8
[HIGH] October Patch Tuesday
FORTIGUARD LABS THREAT RESEARCH
October Patch Tuesday
By Jeannette Jarvis | October 08, 2019
October Patch Tuesday brought a myriad of updates from a variety of vendors. Here we highlight the critical vulnerabilities released by Microsoft, but also touch on updates from Apple and Google as well. There were no updates from Adobe at the time of this posting. Get Patching!
Patch Overview
Microsoft
Today, Microsoft released security updates fixing 59 security vulnerabilities. Nine of these patches have a critical severity level, and the rest are rated as important. None of the vulnerabilities patched this month were publicly disclosed before Patch Tuesday, nor are any known to have been publicly exploited at this time. Regardless, users are advised to install these security updates as soon
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-10-08·CVSS 6.4
[MEDIUM] Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here .
## Critical vulnerabilities Microsoft disclosed nine critical vulnerabilities this month, eight of
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/
2019-10-10
Published