Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2019-1220: Microsoft Browser Security Feature Bypass Vulnerability

Back to Search

Microsoft CVE-2019-1220: Microsoft Browser Security Feature Bypass Vulnerability

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
09/10/2019
Created
09/11/2019
Added
09/10/2019
Modified
09/20/2019

Description

A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it. The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone.

Solution(s)

  • msft-kb4512578-0cd62cca-3a16-480d-a189-e8ea147bb43f
  • msft-kb4512578-43bab29b-faba-4d28-ab68-daae07145e70
  • msft-kb4512578-83d97879-e87b-4658-a1f1-2d436c2b0a9f
  • msft-kb4515384-1fec8c01-d96f-4692-9c3f-533f1966ba0f
  • msft-kb4515384-afb67aeb-fdea-4890-8a09-28b41988eec6
  • msft-kb4515384-f440901e-4a8a-4ff0-b578-73ab9ec39370
  • msft-kb4516044-4d387cda-6491-4775-9f86-ec445694daf6
  • msft-kb4516044-5743683a-0751-4f47-a0a5-54186af17be5
  • msft-kb4516044-5bd21ff7-dd92-4cb4-a08a-e15994c99cad
  • msft-kb4516046-1e1fb8f3-3565-4d77-8fe5-a7ab7af4813a
  • msft-kb4516046-29808fc9-f647-4961-9b65-3db865ae4e07
  • msft-kb4516046-4453836e-54dd-4772-8132-aed8448f91ce
  • msft-kb4516046-58fc20f2-ea73-4a1b-9555-17919b32bef2
  • msft-kb4516046-690a5d04-9402-43a8-b93d-e8c3d28a43c4
  • msft-kb4516046-7bb166c4-92bb-4b7c-9ef7-e1fb4b32b67f
  • msft-kb4516046-96404e53-0269-4726-ba01-e4f3a0da4254
  • msft-kb4516046-980afc61-08af-4456-a053-66cb8e498459
  • msft-kb4516046-98958d14-8122-4975-bb9d-77d5d6ea4bce
  • msft-kb4516046-a59837b5-2bc8-460b-8a2c-b4c89590d6da
  • msft-kb4516046-b14d796f-957e-4e92-89db-5ec7c27bf59f
  • msft-kb4516046-d5d33932-8dc6-437d-b225-2ef645012c5b
  • msft-kb4516046-e2049fb0-cc1d-4e1d-83ae-09f29df65875
  • msft-kb4516046-e5ff6bea-62eb-4dd6-a5c6-46136851bef3
  • msft-kb4516046-f1d8d9b6-7edf-4f26-b155-c774b9e61602
  • msft-kb4516046-ffd87fd4-9d53-4285-af4e-dbe53cb18459
  • msft-kb4516058-4d1b0989-a12b-4062-9692-ada2a53833aa
  • msft-kb4516058-aa4b167d-e6b6-4206-aa84-b9c135353b77
  • msft-kb4516058-f2bdd1f1-8f8f-429b-b798-905b82bdf629
  • msft-kb4516066-92c6450f-2320-49f6-8bd9-0b61c9e10976
  • msft-kb4516066-ad42679f-7ae5-4e30-818f-ec14d19718a1
  • msft-kb4516068-117fb78f-b0ad-4ba3-a5aa-8cc9dad2be7d
  • msft-kb4516068-568e1bb0-2cd4-4521-8b07-fc5be5bcb391
  • msft-kb4516070-085d342e-1c92-4caa-947f-b7a896b93004
  • msft-kb4516070-106c21bb-e967-4b37-8806-00a071bd3198

References

  • msft-kb4512578-0cd62cca-3a16-480d-a189-e8ea147bb43f
  • msft-kb4512578-43bab29b-faba-4d28-ab68-daae07145e70
  • msft-kb4512578-83d97879-e87b-4658-a1f1-2d436c2b0a9f
  • msft-kb4515384-1fec8c01-d96f-4692-9c3f-533f1966ba0f
  • msft-kb4515384-afb67aeb-fdea-4890-8a09-28b41988eec6
  • msft-kb4515384-f440901e-4a8a-4ff0-b578-73ab9ec39370
  • msft-kb4516044-4d387cda-6491-4775-9f86-ec445694daf6
  • msft-kb4516044-5743683a-0751-4f47-a0a5-54186af17be5
  • msft-kb4516044-5bd21ff7-dd92-4cb4-a08a-e15994c99cad
  • msft-kb4516046-1e1fb8f3-3565-4d77-8fe5-a7ab7af4813a
  • msft-kb4516046-29808fc9-f647-4961-9b65-3db865ae4e07
  • msft-kb4516046-4453836e-54dd-4772-8132-aed8448f91ce
  • msft-kb4516046-58fc20f2-ea73-4a1b-9555-17919b32bef2
  • msft-kb4516046-690a5d04-9402-43a8-b93d-e8c3d28a43c4
  • msft-kb4516046-7bb166c4-92bb-4b7c-9ef7-e1fb4b32b67f
  • msft-kb4516046-96404e53-0269-4726-ba01-e4f3a0da4254
  • msft-kb4516046-980afc61-08af-4456-a053-66cb8e498459
  • msft-kb4516046-98958d14-8122-4975-bb9d-77d5d6ea4bce
  • msft-kb4516046-a59837b5-2bc8-460b-8a2c-b4c89590d6da
  • msft-kb4516046-b14d796f-957e-4e92-89db-5ec7c27bf59f
  • msft-kb4516046-d5d33932-8dc6-437d-b225-2ef645012c5b
  • msft-kb4516046-e2049fb0-cc1d-4e1d-83ae-09f29df65875
  • msft-kb4516046-e5ff6bea-62eb-4dd6-a5c6-46136851bef3
  • msft-kb4516046-f1d8d9b6-7edf-4f26-b155-c774b9e61602
  • msft-kb4516046-ffd87fd4-9d53-4285-af4e-dbe53cb18459
  • msft-kb4516058-4d1b0989-a12b-4062-9692-ada2a53833aa
  • msft-kb4516058-aa4b167d-e6b6-4206-aa84-b9c135353b77
  • msft-kb4516058-f2bdd1f1-8f8f-429b-b798-905b82bdf629
  • msft-kb4516066-92c6450f-2320-49f6-8bd9-0b61c9e10976
  • msft-kb4516066-ad42679f-7ae5-4e30-818f-ec14d19718a1
  • msft-kb4516068-117fb78f-b0ad-4ba3-a5aa-8cc9dad2be7d
  • msft-kb4516068-568e1bb0-2cd4-4521-8b07-fc5be5bcb391
  • msft-kb4516070-085d342e-1c92-4caa-947f-b7a896b93004
  • msft-kb4516070-106c21bb-e967-4b37-8806-00a071bd3198

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;