Skip to main content

JULY 2019 SECURITY UPDATE REVIEW

Microsoft Patches for July 2019

This month, Microsoft released security patches for 78 CVEs and two advisories. The updates cover Microsoft Windows, Internet Explorer, Office and Office Services and Web Apps, Azure DevOps, Azure, .NET Framework, ASP.NET, Visual Studio, SQL Server, Exchange Server, and Open Source Software. Yes – Open Source Software (more on that below). Of these 78 CVEs, 15 are rated Critical, 62 are rated Important, and one is rated Moderate in severity. A total of 13 of these CVEs came through the ZDI program. Six of these bugs are listed as publicly known, and two are listed as under active attack at the time of release.

Let’s take a closer look at some of the more interesting patches for this month, starting with the bugs being exploited:

-       CVE-2019-0880 – Microsoft splwow64 Elevation of Privilege Vulnerability
This patch corrects an elevation of privilege (EoP) bug in splwow64, which is the print driver host for 32-bit applications. Microsoft lists this as being actively exploited, but only on older systems. If successfully exploited, an attacker could go from low to medium-integrity. If you can’t deploy the patch immediately, you should be able to mitigate this vulnerability by disabling the print spooler.

-       CVE-2019-1132 – Win32k Elevation of Privilege Vulnerability
The other bug under active attack this month is also an EoP, this time in the Windows kernel. An attacker with access to an affected system could use this vulnerability to execute their code with kernel-level privileges. This type of bug is often used by malware to stay resident on a system. Again, there are no indications from Microsoft on how broadly this is being used, but it appears to be more on the targeted side for now.

-       CVE-2019-0865 –  SymCrypt Denial of Service Vulnerability
This is one of the publicly known bugs this month, and it has already received quite a bit of attention. SymCrypt is Windows’ primary crypto library for symmetric algorithms. The patch corrects a Denial-of-Service (DoS) vulnerability that could allow an attacker to effectively shut down a Windows system by sending a specially crafted X.509 certificate. Microsoft gives this a 2 on its Exploit Index (XI), which means they feel exploitation is unlikely. However, proof of concepts are already publicly available.

-       CVE-2019-1068 – Microsoft SQL Server Remote Code Execution Vulnerability
Another of the publicly known bugs, this patch corrects a bug in SQL Server that could allow code execution if an attacker sends a specially crafted query to an affected SQL server. A successful exploit would execute code at the level of the Database Engine account. It doesn’t provide you keys to the kingdom, but it does have elevated privileges. The update also impacts SQL Server 2017 on Linux and Linux Docker Containers. Considering SQL Servers are generally part of an enterprise’s critical infrastructure, definitely test and deploy this patch to your SQL Servers quickly.

-       CVE-2018-15664 – Docker Elevation of Privilege Vulnerability
This publicly known bug actually affects open source software. A vulnerability in Docker could give attackers arbitrary read-write access to the host filesystem with root privileges. This is caused by the API endpoint behind the “docker cp” command being affected by a symlink-exchange attack with Directory Traversal. Despite the 2018 CVE, this was only publicly disclosed in May. Unfortunately, a true fix isn’t available yet. While there is a pull request in review to fix this vulnerability, the only guidance for users is to avoid using the Docker copy command on their AKS clusters and Azure IoT Edge devices.

Here’s the full list of CVEs released by Microsoft for July 2019.

CVETitleSeverityPublicExploitedXI - LatestXI - OlderType
CVE-2019-0880Microsoft splwow64 Elevation of Privilege VulnerabilityImportantNoYes10EoP
CVE-2019-1132Win32k Elevation of Privilege VulnerabilityImportantNoYesN/A0EoP
CVE-2018-15664Docker Elevation of Privilege VulnerabilityImportantYesNo22EoP
CVE-2019-0865SymCrypt Denial of Service VulnerabilityImportantYesNo22DoS
CVE-2019-0887Remote Desktop Services Remote Code Execution VulnerabilityImportantYesNo11RCE
CVE-2019-0962Azure Automation Elevation of Privilege VulnerabilityImportantYesNo22EoP
CVE-2019-1068Microsoft SQL Server Remote Code Execution VulnerabilityImportantYesNo22RCE
CVE-2019-1129Windows Elevation of Privilege VulnerabilityImportantYesNo11EoP
CVE-2019-0785Windows DHCP Server Remote Code Execution VulnerabilityCriticalNoNo22RCE
CVE-2019-1001Scripting Engine Memory Corruption VulnerabilityCriticalNoNo11RCE
CVE-2019-1004Scripting Engine Memory Corruption VulnerabilityCriticalNoNo11RCE
CVE-2019-1056Scripting Engine Memory Corruption VulnerabilityCriticalNoNo2N/ARCE
CVE-2019-1059Scripting Engine Memory Corruption VulnerabilityCriticalNoNo22RCE
CVE-2019-1062Chakra Scripting Engine Memory Corruption VulnerabilityCriticalNoNo1N/ARCE
CVE-2019-1063Internet Explorer Memory Corruption VulnerabilityCriticalNoNo11RCE
CVE-2019-1072Azure DevOps Server and Team Foundation Server Remote Code Execution VulnerabilityCriticalNoNo22RCE
CVE-2019-1092Chakra Scripting Engine Memory Corruption VulnerabilityCriticalNoNo1N/ARCE
CVE-2019-1102GDI+ Remote Code Execution VulnerabilityCriticalNoNo22RCE
CVE-2019-1103Chakra Scripting Engine Memory Corruption VulnerabilityCriticalNoNo1N/ARCE
CVE-2019-1104Microsoft Browser Memory Corruption VulnerabilityCriticalNoNo11RCE
CVE-2019-1106Chakra Scripting Engine Memory Corruption VulnerabilityCriticalNoNo1N/ARCE
CVE-2019-1107Chakra Scripting Engine Memory Corruption VulnerabilityCriticalNoNo1N/ARCE
CVE-2019-1113.NET Framework Remote Code Execution VulnerabilityCriticalNoNo11RCE
CVE-2019-0811Windows DNS Server Denial of Service VulnerabilityImportantNoNo22DoS
CVE-2019-0966Windows Hyper-V Denial of Service VulnerabilityImportantNoNo22DoS
CVE-2019-0975ADFS Security Feature Bypass VulnerabilityImportantNoNo22SFB
CVE-2019-0999DirectX Elevation of Privilege VulnerabilityImportantNoNoN/A1EoP
CVE-2019-1006WCF/WIF SAML Token Authentication Bypass VulnerabilityImportantNoNo22EoP
CVE-2019-1037Windows Error Reporting Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2019-1067Windows Kernel Elevation of Privilege VulnerabilityImportantNoNo11EoP
CVE-2019-1071Windows Kernel Information Disclosure VulnerabilityImportantNoNo11Info
CVE-2019-1073Windows Kernel Information Disclosure VulnerabilityImportantNoNo11Info
CVE-2019-1074Microsoft Windows Elevation of Privilege VulnerabilityImportantNoNo11EoP
CVE-2019-1076Team Foundation Server Cross-site Scripting VulnerabilityImportantNoNo22XSS
CVE-2019-1077Visual Studio Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2019-1079Visual Studio Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2019-1082Microsoft Windows Elevation of Privilege VulnerabilityImportantNoNoN/A2EoP
CVE-2019-1083.NET Denial of Service VulnerabilityImportantNoNo22DoS
CVE-2019-1084Microsoft Exchange Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2019-1085Windows WLAN Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2019-1086Windows Audio Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2019-1087Windows Audio Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2019-1088Windows Audio Service Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2019-1089Windows RPCSS Elevation of Privilege VulnerabilityImportantNoNo11EoP
CVE-2019-1090Windows dnsrlvr.dll Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2019-1091Microsoft unistore.dll Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2019-1093DirectWrite Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2019-1094Windows GDI Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2019-1095Windows GDI Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2019-1096Win32k Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2019-1097DirectWrite Information Disclosure VulnerabilityImportantNoNo22Info
CVE-2019-1098Windows GDI Information Disclosure VulnerabilityImportantNoNoN/A2Info
CVE-2019-1099Windows GDI Information Disclosure VulnerabilityImportantNoNoN/A2Info
CVE-2019-1100Windows GDI Information Disclosure VulnerabilityImportantNoNoN/A2Info
CVE-2019-1101Windows GDI Information Disclosure VulnerabilityImportantNoNoN/A2Info
CVE-2019-1105Outlook for Android Spoofing VulnerabilityImportantNoNoN/AN/ASpoof
CVE-2019-1108Remote Desktop Protocol Client Information Disclosure VulnerabilityImportantNoNo11Info
CVE-2019-1109Microsoft Office Spoofing VulnerabilityImportantNoNo22Spoof
CVE-2019-1110Microsoft Excel Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2019-1111Microsoft Excel Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2019-1112Microsoft Excel Information Disclosure VulnerabilityImportantNoNo11Info
CVE-2019-1116Windows GDI Information Disclosure VulnerabilityImportantNoNoN/A2Info
CVE-2019-1117DirectWrite Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2019-1118DirectWrite Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2019-1119DirectWrite Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2019-1120DirectWrite Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2019-1121DirectWrite Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2019-1122DirectWrite Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2019-1123DirectWrite Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2019-1124DirectWrite Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2019-1126ADFS Security Feature Bypass VulnerabilityImportantNoNo22SFB
CVE-2019-1127DirectWrite Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2019-1128DirectWrite Remote Code Execution VulnerabilityImportantNoNo22RCE
CVE-2019-1130Windows Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2019-1134Microsoft Office SharePoint XSS VulnerabilityImportantNoNo22XSS
CVE-2019-1136Microsoft Exchange Server Elevation of Privilege VulnerabilityImportantNoNo22EoP
CVE-2019-1137Microsoft Exchange Server Spoofing VulnerabilityImportantNoNo22Spoof
CVE-2019-1075ASP.NET Core Spoofing VulnerabilityModerateNoNo22Spoof

Comments

Post a Comment

Popular posts from this blog

Site-to-site IPsec VPN with two FortiGates

In this example, you will allow transparent communication between two networks that are located behind different FortiGates at different offices using route-based IPsec VPN. The VPN will be created on both FortiGates by using the VPN Wizard's   Site to Site - FortiGate   template. In this example, one office will be referred to as HQ and the other will be referred to as Branch. 1. Configuring the HQ IPsec VPN On the HQ FortiGate, go to  VPN > IPsec Wizard . Select the  Site to Site  template, and select  FortiGate . In the  Authentication  step, set  IP Address  to the IP of the Branch FortiGate (in the example,  172.20.120.135 ). After you enter the gateway, an available interface will be assigned as the  Outgoing Interface . If you wish to use a different interface, select it from the drop-down menu. Set a secure  Pre-shared Key . In the  Policy & Routing  step, set the  Loca...
Post a Comment
Read more

Be fraud aware - What are phishing, smishing and vishing.

  You may have heard the terms phishing, smishing or vishing before, but what exactly do they mean? At their core, all three terms are a type of financial fraud which tricks unsuspecting victims into giving out sensitive personal information, handing over money or installing malware onto their device. The only difference between each term is the channel via which you can be targeted; phishing refers to scam emails, smishing refers to scam text or WhatsApp messages and vishing takes place over the phone. Phishing The most common phishing method encourages victims to visit a malicious website through a fake email message, which appears to be sent from a legitimate company or source (e.g. from a bank, HMRC, a delivery company or the NHS). For example, you might receive an email which appears to be from an organisation who you’re familiar with, asking you to click on a link. At this point you will be taken to a webpage on which you’re asked to submit sensitive data, such as passwords, ...
Post a Comment
Read more

Cisco Releases Security Updates for Cisco ASA 5506-X, 5508-X, 5516-X and Firepower// Cisco Bug IDs: CSCvp36425

A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition. Note:  Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability. Cisco has...
Post a Comment
Read more