It’s the time of the month again where Microsoft release thenews on their vulnerable products and the patches available to fix them. Thismonth there are a total of 74 vulnerabilities disclosed with 16 rated Critical,54 Important, 1 Moderate and 3 Low.
These updates cover issues found in software products suchas, MS Windows Operating Systems, Internet Explorer, MS Edge, Office, MSExchange Server, the scripting engine, Team Foundation Server and more.
CVE-2019-0803 & CVE-2019-0859 cover two vulnerabilities rated Important, that exist in the Win32K component of the Windows operating system. By failing to handle memory objects properly, these vulns allow an attacker to run code in kernel mode and elevate their privileges, so they can view, change and delete data. New accounts could also be created with full user rights.
Note that both of these vulns are currently being actively exploitedin the wild, so its very important to address these quickly.
Never too far away from a security issue, Server Message Block (SMB) appears this month with a critical privilege escalation and remote code execution vuln. CVE-2019-0786 can be exploited by an attacker using a specially crafted file over the SMB protocol, allowing them to bypass security checks in the operating system. This can lead to a complete system takeover by the remote attacker.
One of the biggest CVSS scores of the month (7.8) goes to the GDI+ remote code execution vuln covered by CVE-2019-0853. Again, this is another case of improper memory object handling but this time in the Windows Graphics Device Interface.
This can be exploited in two different ways; via a web-basedattack which lures users into accessing a malicious website; or via afile-sharing attack where attackers convince the user to open a malicious document.When successfully exploited the target system can be completely controlled by aremote attacker.
Five of the 16 critical vulns in this release exist in MS XML Core Services parser process. CVE-2019-0790 to CVE-2019-0793 & CVE-2019-0795, all cover a remote code execution vuln that can result in the bad guys taking control of the target system.
These can be exploited through the use of a phishing email and a malicious website, where attackers can use the users web browsers to launch MS XML and run their malicious code remotely.
There are several known issues highlighted in this monthsPatch Tuesday, so please review the releases notes, to ensure these areunderstood.
One such issue appears in the Windows 2008 SP2 operating system, where the updates can get stuck on stage 2 or 3 of the restart process.
This is due to Microsoft releasing a new servicing stackupdate (SSU), which all users of Windows 2008 SP2 will need to install, toensure they can continue to receive the latest security updates.
This SSU is required for the operating system to support futurefixes and updates that are signed with the SHA-2 hashing algorithm.
Microsoft recommends that users install the servicing stackupdate before trying to install this month’s updates / rollup, to prevent theabove mentioned stuck at stage x issue.
If you have started the update and you get the stuck message, don’t worry, simply press Ctrl + Alt + Delete and login. MS believe that this stuck issue should only happen once.
For more info on the SSU click here.
It is important to review this month’s updates and getpatching as soon as you possibly can!
Keeping up to date with security patches for your operatingsystems and software, is a critical part of delivering and maintaining a strongsecurity posture, please ensure you test and update as quickly as possible toreduce risk, prevent exploitation and to ultimately stay secure.
For a full list of this month’s updates please see the linksbelow:
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
