The July Patch Tuesday security updates have been releasedby Microsoft today and they include a total of 77 vulnerabilities. 15 updates havebeen rated Critical, 62 Important and 6 vulns have been publicly disclosed. Twoof the listed vulns are already exploited in the wild.
MS products covered by these updates are Windows OperatingSystems, DHCP, ASP.net, Azure, GDI, Microsoft Edge and Internet ExplorerBrowsers, Office, .Net framework, SQL Server, Visual Studio and MS ExchangeServer.
CVE-2019-0785 is a critical memory corruption vulnerability (with a CVSS score of 9.8) in the Windows Server DHCP Service, affecting all Windows server operating systems from 2012 to 2019. If the server is configured in DHCP failover mode, an attacker can exploit this vuln by sending a crafted DHCP packet to the server. A successful exploit attempt will allow remote code execution or a possible DHCP Denial of Service due to an unresponsive service.
CVE-2019-1102 covers a critical remote code execution vulnerability in the Windows Graphics Device Interface (GDI+). Exploitation can be achieved by convincing a user to access a malicious website via an email attachment or link, or though file sharing services such as OneDrive or Box. Once successful, complete control of the affected system can be achieved, giving the attacker access to view, change or delete data, as well as create new accounts with privileged access.
CVE-2019-1113 is a critical vulnerability present in .Net framework v2.0 – v4.8. By sending a malicious file, that is opened by a user with an affected version of .Net, a bad actor can exploit this vuln and run remote code against the target. If the user is logged in with admin privileges the actor could gain complete control of the affected system.
CVE-2019-0880 relates to a local privilege escalation issue, rated Important, in the splwow64 component which is used to translate drivers for 32-bit applications. This affects both client and server versions of Windows and allows an attacker to gain privileged access to an affected system. Although this is a local vulnerability it is common to see this type of exploit bundled with other malware to increase privileges and the likelihood of successful attack. This vuln is currently being exploited in the wild.
CVE-2019-1132 is another important rated vuln that can result in privilege escalation due to memory handling issues. This exists in the Win32k component of older operating systems such as Windows 7 and Windows 2008. Exploiting this vuln can lead to arbitrary code being run in kernel mode, allowing malware installation, the creation of new admin accounts and the ability to both change and delete data. This is another vuln that is being exploited in the wild.
In addition, numerous critical vulns exist in Microsoft browsers (Edge and Internet Explorer) and their scripting engines. These vulns relate to memory corruption and handling issues, that can result in remote code execution. These are largely exploited by convincing users to access malicious web content or clicking links in emails or instant messages.
Please review this month’s updates and get patching as soonas you can!
Keeping up to date with security patches for your operatingsystems and software, is a critical part of delivering and maintaining a strongsecurity posture, please ensure you test and update as quickly as possible to reducerisk, prevent exploitation and to ultimately stay secure.
For a full list of this month’s updates please see the linksbelow:
Patch Tuesday release notes: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573
Security update guide: https://portal.msrc.microsoft.com/en-us/security-guidance
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.