Microsoft has released its regular monthly security updates,which includes a total of 79 vulnerabilities. 22 updates have been ratedCritical, 55 Important, 2 vulns have been publicly disclosed and 1 has been detectedas already being exploited in the wild.
MS products covered by these updates are Windows OperatingSystems, Edge and Internet Explorer Browsers, Office, SQL Server, GDI+, TeamFoundation server, Skype, .Net framework and the ever present ChakraCorescripting engine.
The highest rated vuln this month belongs to CVE-2019-0708 with a CVSS Score of 9.8. This remote code execution vuln affects Remote Desktop Services (the remote administration protocol) and requires no user interaction to exploit. A successful exploit of this vulnerability can be achieved by an attacker sending a crafted RDP request to the target system, allowing the change and deletion of data, installation of applications and the creation of new privileged accounts.
Microsoft browsers have updates resolving 3 Critical CVE’sthat are related to memory corruption vulns in the scripting engine, these havea regular appearance in patch Tuesday, and are caused by the way objects arehandled in memory.
By exploiting these vuln’s through a user accessing a specially crafted web page or embedded Active X control, an attacker could execute code as the current logged in user. If the user was logged in with admin rights, they could take control of the target system. The attacker would then be able to install programs, as well as steal, change or delete data.
CVE-2019-0903 covers a critical remote code execution vuln in GDI+ the Windows Graphics Device Interface. Due to improper handling of objects in memory an attacker can take control of the target machine. This can be exploited through a file sharing attack that uses a malicious document or a web-based attack using a specially crafted web site.
The exploited vulnerability is an Important privilege elevation flaw in Windows Error Reporting (CVE-2019-0863), affecting all supported versions of the Windows Operating System. This flaw can be exploited by a bad actor who first gains unprivileged access to the target system. Privileges can be elevated to administrator level, allowing the actor to execute code, manipulate and delete data, and create new backdoor accounts with admin rights.
Please review this month’s updates and get patching as soonas you can!
Keeping up to date with security patches for your operatingsystems and software, is a critical part of delivering and maintaining a strongsecurity posture, please ensure you test and update as quickly as possible to reducerisk, prevent exploitation and to ultimately stay secure.
For a full list of this month’s updates please see the linksbelow:
Patch Tuesday release notes: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d
Security update guide: https://portal.msrc.microsoft.com/en-us/security-guidance
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Ironshare is a provider of Information and Cyber Security services.