Microsoft is back with its monthly set of security updates, addressing a total of 96 vulnerabilities with 29 rated critical and 68 rated important. 36 vulnerabilities lead to remote code execution. 24 vulnerabilities can allow an attacker gain elevated privileges on your system. There are no reported zero-days this month and no publicly disclosed vulnerabilities.
Wormable flaws in Remote Desktop Services and few other critical vulnerabilities
There are four critical vulnerabilities (CVE-2019-1222, CVE-2019-1226, CVE-2019-1181 and CVE-2019-1182) in Remote Desktop Services. These vulnerabilities do not require authentication or user interaction for exploitation and lead to Remote Code Execution. Microsoft has announced that two of these bugs (CVE-2019-1181 and CVE-2019-1182) are wormable and are very similar to the Bluekeep (CVE-2019-0708) vulnerability which was patched in May 2019. These flaws allow a malware planted onto a system to propagate to other vulnerable systems without any user interaction. Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions are vulnerable. Updates for these vulnerabilities should also be installed on priority.
We are not done yet. There are two more wormable flaws that were identified. CVE-2019-0736, a critical remote code execution vulnerability in Windows DHCP client could be a wormable bug as an unauthenticated attacker can execute arbitrary code by just sending specially crafted DHCP responses to a client. Another critical remote code execution vulnerability (CVE-2019-1188) in Microsoft Windows LNK is also considered wormable. Researchers have pointed out that CVE-2019-1188 is similar to the bug exploited by Stuxnet malware back in 2010.
Microsoft has also patched 5 vulnerabilities (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518) related to HTTP/2 Server. These vulnerabilities lead to Denial of Service condition by consuming excessive CPU and memory resources. HTTP/2 Server is used by 40% of the websites on the internet. A few attacks have been reported but it is not widespread. We will soon provide you with more details about these vulnerabilities and the affected products. Presently, we recommended installing the updates provided by Microsoft for HTTP/2 servers.
A gentle reminder for all the system administrators: Microsoft is withdrawing support for Windows 7 and Windows Server 2008 R2 from January 14, 2020. It is advised to install all the updates at the earliest high priority for the critical wormable flaws.
August 2019 Patch Tuesday release consists of security updates for the following products:
- Microsoft Windows
- Internet Explorer
- Microsoft Edge
- Microsoft Office and Microsoft Office Services and Web Apps
- Visual Studio
- Online Services
- Active Directory
- Microsoft Dynamics
Product : Microsoft Windows
CVEs/Advisory : CVE-2019-0714, CVE-2019-0715, CVE-2019-0716, CVE-2019-0717, CVE-2019-0718, CVE-2019-0720, CVE-2019-0723, CVE-2019-0736, CVE-2019-0965, CVE-2019-1057, CVE-2019-1078, CVE-2019-1125, CVE-2019-1143, CVE-2019-1144, CVE-2019-1145, CVE-2019-1146, CVE-2019-1147, CVE-2019-1148, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151, CVE-2019-1152, CVE-2019-1153, CVE-2019-1154, CVE-2019-1155, CVE-2019-1156, CVE-2019-1157, CVE-2019-1158, CVE-2019-1159, CVE-2019-1161, CVE-2019-1162, CVE-2019-1163, CVE-2019-1164, CVE-2019-1168, CVE-2019-1169, CVE-2019-1170, CVE-2019-1171, CVE-2019-1172, CVE-2019-1173, CVE-2019-1174, CVE-2019-1175, CVE-2019-1176, CVE-2019-1177, CVE-2019-1178, CVE-2019-1179, CVE-2019-1180, CVE-2019-1181, CVE-2019-1182, CVE-2019-1183, CVE-2019-1184, CVE-2019-1185, CVE-2019-1186, CVE-2019-1187, CVE-2019-1188, CVE-2019-1190, CVE-2019-1198, CVE-2019-1206, CVE-2019-1212, CVE-2019-1213, CVE-2019-1222, CVE-2019-1223, CVE-2019-1224, CVE-2019-1225, CVE-2019-1226, CVE-2019-1227, CVE-2019-1228, CVE-2019-9506, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9518
Impact : Denial of Service, Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass, Tampering
Severity : Critical
KBs : 4507435, 4507448, 4507449, 4507450, 4507452, 4507453, 4507455, 4507456, 4507457, 4507458, 4507460, 4507461, 4507462, 4507464, 4507469, 4511553, 4512476, 4512482, 4512486, 4512488, 4512489, 4512491, 4512497, 4512501, 4512506, 4512507, 4512508, 4512516, 4512517, 4512518
Product : Internet Explorer
CVEs/Advisory : CVE-2019-1133, CVE-2019-1192, CVE-2019-1193, CVE-2019-1194
Impact : Remote Code Execution, Security Feature Bypass
Severity : Critical
KBs : 4511553, 4511872, 4512476, 4512488, 4512497, 4512501, 4512506, 4512507, 4512508, 4512516, 4512517, 4512518
Product : Microsoft Edge
CVEs/Advisory : CVE-2019-1030, CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1192, CVE-2019-1193, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197
Impact : Information Disclosure, Remote Code Execution, Security Feature Bypass
Severity : Critical
KBs : 4511553, 4512497, 4512501, 4512507, 4512508, 4512516, 4512517
Product : Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory : CVE-2019-1148, CVE-2019-1149, CVE-2019-1151, CVE-2019-1153, CVE-2019-1155, CVE-2019-1199, CVE-2019-1200, CVE-2019-1201, CVE-2019-1202, CVE-2019-1203, CVE-2019-1204, CVE-2019-1205, CVE-2019-1218
Impact : Elevation of Privilege, Information Disclosure, Remote Code Execution, Spoofing
Severity : Critical
KBs : 4462137, 4462216, 4464599, 4475506, 4475528, 4475530, 4475531, 4475533, 4475534, 4475538, 4475540, 4475547, 4475549, 4475553, 4475555, 4475557, 4475563, 4475565, 4475573, 4475575
Product : Visual Studio
CVEs/Advisory : CVE-2019-1211
Impact : Elevation of Privilege
Severity : Important
Product : Active Directory
CVEs/Advisory : ADV190023