[SingCERT] Microsoft August 2019 Patch Tuesday

Published on 14 Aug 2019

Updated on 23 Oct 2019

Background

Microsoft has announced the release of 96 security patches to address vulnerabilities affecting its operating system and other products.

The following vulnerabilities were rated critical and require immediate attention:

Wormable Remote Desktop vulnerabilities

  • CVE-2019-1181, CVE-2019-1182 - These vulnerabilities exist in Remote Desktop Services. Successful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code on the target system.

Critical vulnerabilities

  • CVE-2019-1183 - This vulnerability exists in the way that the VBScript engine handles objects in memory. Successful exploitation of the vulnerability could allow an attacker to gain the same user rights as the current user.

  • CVE-2019-1222, CVE-2019-1226 - These vulnerabilities exist in Remote Desktop Services. Successful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code on the target system.

  • CVE-2019-0965 - This vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code on the host operating system.

  • CVE-2019-0720 - This vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code on the host operating system.

  • CVE-2019-1213 - This vulnerability exists in the Windows Server Dynamic Host Configuration Protocol (DHCP) service when an attacker sends specially crafted packets to a DHCP server. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code on the DHCP server.

  • CVE-2019-0736 - This vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code on the client machine.

  • CVE-2019-1188 - This vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. Successful exploitation of the vulnerability could allow an attacker to gain the same user rights as the local user.

  • CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1196, CVE-2019-1197 - These vulnerabilities exist in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. Successful exploitation of the vulnerabilities could allow an attacker to gain the same user rights as the current user.

  • CVE-2019-1133 - This vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. Successful exploitation of the vulnerability could allow an attacker to gain the same user rights as the current user.

  • CVE-2019-1201, CVE-2019-1205 - These vulnerabilities exist in Microsoft Word software when it fails to properly handle objects in memory. Successful exploitation of the vulnerabilities could allow an attacker to use a specially crafted file to perform actions in the context of the current user.

  • CVE-2019-1199 - This vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code in the context of the current user.

  • CVE-2019-1200 - This vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory. Successful exploitation of the vulnerability could allow an attacker to use a specially crafted file to perform actions in the context of the current user.

  • CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1152 - These vulnerabilities exist when the Windows font library improperly handles specially crafted embedded fonts. Successful exploitation of the vulnerabilities could allow an attacker to take control of the affected system.

For the full list of security updates released by Microsoft, please visit https://portal.msrc.microsoft.com/en-us/security-guidance.

Affected Products

The security release contains updates for the following:

  • Microsoft Windows
  • Internet Explorer
  • Microsoft Edge
  • ChakraCore
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Visual Studio
  • Online Services
  • Active Directory
  • Microsoft Dynamics
Impact

Successful exploitation of these critical vulnerabilities could allow an attacker to perform remote code execution and take control of the affected systems to perform malicious activities, including unauthorised installation of programs, creating rogue administrator accounts and viewing, changing, or deleting data.

Recommendation

Users and system administrators of affected products are advised to apply the security updates immediately.

References

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/312890cc-3673-e911-a991-000d3a33a34d

https://www.bleepingcomputer.com/news/microsoft/microsofts-august-2019-patch-tuesday-fixes-96-vulnerabilities/