[SingCERT] Microsoft July 2019 Patch Tuesday

Published on 10 Jul 2019

Updated on 23 Oct 2019

Background

Microsoft has announced the release of 77 security patches to address vulnerabilities affecting its operating system and other products.

The following vulnerabilities were rated critical and require immediate attention:

Zero-day vulnerabilities

  • CVE-2019-1132 - This vulnerability exists when the Win32k component fails to properly handle objects in memory. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code in kernel mode.
  • CVE-2019-0880 - This vulnerability exists in how splwow64.exe handles certain calls. Successful exploitation of the vulnerability could allow an attacker to elevate privileges on an affected system from low-integrity to medium-integrity.
Critical vulnerabilities

  • CVE-2019-1113 - This vulnerability exists in .NET software when the software fails to check the source markup of a file. Successful exploitation of the vulnerability could allow an attacker to run arbitrary code in the context of the current user.
  • CVE-2019-1072 - This vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input. Successful exploitation of the vulnerability could allow an attacker to execute code on the target server in the context of the DevOps or TFS service account.
  • CVE-2019-1063 - This vulnerability exists when Internet Explorer improperly accesses objects in memory. Successful exploitation of the vulnerability could allow an attacker to gain the same user rights as the current user.
  • CVE-2019-1104 - This vulnerability exists in the way that Microsoft browsers access objects in memory. Successful exploitation of the vulnerability could allow an attacker to gain the same user rights as the current user.
  • CVE-2019-1102 - This vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. Successful exploitation of the vulnerability could allow an attacker to take control of the affected system.
  • CVE-2019-1062, CVE-2019-1106, CVE-2019-1092, CVE-2019-1103, CVE-2019-1107- These vulnerabilities exist in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. Successful exploitation of the vulnerabilities could allow an attacker to gain the same user rights as the current user.
  • CVE-2019-1004, CVE-2019-1056- These vulnerabilities exist in the way that the scripting engine handles objects in memory in Internet Explorer. Successful exploitation of the vulnerabilities could allow an attacker to gain the same user rights as the current user.
  • CVE-2019-1001 - This vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. Successful exploitation of the vulnerability could allow an attacker to gain the same user rights as the current user.
  • CVE-2019-0785 - This vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. Successful exploitation of the vulnerability could allow an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive.
  • ADV990001 - This is a list of the latest servicing stack updates for each operating system. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001

For the full list of security updates released by Microsoft, please visit https://portal.msrc.microsoft.com/en-us/security-guidance.

Affected Products

The security release contains updates for the following:

  • Microsoft Windows
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Azure DevOps
  • Open Source Software
  • .NET Framework
  • Azure
  • SQL Server
  • ASP.NET
  • Visual Studio
  • Microsoft Exchange Server
Impact

Successful exploitation of these critical vulnerabilities could allow an attacker to perform remote code execution and take control of the affected systems to perform malicious activities, including unauthorised installation of programs, creating rogue administrator accounts and viewing, changing, or deleting data.

Recommendation

Users and system administrators of affected products are advised to apply the security updates immediately.

References

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573

https://www.bleepingcomputer.com/news/microsoft/microsofts-july-2019-patch-tuesday-fixes-2-zero-day-vulnerabilities/