July Patch Bulletin

July Patch Bulletin

This month there are 78 unique CVE’s,  including two zero-days – security flaws that were being actively exploited in the wild.

The two zero-days are CVE-2019-0880 and CVE-2019-1132, and both are privilege escalation issues.  The most important of the two zero-days patched today is CVE-2019-1132, a privilege escalation in the Win32k component.  The second zero-day is CVE-2019-0880. This one is also a privilege escalation, but in splwow64.exe, another Windows core process.

Besides these two highly critical flaws, Microsoft also patched six other vulnerabilities whose exploitation details became public and could have helped attackers; however, they were not exploited until this month, when Microsoft shipped patches. These include:

  • CVE-2018-15664 – describes a vulnerability in the Docker runtime (and the underlying community project, Moby) wherein a malicious/compromised container can acquire full read/write access to the host operating system where that container is running. The vulnerability depends on the way that the Docker runtime handles symbolic links and is most directly exploitable through the Docker copy API (‘docker cp’ in the Docker CLI).
  • CVE-2019-0865 – A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature. An attacker could exploit the vulnerability by creating a specially crafted connection or message.The security update addresses the vulnerability by correcting the way SymCrypt handles digital signatures.
  • CVE-2019-0887 – A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • CVE-2019-0962 –  An elevation of privilege vulnerability exists in Azure Automation “RunAs account” runbooks for users with contributor role. This vulnerability could potentially allow members of an organization to access Key Vault secrets through a runbook, even if these members would personally not have access to that Key Vault.
  • CVE-2019-1068 –  A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions. An attacker who successfully exploited this vulnerability could execute code in the context of the SQL Server Database Engine service account.
  • CVE-2019-1129 –  An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data.

For additional details, please find the information from Microsoft below:

Technology Products Affected SeverityReferenceWorkaround/Exploited/ Publicly Disclosed Vulnerability Info
Windows Windows 7, 8.1, 8.1 RT, 10
Server 2008/2008 R2
Sever 2012, 2012 R2
Server 2016
Server 2019
Critical CVE-2019-0785
CVE-2019-0811
CVE-2019-0865
CVE-2019-0880
CVE-2019-0887
CVE-2019-0962
CVE-2019-0966
CVE-2019-0975
CVE-2019-0999
CVE-2019-1006
CVE-2019-1037
CVE-2019-1067
CVE-2019-1071
CVE-2019-1073
CVE-2019-1074
CVE-2019-1082
CVE-2019-1084
CVE-2019-1085
CVE-2019-1086
CVE-2019-1087
CVE-2019-1088
CVE-2019-1089
CVE-2019-1090
CVE-2019-1091
CVE-2019-1093
CVE-2019-1094
CVE-2019-1095
CVE-2019-1096
CVE-2019-1097
CVE-2019-1098
CVE-2019-1099
CVE-2019-1100
CVE-2019-1101
CVE-2019-1102
CVE-2019-1108
CVE-2019-1116
CVE-2019-1117
CVE-2019-1118
CVE-2019-1119
CVE-2019-1120
CVE-2019-1129
CVE-2019-1130
CVE-2019-1132
CVE-2019-1121
CVE-2019-1122
CVE-2019-1123
CVE-2019-1124
CVE-2019-1126
CVE-2019-1127
CVE-2019-1128
ADV190020
Workaround: No
Exploited: Yes
Public: Yes
Information Disclosure
Elevation of Privilege
Remote Code Execution
Security Feature Bypass
Denial of Service
Internet ExplorerIE 9,10,11 CriticalCVE-2019-1001
CVE-2019-1004
CVE-2019-1056
CVE-2019-1059
CVE-2019-1063
CVE-2019-1104
Workaround: No
Exploited: No
Public: No
Remote Code Execution
EdgeAllCriticalCVE-2019-1001
CVE-2019-1062
CVE-2019-1092
CVE-2019-1103
CVE-2019-1104
CVE-2019-1106
CVE-2019-1107
Workaround: No
Exploited: No
Public: No
Remote Code Execution
Information Disclosure
Security Feature Bypass
Office, Office Services, and Web AppsExcel 2010, 2013, 2016
Lync 2013
Basic 2013 Office 2010, 2013, 2016, 2016 for Mac, 2019, 2019 for Mac
Outlook 2010, 2013, 2016, Android, iOS
SharePoint Enterprise 2013, Enterprise 2016, Foundation 2010, Foundation 2013, Server 2019
Office 365 ProPlus
Skype for Business 2016
ImportantCVE-2019-1006
CVE-2019-1084
CVE-2019-1109
CVE-2019-1110
CVE-2019-1111
CVE-2019-1112
CVE-2019-1134
CVE-2019-1105
Workaround: No
Exploited: No
Public: No
Remote Code Execution
Spoofing
Elevation of Privilege
Information Disclosure
Azure DevOps / Team Foundation ServerServer 2019.0.1CriticalCVE-2019-1072
CVE-2019-1076
Workaround: No
Exploited: No
Public: No
Remote Code Execution
Spoofing
.NET Framework
.NET 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8CriticalCVE-2019-1006
CVE-2019-1083
CVE-2019-1113
Workaround: No
Exploited: No
Public: No
Denial of Service
Remote Code Execution
Elevation of Privilege
AzureIoT Edge Kubernetes ServiceImportantCVE-2019-15664Workaround: No
Exploited: No Public:Yes
Elevation of Privilege
SQL ServerServer 2014, 2016, 2017ImportantCVE-2019-1068Workaround: No
Exploited: No
Public: Yes
Remote Code Execution
ASP.NETCore 2.1, 2.2ModerateCVE-2019-1075Workaround: No
Exploited: No
Public: No
Spoofing
Visual StudioVisual Studio 2010, 2012, 2013, 2015, 2017, 2019CriticalCVE-2019-1077
CVE-2019-1079
CVE-2019-1113
Workaround: No
Exploited: No
Public: No
Elevation of Privilege
Information Disclosure
Remote Code Execution
Exchange ServerServer 2010, 2013, 2016, 2019ImportantADV190021
CVE-2019-1084
CVE-2019-1136
CVE-2019-1137
Workaround: Yes
Exploited: No
Public: No
Spoofing
Information Disclosure
Elevation of Privilege

In case of any questions or clarifications please feel free to reach out to ECHO’s Service Desk.