News

Microsoft closed 77 vulnerabilities as part of Patch Tuesday

The July set of patches for Microsoft products closes 77 vulnerabilities, including 15 critical and two already used by hackers.

Eleven critical vulnerabilities are detected in scripting engines and browsers, the rest affect the DHCP server, the GDI + subsystem, the .NET framework, and the Azure DevOps and Team Foundation (TFS) servers.

“Patches for scripting engines, browsers, GDI + and the .NET Framework should be assigned a high priority if we are talking about workstations, that is, systems used for email exchange or access to the Internet via a browser. This group also includes multi-user servers used as remote desktop”, experts at Qualys read new Microsoft patches on their blog.

A critical vulnerability in DHCP Server (CVE-2019-0785) can be used over the network when the server is configured to fail over.

“This memory corruption bug allows an attacker to send a specially crafted packet to a DHCP server. In case of successful operation, it will be able to execute any code”, explained Allor Liska, an analyst at Recorded Future, for Threatpost.

Nikolaos Chrysaidos
Allan Liska
All editions of Windows Server from 2012 to 2019 are vulnerable. Microsoft closed a similar breach (CVE-2019-0725) in May.

The RCE vulnerability in Azure DevOps Server and TFS (CVE-2019-1072) is exploited by uploading a malicious file to the server.

“A user who has the ability to upload files can run the code in the context of an Azure DevOps / TFS account. This can also be done anonymously if the server’s settings allow such access. For Azure DevOps and TFS installations, this patch should be high priority”, the Qualys blog column says.

Qualys experts echoed Liska:

“Until now, Azure has rarely been subjected to exploit attacks, but the vulnerability should be patched immediately, since the operation in this case can be scaled.”

Microsoft also eliminated two privilege escalation vulnerabilities already used by itw. One of them was present in the Win32k component, the other in the splwow64 module, which connects 32-bit applications with a 64-bit print spooler. Although the developer has rated the problems as significant, Qualys recommends installing patches as soon as possible, since each of these vulnerabilities can be combined with others and get full access to the system.

Vulnerability in Win32 (CVE-2019-1132) is relevant for Windows 7, Windows Server 2008 and Server 2008 R2.

Vulnerability in splwow64 (CVE-2019-0880) allows you to raise privileges from low to medium. If immediate patching it is not possible, the risks can be reduced by disabling paging data for printing. The problem is Windows 8.1, Windows Server 2012 and later versions of the client and server OS.

Read also: Sodin cryptographer exploits dangerous vulnerability in Windows

Experts also draw users’ attention to a patch to the RCE vulnerability in SQL Server (CVE-2019-1068). It is rated as essential because its use requires authentication, however, in combination with SQL injection, this problem, according to Qualys, makes it possible to completely compromise the server, and it is better to eliminate it in the shortest possible time.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button