The July set of patches for Microsoft products closes 77 vulnerabilities, including 15 critical and two already used by hackers.
Eleven critical vulnerabilities are detected in scripting engines and browsers, the rest affect the DHCP server, the GDI + subsystem, the .NET framework, and the Azure DevOps and Team Foundation (TFS) servers.“Patches for scripting engines, browsers, GDI + and the .NET Framework should be assigned a high priority if we are talking about workstations, that is, systems used for email exchange or access to the Internet via a browser. This group also includes multi-user servers used as remote desktop”, experts at Qualys read new Microsoft patches on their blog.
A critical vulnerability in DHCP Server (CVE-2019-0785) can be used over the network when the server is configured to fail over.
“This memory corruption bug allows an attacker to send a specially crafted packet to a DHCP server. In case of successful operation, it will be able to execute any code”, explained Allor Liska, an analyst at Recorded Future, for Threatpost.
The RCE vulnerability in Azure DevOps Server and TFS (CVE-2019-1072) is exploited by uploading a malicious file to the server.
“A user who has the ability to upload files can run the code in the context of an Azure DevOps / TFS account. This can also be done anonymously if the server’s settings allow such access. For Azure DevOps and TFS installations, this patch should be high priority”, the Qualys blog column says.
Qualys experts echoed Liska:
“Until now, Azure has rarely been subjected to exploit attacks, but the vulnerability should be patched immediately, since the operation in this case can be scaled.”
Microsoft also eliminated two privilege escalation vulnerabilities already used by itw. One of them was present in the Win32k component, the other in the splwow64 module, which connects 32-bit applications with a 64-bit print spooler. Although the developer has rated the problems as significant, Qualys recommends installing patches as soon as possible, since each of these vulnerabilities can be combined with others and get full access to the system.
Vulnerability in Win32 (CVE-2019-1132) is relevant for Windows 7, Windows Server 2008 and Server 2008 R2.
Vulnerability in splwow64 (CVE-2019-0880) allows you to raise privileges from low to medium. If immediate patching it is not possible, the risks can be reduced by disabling paging data for printing. The problem is Windows 8.1, Windows Server 2012 and later versions of the client and server OS.
Read also: Sodin cryptographer exploits dangerous vulnerability in Windows
Experts also draw users’ attention to a patch to the RCE vulnerability in SQL Server (CVE-2019-1068). It is rated as essential because its use requires authentication, however, in combination with SQL injection, this problem, according to Qualys, makes it possible to completely compromise the server, and it is better to eliminate it in the shortest possible time.
