Microsoft Patch Tuesday security updates for August 2019 fix 93 vulnerabilities, including two new ‘
The list of flaws addressed by the tech giant
The Microsoft Patch Tuesday security
Four of the critical flaws are remote code execution issues impacting the Remote Desktop Services (RDS). The vulnerabilities are tracked as CVE-2019-1181, CVE-2019-1182, CVE-2019-1222 and CVE-2019-1226.
Microsoft confirmed that the flaws CVE-2019-1181 and CVE-2019-1182 are
“A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an
While the security advisory for the CVE-2019-1182 issue states:
“A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an
Both vulnerabilities could be exploited by an attacker by sending a specially crafted request to the target systems Remote Desktop Service via RDP. Unlike BlueKeep, the flaws cannot be exploited via the Remote Desktop Protocol (RDP).
The flaws affect Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions. Windows XP, Windows Server 2003, and Windows Server 2008 are not affected.
Simon Pope, Director of Incident Response at the Microsoft Security Response Center (MSRC)
“These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products. At this time, we have no evidence that these vulnerabilities were known to any third party.” said Pope.
“It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these, and downloads for these can be found in the Microsoft Security Update Guide. Customers who have automatic updates enabled are automatically protected by these fixes.
“These four bugs share the same impact and exploit scenarios. An attacker can get code execution at system level by sending a specially crafted pre-authentication RDP packet to an affected RDS server,” reads a blog post published by ZDI.
Microsoft also addressed another
“A memory corruption vulnerability exists in the Windows DHCP client when an attacker sends specially crafted DHCP responses to a client. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine.” reads the advisory.
“To exploit the vulnerability, an attacker could send specially crafted DHCP responses to a client.”
Microsoft also fixed a remote code execution vulnerability
This issue reminds us of the flaw exploited by the Stuxnet malware back in 2010.
The remaining vulnerabilities have been rated by Microsoft as “important”.
This month, Adobe’s Patch Tuesday security updates addressed a total of 119 vulnerabilities affecting multiple products, including After Effects, Character Animator, Premiere Pro, Prelude, Creative Cloud, Acrobat and Reader, Experience Manager, and Photoshop.
A few hours ago, the popular cyber security expert Tavis Ormandy,
The vulnerability, rated as high-severity, affects all versions of Microsoft Windows from Windows XP.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Microsoft Patch Tuesday, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]