Posted: 22 Min ReadThreat Intelligence

Microsoft Patch Tuesday – July 2019

This month the vendor has patched 77 vulnerabilities, 16 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

 

Microsoft's summary of the July 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

 

This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • ChakraCore
  • Microsoft Office
  • Microsoft .NET
  • Microsoft Windows
  • DirectWrite
  • Graphics Device Interface (GDI)
  • Microsoft SQL Server
  • Team Foundation Server
  • Microsoft Exchange Server
  • Azure
  • Microsoft Visual Studio

 

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for Microsoft Browsers

    Microsoft Browser Memory Corruption Vulnerability (CVE-2019-1104) MS Rating: Critical

    A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Internet Explorer Memory Corruption Vulnerability (CVE-2019-1063) MS Rating: Critical

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1001) MS Rating: Critical

    A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-1004) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-1056) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Scripting Engine Memory Corruption Vulnerability (CVE-2019-1059) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1062) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1092) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1103) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1106) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1107) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

  2. Cumulative Security Update for Microsoft Office

    Microsoft Office Spoofing Vulnerability (CVE-2019-1109) MS Rating: Important

    A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents. An attacker who successfully exploited this vulnerability could read or write information in Office documents.

     

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1110) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1111) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft Excel Information Disclosure Vulnerability (CVE-2019-1112) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user's computer or data.

     

    Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1134) MS Rating: Important

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server.

     

  3. Cumulative Security Update for Microsoft .NET

    .NET Denial of Service Vulnerability (CVE-2019-1083) MS Rating: Critical

    A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET web application.

     

    .NET Framework Remote Code Execution Vulnerability (CVE-2019-1113) MS Rating: Important

    A remote code execution vulnerability exists in . NET software when the software fails to check the source markup of a file.

     

    ASP.NET Core Spoofing Vulnerability (CVE-2019-1075) MS Rating: Important

    A spoofing vulnerability exists in ASP. NET Core that could lead to an open redirect. An attacker who successfully exploited the vulnerability could redirect a targeted user to a malicious website.

     

  4. Cumulative Security Update for Microsoft Windows Kernel

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-1071) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-1073) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Win32k Information Disclosure Vulnerability (CVE-2019-1096) MS Rating: Important

    An information disclosure vulnerability exists when the Win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Win32k Privilege Escalation Vulnerability (CVE-2019-1132) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Windows Kernel Privilege Escalation Vulnerability (CVE-2019-1067) MS Rating: Moderate

    A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

  5. Cumulative Security Update for Microsoft Windows

    Windows DNS Server Denial of Service Vulnerability (CVE-2019-0811) MS Rating: Critical

    A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries. An attacker who successfully exploited this vulnerability could cause the DNS Server service to become non-responsive.

     

    Windows Error Reporting Privilege Escalation Vulnerability (CVE-2019-1037) MS Rating: Critical

    A privilege escalation vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Windows DHCP Server Remote Code Execution Vulnerability (CVE-2019-0785) MS Rating: Important

    A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become non-responsive.

     

    SymCrypt Denial of Service Vulnerability (CVE-2019-0865) MS Rating: Important

    A denial of service vulnerability exists when SymCrypt improperly handles a specially crafted digital signature. An attacker could exploit the vulnerability by creating a specially crafted connection or message.

     

    Microsoft 'splwow64' Privilege Escalation Vulnerability (CVE-2019-0880) MS Rating: Important

    A local Privilege Escalation Vulnerability exists in how splwow64. exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.

     

    Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0887) MS Rating: Important

    A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection. An attacker who successfully exploited this vulnerability could execute arbitrary code on the victim system.

     

    Remote Desktop Protocol Client Information Disclosure Vulnerability (CVE-2019-1108) MS Rating: Important

    An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Windows Hyper-V Denial of Service Vulnerability (CVE-2019-0966) MS Rating: Important

    A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system. To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application that causes a host machine to crash.

     

    ADFS Security Feature Bypass Vulnerability (CVE-2019-0975) MS Rating: Important

    A security feature bypass vulnerability exists when Active Directory Federation Services (ADFS) improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses.

     

    ADFS Security Feature Bypass Vulnerability (CVE-2019-1126) MS Rating: Important

    A security feature bypass vulnerability exists in Active Directory Federation Services (ADFS) which could allow an attacker to bypass the extranet lockout policy. To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password brute-force attack or cause account lockouts in Active Directory.

     

    DirectX Privilege Escalation Vulnerability (CVE-2019-0999) MS Rating: Important

    A privilege escalation vulnerability exists when DirectX improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    WCF/WIF SAML Token Authentication Bypass Vulnerability (CVE-2019-1006) MS Rating: Important

    An Authentication Bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys. This vulnerability allows an attacker to impersonate another user, which can lead to elevation of privileges.

     

    Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1074) MS Rating: Important

    A privilege escalation vulnerability exists in Microsoft Windows where certain folders, with local service privilege, are vulnerable to symbolic link attack. An attacker who successfully exploited this vulnerability could potentially access unauthorized information.

     

    Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1082) MS Rating: Important

    A privilege escalation vulnerability exists in Microsoft Windows where a certain dll, with Local Service privilege, is vulnerable to race planting a customized dll. An attacker who successfully exploited this vulnerability could potentially elevate privilege to SYSTEM.

     

    Windows WLAN Service Privilege Escalation Vulnerability (CVE-2019-1085) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the wlansvc.dll handles objects in memory.

     

    Windows Audio Service Privilege Escalation Vulnerability (CVE-2019-1086) MS Rating: Important

    A privilege escalation vulnerability exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

     

    Windows Audio Service Privilege Escalation Vulnerability (CVE-2019-1087) MS Rating: Important

    A privilege escalation vulnerability exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

     

    Windows Audio Service Privilege Escalation Vulnerability (CVE-2019-1088) MS Rating: Important

    A privilege escalation vulnerability exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges.

     

    Windows RPCSS Privilege Escalation Vulnerability (CVE-2019-1089) MS Rating: Important

    A privilege escalation vulnerability exists in rpcss.dll when the RPC service Activation Kernel improperly handles an RPC request.

     

    Windows 'dnsrlvr.dll' Privilege Escalation Vulnerability (CVE-2019-1090) MS Rating: Important

    A privilege escalation vulnerability exists in the way that the 'dnsrslvr.dll' handles objects in memory.

     

    Microsoft 'unistore.dll' Information Disclosure Vulnerability (CVE-2019-1091) MS Rating: Important

    An information disclosure vulnerability exists when 'Unistore.dll' fails to properly handle objects in memory.

     

    Windows Privilege Escalation Vulnerability (CVE-2019-1129) MS Rating: Important

    A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Windows Privilege Escalation Vulnerability (CVE-2019-1130) MS Rating: Important

    A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Docker Privilege Escalation Vulnerability (CVE-2018-15664) MS Rating: Important

    A privilege escalation vulnerability in the Docker runtime wherein a malicious container can acquire full read or write access to the host operating system where that container is running.

     

  6. Security Update for Microsoft DirectWrite

    DirectWrite Remote Code Execution Vulnerability (CVE-2019-1117) MS Rating: Important

    A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    DirectWrite Remote Code Execution Vulnerability (CVE-2019-1118) MS Rating: Important

    A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    DirectWrite Remote Code Execution Vulnerability (CVE-2019-1119) MS Rating: Important

    A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    DirectWrite Remote Code Execution Vulnerability (CVE-2019-1120) MS Rating: Important

    A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    DirectWrite Remote Code Execution Vulnerability (CVE-2019-1121) MS Rating: Important

    A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    DirectWrite Remote Code Execution Vulnerability (CVE-2019-1122) MS Rating: Important

    A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    DirectWrite Remote Code Execution Vulnerability (CVE-2019-1123) MS Rating: Important

    A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    DirectWrite Remote Code Execution Vulnerability (CVE-2019-1124) MS Rating: Important

    A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    DirectWrite Remote Code Execution Vulnerability (CVE-2019-1127) MS Rating: Important

    A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    DirectWrite Remote Code Execution Vulnerability (CVE-2019-1128) MS Rating: Important

    A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

    DirectWrite Information Disclosure Vulnerability (CVE-2019-1097) MS Rating: Important

    An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    DirectWrite Information Disclosure Vulnerability (CVE-2019-1093) MS Rating: Important

    An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

  7. Security Update for Windows Graphics Device Interface (GDI)

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1116) MS Rating: Critical

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1094) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1095) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1098) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1099) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1100) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1101) MS Rating: Important

    An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    GDI+ Remote Code Execution Vulnerability (CVE-2019-1102) MS Rating: Important

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

     

  8. Security Update for Microsoft SQL Server

    Microsoft SQL Server Remote Code Execution Vulnerability (CVE-2019-1068) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions. An attacker who successfully exploited this vulnerability could execute code in the context of the SQL Server Database Engine service account.

     

  9. Security Update for Microsoft Exchange

    Microsoft Exchange Information Disclosure Vulnerability (CVE-2019-1084) MS Rating: Important

    An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An attacker could exploit this vulnerability by creating entities with invalid display names, and add such entities to conversations without being noticed.

     

    Microsoft Exchange Server Privilege Escalation Vulnerability (CVE-2019-1136) MS Rating: Important

    A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could gain the same rights as any other user of the Exchange server.

     

    Microsoft Exchange Server Spoofing Vulnerability (CVE-2019-1137) MS Rating: Important

    A cross-site-scripting (XSS) vulnerability exists when Microsoft Exchange Server does not properly sanitize a specially crafted web request to an affected Exchange server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected server.

     

  10. Security Update for Azure and Team Foundation Server

    Team Foundation Server Cross-site Scripting Vulnerability (CVE-2019-1076) MS Rating: Important

    A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input. An authenticated attacker could exploit the vulnerability by sending a specially crafted payload to the Team Foundation Server, which will get executed in the context of the user every time a user visits the compromised page.

     

    Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability (CVE-2019-1072) MS Rating: Important

    A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input. An attacker who successfully exploited the vulnerability could execute code on the target server in the context of the DevOps or TFS service account.

     

    Azure Automation Privilege Escalation Vulnerability (CVE-2019-0962) MS Rating: Critical

    A privilege escalation vulnerability exists in Azure Automation "RunAs account" runbooks for users with contributor role. This vulnerability could potentially allow members of an organization to access Key Vault secrets through a runbook, even if these members would personally not have access to that Key Vault.

     

  11. Security Update for Microsoft Visual Studio

    Visual Studio Privilege Escalation Vulnerability (CVE-2019-1077) MS Rating: Important

    A privilege escalation vulnerability exists when the Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited this vulnerability overwrite arbitrary files with XML content in the security context of the local system.

     

    Visual Studio Information Disclosure Vulnerability (CVE-2019-1079) MS Rating: Important

    An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Ratheesh PM

Sr Threat Analysis Engineer

Ratheesh is a member of Symantec's Cyber Security Services organization which provides round-the-clock monitoring and protection services against cyber attacks.