Microsoft Patch Day: Word/DHCP/LNK remote code execution vulnerability alerts-a vulnerability alert-the black bar safety net

2019-08-14T00:00:00
ID MYHACK58:62201995515
Type myhack58
Reporter 佚名
Modified 2019-08-14T00:00:00

Description

2019 8 May 14, Microsoft released security updates in addition to the RDP vulnerability also covers for a plurality of remote code execution high-risk vulnerabilities repair. Microsoft Word remote code execution vulnerability, the vulnerability number CVE-2019-0585。 The Windows DHCP client remote code execution vulnerability, the vulnerability number CVE-2019-0736 in. LNK remote code execution vulnerability, the vulnerability number CVE-2019-1188 the.

0x01 vulnerability details LNK remote code execution vulnerability CVE-2019-1188 This LNK remote code execution vulnerability and before Stuxnet the use of the LNK vulnerability and to bypass similar. If the system is processing the attacker prepared. LNK file, an attacker can remotely execute code. The attacker can be through a removable drive(such as U disk)or a remote shared way of attack. The vulnerability affects the following version of theoperating system: the Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for 64-based SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 10 Version 1809 for 32-bit SystemsWindows 10 Version 1809 for ARM64-based SystemsWindows 10 Version 1809 for x64-based SystemsWindows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1903 for x64-based SystemsWindows Server 2019Windows Server 2019 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server, version 1903 (Server Core installation) Microsoft Word remote code execution vulnerability CVE-2019-0585 Most of the word patch is rated as Important, but this one is rated as Critical. Usually the word vulnerability requires that the victim Open in word vulnerability word document. For this vulnerability the attack vector is Outlook Preview Pane, and therefore the attacker will need to prepare the word document or link by e-mail sent to the victim, if the victim in the Outlook Preview Pane open, you could exploit this vulnerability to execute arbitrary code. The vulnerability affects the following versions of office: Microsoft Office 2010 Service Pack 2 (32-bit editions)Microsoft Office 2010 Service Pack 2 (64-bit editions)Microsoft Office 2016 for MacMicrosoft Office 2019 for 32-bit editionsMicrosoft Office 2019 for 64-bit editionsMicrosoft Office 2019 for MacMicrosoft Office Online ServerMicrosoft Office Web Apps 2010 Service Pack 2Microsoft Office Word ViewerMicrosoft SharePoint Enterprise Server 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft Word 2010 Service Pack 2 (32-bit editions)Microsoft Word 2010 Service Pack 2 (64-bit editions)Microsoft Word 2013 RT Service Pack 1Microsoft Word 2013 Service Pack 1 (32-bit editions) Microsoft Word 2013 Service Pack 1 (64-bit editions)Microsoft Word 2016 (32-bit edition)Microsoft Word 2016 (64-bit edition)Office 365 ProPlus for 32-bit SystemsOffice 365 ProPlus for 64-bit SystemsWord Automation Services The Windows DHCP client remote code execution vulnerability CVE-2019-0736 If an attacker to the affected target to send one through the special design of the DHCP packets, this vulnerability could allow an attacker to execute arbitrary code. This process does not involve user interaction or authentication, in theory, also be worms of. The vulnerability affects the following version of theoperating system: the Windows 10 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 Version 1607 for x64-based SystemsWindows 10 Version 1703 for 32-bit SystemsWindows 10 Version 1703 for x64-based SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1709 for 64-based SystemsWindows 10 Version 1709 for ARM64-based SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for ARM64-based SystemsWindows 10 Version 1803 for x64-based SystemsWindows 7 for 32-bit Systems Service Pack 1Windows 7 for x64-based Systems Service Pack 1Windows 8.1 for 32- bit systemsWindows 8.1 for x64-based systemsWindows RT 8.1 Windows Server 2008 for 32-bit Systems Service Pack 2Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)Windows Server 2008 for Itanium-Based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2012Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2012 R2 (Server Core installation)Windows Server 2016Windows Server 2016 (Server Core installation)Windows Server, version 1803 (Server Core Installation)

0x02 repair recommendations 360CERT suggestions through the installation of 360 security guards(http://weishi.360.cn)for a key update. It is timely for the Microsoft Windows version of the update and keep Windows Automatic Updates turned on, you can also download the reference link in the package, the manual upgrade.

0x03 timeline 2019-08-14 the official Microsoft Security Bulletin 2019-08-14 360CERT warning0x04 reference links 1. https://portal. msrc. microsoft. com/en-US/security-guidance/advisory/CVE-2019-05852. https://portal. msrc. microsoft. com/en-US/security-guidance/advisory/CVE-2019-07363. https://portal. msrc. microsoft. com/en-US/security-guidance/advisory/CVE-2019-11884. https://www. zerodayinitiative. com/blog/2019/8/13/the-august-2019-security-update-review