Lucene search

thnThe Hacker NewsTHN:6D3958A91B25B261648974EB6D8D592F
HistoryJul 09, 2019 - 6:00 p.m.

Microsoft Releases July 2019 Security Updates, 2 Flaws Under Active Attack

The Hacker News





microsoft patch tuesday security bulletins

Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity.

The July 2019 security updates include patches for various supported versions of Windows operating systems and other Microsoft products, including Internet Explorer, Edge, Office, Azure DevOps, Open Source Software, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Exchange Server.

Details of 6 security vulnerabilities, all rated important, were made public before a patch was released, none of which were found being exploited in the wild.

However, two new privilege escalation vulnerabilities, one affects all supported versions of the Windows operating system, and the other affects Windows 7 and Server 2008, have been reported as being actively exploited in the wild.

Both actively exploited vulnerabilities lead to elevation of privilege, one (CVE-2019-1132) of which resides in the Win32k component and could allow an attacker to run arbitrary code in kernel mode.

However, the other actively exploited vulnerability (CVE-2019-0880) resides in the way splwow64 (Thunking Spooler APIs) handles certain calls, allowing an attacker or a malicious program to elevate its privileges on an affected system from low-integrity to medium-integrity.

The publicly known flaws affect Docker runtime, SymCrypt Windows cryptographic library, Remote Desktop Services, Azure Automation, Microsoft SQL server, and Windows AppX Deployment Service (AppXSVC).

Microsoft also released updates to patch 14 critical vulnerabilities, and as expected, all of them lead to remote code execution attacks and affect Microsoft products ranging from Internet Explorer and Edge to Windows Server DHCP, Azure DevOps and Team Foundation Servers.

Some important-rated vulnerabilities also lead to remote code execution attacks, while others allow elevation of privilege, information disclosure, cross-site scripting (XSS), security feature bypass, spoofing, and denial of service attacks.

Users and system administrators are strongly advised to apply the latest Microsoft security patches as soon as possible to keep hackers and cyber criminals away from taking control of their Windows computer systems.

For installing the latest security updates, users can head on to Settings → Update & Security → Windows Update → Check for updates on their Windows computers or can install the updates manually.

For addressing problematic updates on Windows 10 devices, Microsoft also introduced a safety measure in March this year that automatically uninstalls buggy software updates installed on your system if your OS detects a startup failure.