Of the 93 vulnerabilities Microsoft patched today, 29 are rated Critical and 64 are rated Important in severity.
On the second Tuesday of the month — as clockwork — Microsoft released its monthly rollup of security updates known as Patch Tuesday.
This month, Microsoft patched 93 security flaws and published two security advisories with mitigations for two security-related issues impacting the company’s products & services.
Unlike in previous months, none of the vulnerabilities that have been patched today were under attack, or had their details publicly disclosed online.
THE RDS RCES
But while security researchers say that all security bugs are important, the “stars” of this month’s Patch Tuesday are the four remote code execution bugs Microsoft fixed in the Windows Remote Desktop Services (RDS) component — CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226.
Of the four, the first two are the biggest threats.
In a blog post, Simon Pope, Director of Incident Response for the Microsoft Security Response Center (MSRC), said the two bugs are “wormable,” akin to the now-infamous BlueKeep (CVE-2019-0708) bug that Microsoft patched in RDS in May.
This means attackers can exploit the bugs to take over a computer and then spread to other computers without any user interaction.
Patching CVE-2019-1181 and CVE-2019-1182 is of the utmost urgency, and for good reasons.
OTHER PATCHED VULNERABILITIES
But the four remote code execution (RCE) bugs in the RDS component are not the only RCEs patched this month.
There are also seven RCEs impacting the Chakra scripting engine (included in Microsoft Edge and other Microsoft apps), two RCEs in Microsoft Hyper-V virtual machine hypervisor technology, six RCEs in the Microsoft Graphics component, one in Outlook, two in Word, two in the Windows DHCP client, two in the older Scripting Engine component, and one in the VBScript engine.
And there is also a patch for a bug in the shadowy CTF protocol that impacts all Windows versions since Windows XP.
All in all, the August 2019 Patch Tuesday is both bulky and critical. Of the 93 vulnerabilities Microsoft patched today, 29 are rated Critical and 64 are rated Important in severity.
Furthermore, with this occasion, Microsoft also wanted to remind users that Windows 7 and Windows Server 2008 R2 will be out of extended support and no longer receiving updates as of January 14, 2020.
“We strongly recommend that you update any computers running Windows 7 or Windows Server 2008 R2 so you will continue receiving security updates,” the company said.]
OTHER NON-MICROSOFT SECURITY UPDATES
Since the Microsoft Patch Tuesday is also the day when other vendors also release security patches, it’s also worth mentioning that Adobe, SAP, and VMWare have also published their respective security updates earlier today.
Of the three, Adobe’s security updates are the largest, with fixes for Photoshop, Experience Manager, Acrobat/Reader, the Creative Cloud desktop app, Prelude, Premiere Pro, Character Animator, and After Effects. Of note, there are no Flash security updates this month.
More in-depth information on today’s Patch Tuesday updates is available on Microsoft’s official Security Update Guide portal. You can also consult the table embedded below, this Patch Tuesday report generated by ZDNet, or these ones, put together by Trend Micro and the SANS Internet Storm Center.
Source: https://www.zdnet.com/article/microsoft-august-2019-patch-tuesday-fixes-93-security-bugs/
c6FPpr Thanks to my father who told me concerning this weblog,
You could certainly see your skills in the work you write. The arena hopes for more passionate writers like you who are not afraid to mention how they believe. At all times follow your heart.
I think other web-site proprietors should take this website as an model, very clean and fantastic user friendly style and design, as well as the content. You are an expert in this topic!
The Spirit of the Lord is with them that fear him.
Just Browsing While I was browsing today I saw a great article concerning
Really enjoyed this article.Thanks Again. Will read on
same comment. Is there a way you are able to remove me
Wow! Thank you! I constantly needed to write on my site something like that. Can I implement a portion of your post to my site?
Pretty great post. I simply stumbled upon your blog and wanted to say
You ave made some good points there. I checked on the web for more information about the issue and found most individuals will go along with your views on this website.
These people work together with leap close to they will combined with the boots or shoes nevertheless search great. I truly do think they may be well worth the charge.
I went over this site and I believe you have a lot of wonderful information, saved to favorites (:.