Microsoft and Oracle issued security updates with Redmond, Wash., company patching a single issue in Windows Defender Application Control while Oracle’s update covered over 100 products and dozens of vulnerabilities.
The issue with Windows Defender, CVE-2019-1167, if exploited would allow an attacker to circumvent PowerShell Core Constrained Language Mode on the machine. However, Microsoft noted to be successful an attacker an attacker would need administrator access to the local machine where PowerShell is running in Constrained Language mode. The update corrects the problem.
Oracle’s July critical patch update advisory covered 121 different products with each being associated with multiple CVEs. Oracle previously released security alerts in May and June.