Patch/Configuration Management, Vulnerability Management

Microsoft Patch Tuesday addresses two actively exploited zero-days

Microsoft’s July 2019 Patch Tuesday included updates for 77 vulnerabilities, including two actively exploited zero-days and five publicly disclosed vulnerabilities.

One of the zero-days, CVE-2019-1132, a privilege escalation vulnerability in the Win32k component, was actively exploited as part of the attack chain by a group of Russian state-funded hackers. 

If exploited, this bug could allow an attacker to run arbitrary code in kernel mode and install programs that would allow them to view, change, delete data or create new accounts with full user rights.

The flaw is in Win32k and affects Windows 7, Server 2008 and Server 2008 R2. It was discovered by ESET researchers who are scheduled to release a full report of the attacks on July 10.

The second zero-day, CVE-2019-0880, is also a privilege escalation flaw, but is found in splwow64.exe, another Windows core process. 

“If exploited an attacker can elevate their privilege level from a low to a medium-integrity,” Chris Goettl, director of product management, security, at Ivanti, said. “Once they have elevated their privilege level an attacker could exploit another vulnerability to allow them to execute code.”

The five publicly disclosed vulnerabilities included a SymCrypt Denial of Service vulnerability, a Docker Elevation of Privilege vulnerability, an Azure Automation Elevation of Privilege vulnerability, a Microsoft SQL Server Remote Code Execution Vulnerability, and a Windows Elevation of Privilege vulnerability, none of which have been exploited in the wild.

Out of all of the vulnerabilities, 15 were classified as “critical” and of those, 11 are for scripting engines and browsers, with the remaining four covering DHCP Server, GDI+, .NET Framework, and Azure DevOps Server / Team Foundation Server.

“Microsoft has released an update for everything including the kitchen smart sink!” Goettl said. 

“Ok, maybe not for sinks, but OS, Office, .Net, SQL, VSTS, and an Advisory for Microsoft Exchange Server!" he said. "Development binaries Azure IoT Edge, Azure Kubernetes Service, Azure Automation, Azure DevOps Server, ASP .Net Core, .Net Core, Chakra Core, are also getting updates. It is quite the lineup.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.