Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s July 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-839 on Wednesday, July 10th. 

In-The-Wild & Disclosed CVEs

CVE-2019-0865

This vulnerability describes a denial of service that occurs when SymCrypt processes specially crafted digital signatures. This vulnerability was discussed by Forbes on June 12th after being disclosed by Tavis Ormandy via Google Project Zero.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE-2019-0887

A vulnerability in Remote Desktop Services clipboard redirection could lead to remote code execution. Clipboard redirection is the functionality that allows for the sharing of the clipboard between the local and remote host. A write-up on this attack was published by Eyal Itkin of Checkpoint back in February. It is important to note that the attacker would require access to a system running remote desktop and the victim would need to connect to the attacker-controlled system.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-0880

A privilege escalation vulnerability in splwow64.exe allows attackers to elevate privileges from low-integrity to medium-integrity. You can learn more about Mandatory Integrity Control here. Microsoft has indicated that they are seeing active exploitation of this vulnerability against older releases of Windows.

Microsoft has rated this as a 1 (Exploitation More Likely) for the Latest Software Release and a 0 (Exploitation Detected) for Older Software Releases on the Exploitability Index.

CVE-2019-1068

Microsoft SQL Server can incorrectly process internal functions leading to code execution in the context of the SQL Server Database Engine service account. To exploit this vulnerability, an attacker would need to be authenticated against the SQL server in order to perform the malicious query.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE-2019-1129

A vulnerability in Windows AppX Deployment Service (AppXSVC) allows an elevation of privilege when improperly handling hard links. We previously saw CVE-2019-0841 patched in April and following the release of that update, a pair of bypasses for CVE-2019-0841 were released. This may not be the last time we see AppXSVC patched.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-1132

CVE-2019-1132 is currently seeing active exploitation on older software releases, while the latest software release is not affected. The vulnerability is a privilege escalation in Win32k that could give an attacker full control of an affected system.

Microsoft has rated this as a 4 (Not affected) for the Latest Software Release and a 0 (Exploitation Detected) for Older Software Releases on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Windows Media
4
CVE-2019-1085, CVE-2019-1086, CVE-2019-1087, CVE-2019-1088
Open Source Software
1
CVE-2018-15664
Microsoft Windows DNS
2
CVE-2019-0811, CVE-2019-1090
ASP.NET
1
CVE-2019-1075
Microsoft Windows
14
CVE-2019-0865, CVE-2019-0887, CVE-2019-0966, CVE-2019-0975, CVE-2019-1126, CVE-2019-0785, CVE-2019-0880, CVE-2019-1037, CVE-2019-1067, CVE-2019-1074, CVE-2019-1082, CVE-2019-1091, CVE-2019-1129, CVE-2019-1130
SQL Server
1
CVE-2019-1068
.NET Framework
3
CVE-2019-1113, CVE-2019-1006, CVE-2019-1083
Microsoft Graphics Component
21
CVE-2019-1093, CVE-2019-1094, CVE-2019-1095, CVE-2019-1096, CVE-2019-1097, CVE-2019-1098, CVE-2019-1100, CVE-2019-1101, CVE-2019-1102, CVE-2019-1116, CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128, CVE-2019-0999
Microsoft Browsers
1
CVE-2019-1104
Windows RDP
1
CVE-2019-1108
Visual Studio
2
CVE-2019-1077, CVE-2019-1079
Windows Kernel
4
CVE-2019-1071, CVE-2019-1073, CVE-2019-1089, CVE-2019-1132
Azure DevOps
2
CVE-2019-1072, CVE-2019-1076
Microsoft Exchange Server
2
CVE-2019-1136, CVE-2019-1137
Azure
1
CVE-2019-0962
Internet Explorer
1
CVE-2019-1063
Windows Shell
1
CVE-2019-1099
Microsoft Office
5
CVE-2019-1109, CVE-2019-1110, CVE-2019-1111, CVE-2019-1112, CVE-2019-1084
Microsoft Scripting Engine
9
CVE-2019-1056, CVE-2019-1059, CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107, CVE-2019-1001, CVE-2019-1004
Microsoft Office SharePoint
1
CVE-2019-1134

 

Other Information

In addition to the Microsoft vulnerabilities included in the July Security Guidance, several advisories were released today.

Outlook on the web Cross-Site Scripting Vulnerability [ADV190021]

Microsoft has released information regarding a cross-site scripting vulnerability affecting Outlook on the web (formerly Outlook Web App) on-premise deployments. The vulnerability requires an attached image in the SVG format, which can be blocked using the steps outlined in this advisory.

Guidance to mitigate unconstrained delegation vulnerabilities [ADV1900006]

This previously released advisory was updated this month to announce that security updates have been released for all versions of windows that set the new trust flag to Yes for CVE-2019-0683.

 

The Executive's Guide to the Top 20 Critical Security Controls