The July 2019 Security Update Review
source link: https://www.tuicool.com/articles/nUfmQv7
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
July has arrived and so have the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.
Adobe Patches for July 2019
Adobe released three patches for July, but surprisingly, none are for Adobe Flash or Acrobat Reader. Instead, a total of five CVEs are addressed by fixes for Adobe Bridge, Experience Manager, and Dreamweaver. The CVE corrected by the Bridge patch fixes an information disclosure bug and was reported through the ZDI program. The Experience Manager patch is the largest this month with three CVEs referenced. All are input validation bugs. The patch for Dreamweaver corrects a single DLL-loading issue. None of these bugs are listed as being publicly known or under active attack at the time of release.
Microsoft Patches for July 2019
This month, Microsoft released security patches for 78 CVEs and two advisories. The updates cover Microsoft Windows, Internet Explorer, Office and Office Services and Web Apps, Azure DevOps, Azure, .NET Framework, ASP.NET, Visual Studio, SQL Server, Exchange Server, and Open Source Software. Yes – Open Source Software (more on that below). Of these 78 CVEs, 15 are rated Critical, 62 are rated Important, and one is rated Moderate in severity. A total of 13 of these CVEs came through the ZDI program. Six of these bugs are listed as publicly known, and two are listed as under active attack at the time of release.
Let’s take a closer look at some of the more interesting patches for this month, starting with the bugs being exploited:
– Microsoft splwow64 Elevation of Privilege Vulnerability
This patch corrects an elevation of privilege (EoP) bug in splwow64, which is the print driver host for 32-bit applications. Microsoft lists this as being actively exploited, but only on older systems. If successfully exploited, an attacker could go from low to medium-integrity. If you can’t deploy the patch immediately, you should be able to mitigate this vulnerability by disabling the print spooler.Win32k Elevation of Privilege Vulnerability
The other bug under active attack this month is also an EoP, this time in the Windows kernel. An attacker with access to an affected system could use this vulnerability to execute their code with kernel-level privileges. This type of bug is often used by malware to stay resident on a system. Again, there are no indications from Microsoft on how broadly this is being used, but it appears to be more on the targeted side for now.– SymCrypt Denial of Service Vulnerability
This is one of the publicly known bugs this month, and it has already received quite a bit of attention . SymCrypt is Windows’ primary crypto library for symmetric algorithms. The patch corrects a Denial-of-Service (DoS) vulnerability that could allow an attacker to effectively shut down a Windows system by sending a specially crafted X.509 certificate. Microsoft gives this a 2 on its Exploit Index (XI), which means they feel exploitation is unlikely. However, proof of concepts are already publicly available.– Microsoft SQL Server Remote Code Execution Vulnerability
Another of the publicly known bugs, this patch corrects a bug in SQL Server that could allow code execution if an attacker sends a specially crafted query to an affected SQL server. A successful exploit would execute code at the level of the Database Engine account. It doesn’t provide you keys to the kingdom, but it does have elevated privileges . The update also impacts SQL Server 2017 on Linux and Linux Docker Containers. Considering SQL Servers are generally part of an enterprise’s critical infrastructure, definitely test and deploy this patch to your SQL Servers quickly.– Docker Elevation of Privilege Vulnerability
This publicly known bug actually affects open source software. A vulnerability in Docker could give attackers arbitrary read-write access to the host filesystem with root privileges. This is caused by the API endpoint behind the “docker cp” command being affected by a symlink-exchange attack with Directory Traversal. Despite the 2018 CVE, this was only publicly disclosed in May. Unfortunately, a true fix isn’t available yet. While there is a pull request in review to fix this vulnerability, the only guidance for users is to avoid using the Docker copy command on their AKS clusters and Azure IoT Edge devices.Here’s the full list of CVEs released by Microsoft for July 2019.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK