July Patch Tuesday: Stop Zero-Day Exploits

July Patch Tuesday: Stop Zero-Day Exploits

Patch Tuesday Release

Microsoft have released 78 patches today covering IE, Edge, ChakraCore, Windows and Office.p There are 15 rated Critical and 62 Important with only 1 rated Moderate.

Urgent: Public and Exploited

There are a total of 8 vulnerabilities in this Patch Tuesday which are either publicly disclosed or being actively exploited, making July one of the worst months for the potential threats exposed by these vulnerabilities.

Robert Brown, Director of Services for Verismic said, “We highly recommend these be prioritized for immediate deployment, notice they are all rated by Microsoft as Important instead of Critical? Having an independent severity is essential along with the vendor severity is critically important for transparent prioritization of your next round of patching.

CVE-2019-0880 and CVE-2019-1132 have actually made our Most Wanted Index already this year already, meaning new vulnerabilities have been exposed and Microsoft have re-released new patches to resolve those vulnerabilities.

CVE-2019-0785 carries a CVSS score of 9.8 making this vulnerability the highest independent severity in this patch Tuesday release. All Windows Servers running DHCP going back to Windows 2012 are effected. The vulnerability exposes a memory corruption issue where if exploited could knock out the DHCP service, causing devices not to renew their IP address correctly. This impacts not just the server but every single device which uses it.

Adobe Updates

Adobe have only released 3 updates today resolving vulnerabilities with Adobe Bridge, Experience Manager, and Dreamweaver. There are no patches for Adobe Flash or Adobe Reader making Microsoft your biggest priority today.

Patch Tuesday Release

Verismic Recommended CVE ID Description Severity Publicly Disclosed Actively being Exploited
Yes CVE-2019-0880 Microsoft splwow64 Elevation of Privilege Vulnerability Important No Yes
Yes CVE-2019-1132 Win32k Elevation of Privilege Vulnerability Important No Yes
Yes CVE-2018-15664 Docker Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-0865 SymCrypt Denial of Service Vulnerability Important Yes No
Yes CVE-2019-0887 Remote Desktop Services Remote Code Execution Vulnerability Important Yes No
Yes CVE-2019-0962 Azure Automation Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-1068 Microsoft SQL Server Remote Code Execution Vulnerability Important Yes No
Yes CVE-2019-1129 Windows Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-0785 Windows DHCP Server Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1001 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1004 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1056 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1059 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1062 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1063 Internet Explorer Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1072 Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1092 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1102 GDI+ Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1103 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1104 Microsoft Browser Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1106 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1107 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1113 .NET Framework Remote Code Execution Vulnerability Critical No No
CVE-2019-0811 Windows DNS Server Denial of Service Vulnerability Important No No
CVE-2019-0966 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0975 ADFS Security Feature Bypass Vulnerability Important No No
CVE-2019-0999 DirectX Elevation of Privilege Vulnerability Important No No
CVE-2019-1006 WCF/WIF SAML Token Authentication Bypass Vulnerability Important No No
CVE-2019-1037 Windows Error Reporting Elevation of Privilege Vulnerability Important No No
CVE-2019-1067 Windows Kernel Elevation of Privilege Vulnerability Important No No
CVE-2019-1071 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1073 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1074 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1076 Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-1077 Visual Studio Elevation of Privilege Vulnerability Important No No
CVE-2019-1079 Visual Studio Information Disclosure Vulnerability Important No No
CVE-2019-1082 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1083 .NET Denial of Service Vulnerability Important No No
CVE-2019-1084 Microsoft Exchange Information Disclosure Vulnerability Important No No
CVE-2019-1085 Windows WLAN Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1086 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1087 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1088 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1089 Windows RPCSS Elevation of Privilege Vulnerability Important No No
CVE-2019-1090 Windows dnsrlvr.dll Elevation of Privilege Vulnerability Important No No
CVE-2019-1091 Microsoft unistore.dll Information Disclosure Vulnerability Important No No
CVE-2019-1093 DirectWrite Information Disclosure Vulnerability Important No No
CVE-2019-1094 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1095 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1096 Win32k Information Disclosure Vulnerability Important No No
CVE-2019-1097 DirectWrite Information Disclosure Vulnerability Important No No
CVE-2019-1098 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1099 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1100 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1101 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1105 Outlook for Android Spoofing Vulnerability Important No No
CVE-2019-1108 Remote Desktop Protocol Client Information Disclosure Vulnerability Important No No
CVE-2019-1109 Microsoft Office Spoofing Vulnerability Important No No
CVE-2019-1110 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2019-1111 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2019-1112 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2019-1116 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1117 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1118 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1119 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1120 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1121 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1122 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1123 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1124 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1126 ADFS Security Feature Bypass Vulnerability Important No No
CVE-2019-1127 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1128 DirectWrite Remote Code Execution Vulnerability Important No No
CVE-2019-1130 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1134 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-1136 Microsoft Exchange Server Elevation of Privilege Vulnerability Important No No
CVE-2019-1137 Microsoft Exchange Server Spoofing Vulnerability Important No No
CVE-2019-1075 ASP.NET Core Spoofing Vulnerability Moderate No No