July Patch Tuesday: Stop Zero-Day Exploits
Patch Tuesday Release
Microsoft have released 78 patches today covering IE, Edge, ChakraCore, Windows and Office.p There are 15 rated Critical and 62 Important with only 1 rated Moderate.
Urgent: Public and Exploited
There are a total of 8 vulnerabilities in this Patch Tuesday which are either publicly disclosed or being actively exploited, making July one of the worst months for the potential threats exposed by these vulnerabilities.
Robert Brown, Director of Services for Verismic said, “We highly recommend these be prioritized for immediate deployment, notice they are all rated by Microsoft as Important instead of Critical? Having an independent severity is essential along with the vendor severity is critically important for transparent prioritization of your next round of patching.
CVE-2019-0880 and CVE-2019-1132 have actually made our Most Wanted Index already this year already, meaning new vulnerabilities have been exposed and Microsoft have re-released new patches to resolve those vulnerabilities.
CVE-2019-0785 carries a CVSS score of 9.8 making this vulnerability the highest independent severity in this patch Tuesday release. All Windows Servers running DHCP going back to Windows 2012 are effected. The vulnerability exposes a memory corruption issue where if exploited could knock out the DHCP service, causing devices not to renew their IP address correctly. This impacts not just the server but every single device which uses it.
Adobe Updates
Adobe have only released 3 updates today resolving vulnerabilities with Adobe Bridge, Experience Manager, and Dreamweaver. There are no patches for Adobe Flash or Adobe Reader making Microsoft your biggest priority today.
Patch Tuesday Release
| Verismic Recommended | CVE ID | Description | Severity | Publicly Disclosed | Actively being Exploited |
| Yes | CVE-2019-0880 | Microsoft splwow64 Elevation of Privilege Vulnerability | Important | No | Yes |
| Yes | CVE-2019-1132 | Win32k Elevation of Privilege Vulnerability | Important | No | Yes |
| Yes | CVE-2018-15664 | Docker Elevation of Privilege Vulnerability | Important | Yes | No |
| Yes | CVE-2019-0865 | SymCrypt Denial of Service Vulnerability | Important | Yes | No |
| Yes | CVE-2019-0887 | Remote Desktop Services Remote Code Execution Vulnerability | Important | Yes | No |
| Yes | CVE-2019-0962 | Azure Automation Elevation of Privilege Vulnerability | Important | Yes | No |
| Yes | CVE-2019-1068 | Microsoft SQL Server Remote Code Execution Vulnerability | Important | Yes | No |
| Yes | CVE-2019-1129 | Windows Elevation of Privilege Vulnerability | Important | Yes | No |
| Yes | CVE-2019-0785 | Windows DHCP Server Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1001 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1004 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1056 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1059 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1062 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1063 | Internet Explorer Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1072 | Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1092 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1102 | GDI+ Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1103 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1104 | Microsoft Browser Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1106 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1107 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1113 | .NET Framework Remote Code Execution Vulnerability | Critical | No | No |
| CVE-2019-0811 | Windows DNS Server Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-0966 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-0975 | ADFS Security Feature Bypass Vulnerability | Important | No | No | |
| CVE-2019-0999 | DirectX Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1006 | WCF/WIF SAML Token Authentication Bypass Vulnerability | Important | No | No | |
| CVE-2019-1037 | Windows Error Reporting Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1067 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1071 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1073 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1074 | Microsoft Windows Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1076 | Team Foundation Server Cross-site Scripting Vulnerability | Important | No | No | |
| CVE-2019-1077 | Visual Studio Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1079 | Visual Studio Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1082 | Microsoft Windows Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1083 | .NET Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-1084 | Microsoft Exchange Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1085 | Windows WLAN Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1086 | Windows Audio Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1087 | Windows Audio Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1088 | Windows Audio Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1089 | Windows RPCSS Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1090 | Windows dnsrlvr.dll Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1091 | Microsoft unistore.dll Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1093 | DirectWrite Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1094 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1095 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1096 | Win32k Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1097 | DirectWrite Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1098 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1099 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1100 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1101 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1105 | Outlook for Android Spoofing Vulnerability | Important | No | No | |
| CVE-2019-1108 | Remote Desktop Protocol Client Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1109 | Microsoft Office Spoofing Vulnerability | Important | No | No | |
| CVE-2019-1110 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1111 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1112 | Microsoft Excel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1116 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1117 | DirectWrite Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1118 | DirectWrite Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1119 | DirectWrite Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1120 | DirectWrite Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1121 | DirectWrite Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1122 | DirectWrite Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1123 | DirectWrite Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1124 | DirectWrite Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1126 | ADFS Security Feature Bypass Vulnerability | Important | No | No | |
| CVE-2019-1127 | DirectWrite Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1128 | DirectWrite Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1130 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1134 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | |
| CVE-2019-1136 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1137 | Microsoft Exchange Server Spoofing Vulnerability | Important | No | No | |
| CVE-2019-1075 | ASP.NET Core Spoofing Vulnerability | Moderate | No | No |
