August Patch Tuesday: Is RDP Worth the Risk?

August Patch Tuesday: Is RDP Worth the Risk?

August Patch Tuesday Has Arrived

Microsoft has released almost 100 updates today, 93 in total with 29 rated Critical and 64 Important. This is one of the largest releases this year and brings a few key updates to be aware of.

Remote Desktop Services

CVE-2019-1181, CVE-2019-1182, CVE-2019-1222 & CVE-2019-1226

There is no doubt that right now Windows RDS (used by remote desktop) has been exposed for a plethora of network hacks and global data thefts. It’s also one of the chosen weaknesses used to spread ransomware.

Although not technically a Zero Day vulnerability, we recommend this CVSS score 9.8 vulnerability be your highest priority in this release. Robert Brown, Director of Services said, “This year alone, this is one technology which keeps getting exposed, and is a favorite amongst the hackers. Although there are no known exploits (right now), this vulnerability is recognized by Microsoft as exploitation more likely, hence if you are using RDP this needs to be patched right away. Now is the time to decide whether RDP is worth the risk, or if there is another technology which offers better security?”

Microsoft Graphics Remote Code Execution Vulnerability

CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151 & CVE-2019-1152

This vulnerability carries a CVSS score of 8.8 and impacts almost every Windows operating system. We have seen vulnerabilities like these released as “Zero Day” in previous releases due to the security issues with Windows fonts. Windows font library improperly handles specially crafted embedded fonts, an attacker who successfully exploited the vulnerability could take control of the whole system, including installing applications and creating new accounts with full user rights.

Adobe Updates

Adobe has released 3 updates for Adobe Reader which resolves a grand total of 119 vulnerabilities. APSB19-41 has been given a Priority 2 which means Adobe recommend this be deployed within 30 as they have an elevated risk.

No Updates are Public or Exploited

As of the release schedule, none of the Microsoft vulnerabilities are either Publicly Disclosed or known to be Exploited.

Patch Tuesday Release

We have made a few recommendations below which you should prioritize this month:

Verismic Recommended CVE ID Description Severity Publicly Disclosed Actively being Exploited
Yes CVE-2019-1181 Remote Desktop Services Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1182 Remote Desktop Services Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1222 Remote Desktop Services Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1226 Remote Desktop Services Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1139 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1131 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1140 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1141 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1195 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1196 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1197 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0720 Hyper-V Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1188 LNK Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1144 Microsoft Graphics Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1145 Microsoft Graphics Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1149 Microsoft Graphics Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1150 Microsoft Graphics Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1151 Microsoft Graphics Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1152 Microsoft Graphics Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1199 Microsoft Outlook Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1200 Microsoft Outlook Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1201 Microsoft Word Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1205 Microsoft Word Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1133 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1194 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-0736 Windows DHCP Client Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1213 Windows DHCP Server Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0965 Windows Hyper-V Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1183 Windows VBScript Engine Remote Code Execution Vulnerability Critical No No
CVE-2019-9511 HTTP/2 Server Denial of Service Vulnerability Important No No
CVE-2019-9512 HTTP/2 Server Denial of Service Vulnerability Important No No
CVE-2019-9513 HTTP/2 Server Denial of Service Vulnerability Important No No
CVE-2019-9514 HTTP/2 Server Denial of Service Vulnerability Important No No
CVE-2019-9518 HTTP/2 Server Denial of Service Vulnerability Important No No
CVE-2019-0716 Windows Denial of Service Vulnerability Important No No
CVE-2019-1206 Windows DHCP Server Denial of Service Vulnerability Important No No
CVE-2019-1212 Windows DHCP Server Denial of Service Vulnerability Important No No
CVE-2019-0714 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0715 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0717 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0718 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-0723 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-1223 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important No No
CVE-2019-1187 XmlLite Runtime Denial of Service Vulnerability Important No No
CVE-2019-1176 DirectX Elevation of Privilege Vulnerability Important No No
CVE-2019-1229 Dynamics On-Premise Elevation of Privilege Vulnerability Important No No
CVE-2019-1211 Git for Visual Studio Elevation of Privilege Vulnerability Important No No
CVE-2019-1161 Microsoft Defender Elevation of Privilege Vulnerability Important No No
CVE-2019-1204 Microsoft Outlook Elevation of Privilege Vulnerability Important No No
CVE-2019-1198 Microsoft Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1168 Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability Important No No
CVE-2019-1169 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-1162 Windows ALPC Elevation of Privilege Vulnerability Important No No
CVE-2019-1173 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1174 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1175 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1177 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1178 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1179 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1180 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1184 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1186 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1190 Windows Image Elevation of Privilege Vulnerability Important No No
CVE-2019-1159 Windows Kernel Elevation of Privilege Vulnerability Important No No
CVE-2019-1164 Windows Kernel Elevation of Privilege Vulnerability Important No No
CVE-2019-1170 Windows NTFS Elevation of Privilege Vulnerability Important No No
CVE-2019-1185 Windows Subsystem for Linux Elevation of Privilege Vulnerability Important No No
CVE-2019-1030 Microsoft Edge Information Disclosure Vulnerability Important No No
CVE-2019-1078 Microsoft Graphics Component Information Disclosure Vulnerability Important No No
CVE-2019-1148 Microsoft Graphics Component Information Disclosure Vulnerability Important No No
CVE-2019-1153 Microsoft Graphics Component Information Disclosure Vulnerability Important No No
CVE-2019-1202 Microsoft SharePoint Information Disclosure Vulnerability Important No No
CVE-2019-1224 Remote Desktop Protocol Server Information Disclosure Vulnerability Important No No
CVE-2019-1225 Remote Desktop Protocol Server Information Disclosure Vulnerability Important No No
CVE-2019-1171 SymCrypt Information Disclosure Vulnerability Important No No
CVE-2019-1143 Windows Graphics Component Information Disclosure Vulnerability Important No No
CVE-2019-1154 Windows Graphics Component Information Disclosure Vulnerability Important No No
CVE-2019-1158 Windows Graphics Component Information Disclosure Vulnerability Important No No
CVE-2019-1172 Windows Information Disclosure Vulnerability Important No No
CVE-2019-1227 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1228 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1146 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1147 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1155 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1156 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1157 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1193 Microsoft Browser Memory Corruption Vulnerability Important No No
CVE-2019-1057 MS XML Remote Code Execution Vulnerability Important No No
CVE-2019-1192 Microsoft Browsers Security Feature Bypass Vulnerability Important No No
CVE-2019-1163 Windows File Signature Security Feature Bypass Vulnerability Important No No
CVE-2019-1218 Outlook iOS Spoofing Vulnerability Important No No
CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerability Important No No
CVE-2019-1203 Microsoft Office SharePoint XSS Vulnerability Important No No