August Patch Tuesday: Is RDP Worth the Risk?

Microsoft has released almost 100 updates today making this one of the largest Patch Tuesday updates of the year.

August Patch Tuesday Has Arrived

Microsoft has released almost 100 updates today, 93 in total with 29 rated Critical and 64 Important. This is one of the largest releases this year and brings a few key updates to be aware of.

Remote Desktop Services

CVE-2019-1181, CVE-2019-1182, CVE-2019-1222 & CVE-2019-1226

There is no doubt that right now Windows RDS (used by remote desktop) has been exposed for a plethora of network hacks and global data thefts. It’s also one of the chosen weaknesses used to spread ransomware.

Although not technically a Zero Day vulnerability, we recommend this CVSS score 9.8 vulnerability be your highest priority in this release. Robert Brown, Director of Services said, “This year alone, this is one technology which keeps getting exposed, and is a favorite amongst the hackers. Although there are no known exploits (right now), this vulnerability is recognized by Microsoft as exploitation more likely, hence if you are using RDP this needs to be patched right away. Now is the time to decide whether RDP is worth the risk, or if there is another technology which offers better security?”

Microsoft Graphics Remote Code Execution Vulnerability

CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151 & CVE-2019-1152

This vulnerability carries a CVSS score of 8.8 and impacts almost every Windows operating system. We have seen vulnerabilities like these released as “Zero Day” in previous releases due to the security issues with Windows fonts. Windows font library improperly handles specially crafted embedded fonts, an attacker who successfully exploited the vulnerability could take control of the whole system, including installing applications and creating new accounts with full user rights.

Adobe Updates

Adobe has released 3 updates for Adobe Reader which resolves a grand total of 119 vulnerabilities. APSB19-41 has been given a Priority 2 which means Adobe recommend this be deployed within 30 as they have an elevated risk.

No Updates are Public or Exploited

As of the release schedule, none of the Microsoft vulnerabilities are either Publicly Disclosed or known to be Exploited.

Patch Tuesday Release

We have made a few recommendations below which you should prioritize this month:

Verismic Recommended	CVE ID	Description	Severity	Publicly Disclosed	Actively being Exploited
Yes	CVE-2019-1181	Remote Desktop Services Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1182	Remote Desktop Services Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1222	Remote Desktop Services Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1226	Remote Desktop Services Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1139	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No
Yes	CVE-2019-1131	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No
Yes	CVE-2019-1140	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No
Yes	CVE-2019-1141	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No
Yes	CVE-2019-1195	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No
Yes	CVE-2019-1196	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No
Yes	CVE-2019-1197	Chakra Scripting Engine Memory Corruption Vulnerability	Critical	No	No
Yes	CVE-2019-0720	Hyper-V Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1188	LNK Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1144	Microsoft Graphics Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1145	Microsoft Graphics Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1149	Microsoft Graphics Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1150	Microsoft Graphics Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1151	Microsoft Graphics Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1152	Microsoft Graphics Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1199	Microsoft Outlook Memory Corruption Vulnerability	Critical	No	No
Yes	CVE-2019-1200	Microsoft Outlook Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1201	Microsoft Word Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1205	Microsoft Word Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1133	Scripting Engine Memory Corruption Vulnerability	Critical	No	No
Yes	CVE-2019-1194	Scripting Engine Memory Corruption Vulnerability	Critical	No	No
Yes	CVE-2019-0736	Windows DHCP Client Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1213	Windows DHCP Server Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-0965	Windows Hyper-V Remote Code Execution Vulnerability	Critical	No	No
Yes	CVE-2019-1183	Windows VBScript Engine Remote Code Execution Vulnerability	Critical	No	No
	CVE-2019-9511	HTTP/2 Server Denial of Service Vulnerability	Important	No	No
	CVE-2019-9512	HTTP/2 Server Denial of Service Vulnerability	Important	No	No
	CVE-2019-9513	HTTP/2 Server Denial of Service Vulnerability	Important	No	No
	CVE-2019-9514	HTTP/2 Server Denial of Service Vulnerability	Important	No	No
	CVE-2019-9518	HTTP/2 Server Denial of Service Vulnerability	Important	No	No
	CVE-2019-0716	Windows Denial of Service Vulnerability	Important	No	No
	CVE-2019-1206	Windows DHCP Server Denial of Service Vulnerability	Important	No	No
	CVE-2019-1212	Windows DHCP Server Denial of Service Vulnerability	Important	No	No
	CVE-2019-0714	Windows Hyper-V Denial of Service Vulnerability	Important	No	No
	CVE-2019-0715	Windows Hyper-V Denial of Service Vulnerability	Important	No	No
	CVE-2019-0717	Windows Hyper-V Denial of Service Vulnerability	Important	No	No
	CVE-2019-0718	Windows Hyper-V Denial of Service Vulnerability	Important	No	No
	CVE-2019-0723	Windows Hyper-V Denial of Service Vulnerability	Important	No	No
	CVE-2019-1223	Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability	Important	No	No
	CVE-2019-1187	XmlLite Runtime Denial of Service Vulnerability	Important	No	No
	CVE-2019-1176	DirectX Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1229	Dynamics On-Premise Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1211	Git for Visual Studio Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1161	Microsoft Defender Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1204	Microsoft Outlook Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1198	Microsoft Windows Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1168	Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1169	Win32k Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1162	Windows ALPC Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1173	Windows Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1174	Windows Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1175	Windows Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1177	Windows Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1178	Windows Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1179	Windows Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1180	Windows Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1184	Windows Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1186	Windows Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1190	Windows Image Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1159	Windows Kernel Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1164	Windows Kernel Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1170	Windows NTFS Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1185	Windows Subsystem for Linux Elevation of Privilege Vulnerability	Important	No	No
	CVE-2019-1030	Microsoft Edge Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1078	Microsoft Graphics Component Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1148	Microsoft Graphics Component Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1153	Microsoft Graphics Component Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1202	Microsoft SharePoint Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1224	Remote Desktop Protocol Server Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1225	Remote Desktop Protocol Server Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1171	SymCrypt Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1143	Windows Graphics Component Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1154	Windows Graphics Component Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1158	Windows Graphics Component Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1172	Windows Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1227	Windows Kernel Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1228	Windows Kernel Information Disclosure Vulnerability	Important	No	No
	CVE-2019-1146	Jet Database Engine Remote Code Execution Vulnerability	Important	No	No
	CVE-2019-1147	Jet Database Engine Remote Code Execution Vulnerability	Important	No	No
	CVE-2019-1155	Jet Database Engine Remote Code Execution Vulnerability	Important	No	No
	CVE-2019-1156	Jet Database Engine Remote Code Execution Vulnerability	Important	No	No
	CVE-2019-1157	Jet Database Engine Remote Code Execution Vulnerability	Important	No	No
	CVE-2019-1193	Microsoft Browser Memory Corruption Vulnerability	Important	No	No
	CVE-2019-1057	MS XML Remote Code Execution Vulnerability	Important	No	No
	CVE-2019-1192	Microsoft Browsers Security Feature Bypass Vulnerability	Important	No	No
	CVE-2019-1163	Windows File Signature Security Feature Bypass Vulnerability	Important	No	No
	CVE-2019-1218	Outlook iOS Spoofing Vulnerability	Important	No	No
	CVE-2019-9506	Encryption Key Negotiation of Bluetooth Vulnerability	Important	No	No
	CVE-2019-1203	Microsoft Office SharePoint XSS Vulnerability	Important	No	No

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

August Patch Tuesday: Is RDP Worth the Risk?

August Patch Tuesday: Is RDP Worth the Risk?

Microsoft has released almost 100 updates today making this one of the largest Patch Tuesday updates of the year.

August Patch Tuesday Has Arrived

Remote Desktop Services

Microsoft Graphics Remote Code Execution Vulnerability

Adobe Updates

No Updates are Public or Exploited

Patch Tuesday Release

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Recent Posts

What’s Trending

Recently Written

One Comment

Leave a Reply

ALL SYXSENSE FEATURES

CONTACT US

GENERAL INFORMATION

RECENT POSTS

August Patch Tuesday: Is RDP Worth the Risk?

August Patch Tuesday: Is RDP Worth the Risk?

Microsoft has released almost 100 updates today making this one of the largest Patch Tuesday updates of the year.

August Patch Tuesday Has Arrived

Remote Desktop Services

Microsoft Graphics Remote Code Execution Vulnerability

Adobe Updates

No Updates are Public or Exploited

Patch Tuesday Release

Start a Free Trial

Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Recent Posts

What’s Trending

Recently Written

Tags

You May Also Like

Syxsense Wins the 2023 Digital Innovator Award from Intellyx

May 2023 3rd Party Roundup Webinar

Microsoft Patch Tuesday Update | May 2023

One Comment

Leave a Reply

ALL SYXSENSE FEATURES

CONTACT US

GENERAL INFORMATION

RECENT POSTS