
August Patch Tuesday: Is RDP Worth the Risk?
Microsoft has released almost 100 updates today making this one of the largest Patch Tuesday updates of the year.
August Patch Tuesday Has Arrived
Microsoft has released almost 100 updates today, 93 in total with 29 rated Critical and 64 Important. This is one of the largest releases this year and brings a few key updates to be aware of.
Remote Desktop Services
CVE-2019-1181, CVE-2019-1182, CVE-2019-1222 & CVE-2019-1226
There is no doubt that right now Windows RDS (used by remote desktop) has been exposed for a plethora of network hacks and global data thefts. It’s also one of the chosen weaknesses used to spread ransomware.
Although not technically a Zero Day vulnerability, we recommend this CVSS score 9.8 vulnerability be your highest priority in this release. Robert Brown, Director of Services said, “This year alone, this is one technology which keeps getting exposed, and is a favorite amongst the hackers. Although there are no known exploits (right now), this vulnerability is recognized by Microsoft as exploitation more likely, hence if you are using RDP this needs to be patched right away. Now is the time to decide whether RDP is worth the risk, or if there is another technology which offers better security?”
Microsoft Graphics Remote Code Execution Vulnerability
CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151 & CVE-2019-1152
This vulnerability carries a CVSS score of 8.8 and impacts almost every Windows operating system. We have seen vulnerabilities like these released as “Zero Day” in previous releases due to the security issues with Windows fonts. Windows font library improperly handles specially crafted embedded fonts, an attacker who successfully exploited the vulnerability could take control of the whole system, including installing applications and creating new accounts with full user rights.
Adobe Updates
Adobe has released 3 updates for Adobe Reader which resolves a grand total of 119 vulnerabilities. APSB19-41 has been given a Priority 2 which means Adobe recommend this be deployed within 30 as they have an elevated risk.
No Updates are Public or Exploited
As of the release schedule, none of the Microsoft vulnerabilities are either Publicly Disclosed or known to be Exploited.
Patch Tuesday Release
We have made a few recommendations below which you should prioritize this month:
Verismic Recommended | CVE ID | Description | Severity | Publicly Disclosed | Actively being Exploited |
Yes | CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1222 | Remote Desktop Services Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1226 | Remote Desktop Services Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1139 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
Yes | CVE-2019-1131 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
Yes | CVE-2019-1140 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
Yes | CVE-2019-1141 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
Yes | CVE-2019-1195 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
Yes | CVE-2019-1196 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
Yes | CVE-2019-1197 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
Yes | CVE-2019-0720 | Hyper-V Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1188 | LNK Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1144 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1145 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1149 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1150 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1151 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1152 | Microsoft Graphics Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1199 | Microsoft Outlook Memory Corruption Vulnerability | Critical | No | No |
Yes | CVE-2019-1200 | Microsoft Outlook Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1201 | Microsoft Word Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1205 | Microsoft Word Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1133 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
Yes | CVE-2019-1194 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
Yes | CVE-2019-0736 | Windows DHCP Client Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1213 | Windows DHCP Server Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-0965 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | No | No |
Yes | CVE-2019-1183 | Windows VBScript Engine Remote Code Execution Vulnerability | Critical | No | No |
CVE-2019-9511 | HTTP/2 Server Denial of Service Vulnerability | Important | No | No | |
CVE-2019-9512 | HTTP/2 Server Denial of Service Vulnerability | Important | No | No | |
CVE-2019-9513 | HTTP/2 Server Denial of Service Vulnerability | Important | No | No | |
CVE-2019-9514 | HTTP/2 Server Denial of Service Vulnerability | Important | No | No | |
CVE-2019-9518 | HTTP/2 Server Denial of Service Vulnerability | Important | No | No | |
CVE-2019-0716 | Windows Denial of Service Vulnerability | Important | No | No | |
CVE-2019-1206 | Windows DHCP Server Denial of Service Vulnerability | Important | No | No | |
CVE-2019-1212 | Windows DHCP Server Denial of Service Vulnerability | Important | No | No | |
CVE-2019-0714 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | |
CVE-2019-0715 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | |
CVE-2019-0717 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | |
CVE-2019-0718 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | |
CVE-2019-0723 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | |
CVE-2019-1223 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important | No | No | |
CVE-2019-1187 | XmlLite Runtime Denial of Service Vulnerability | Important | No | No | |
CVE-2019-1176 | DirectX Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1229 | Dynamics On-Premise Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1211 | Git for Visual Studio Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1161 | Microsoft Defender Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1204 | Microsoft Outlook Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1198 | Microsoft Windows Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1168 | Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1169 | Win32k Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1173 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1174 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1175 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1177 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1178 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1179 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1180 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1184 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1186 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1190 | Windows Image Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1159 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1164 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1170 | Windows NTFS Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1185 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important | No | No | |
CVE-2019-1030 | Microsoft Edge Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1078 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1148 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1153 | Microsoft Graphics Component Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1202 | Microsoft SharePoint Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1224 | Remote Desktop Protocol Server Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1225 | Remote Desktop Protocol Server Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1171 | SymCrypt Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1143 | Windows Graphics Component Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1154 | Windows Graphics Component Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1158 | Windows Graphics Component Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1172 | Windows Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1227 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1228 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
CVE-2019-1146 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
CVE-2019-1147 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
CVE-2019-1155 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
CVE-2019-1156 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
CVE-2019-1157 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
CVE-2019-1193 | Microsoft Browser Memory Corruption Vulnerability | Important | No | No | |
CVE-2019-1057 | MS XML Remote Code Execution Vulnerability | Important | No | No | |
CVE-2019-1192 | Microsoft Browsers Security Feature Bypass Vulnerability | Important | No | No | |
CVE-2019-1163 | Windows File Signature Security Feature Bypass Vulnerability | Important | No | No | |
CVE-2019-1218 | Outlook iOS Spoofing Vulnerability | Important | No | No | |
CVE-2019-9506 | Encryption Key Negotiation of Bluetooth Vulnerability | Important | No | No | |
CVE-2019-1203 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No |
Start a Free Trial
Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.

Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
One Comment