Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft released Patch Tuesday security updates for July 2019

Microsoft Patch Tuesday updates for July 2019 address a total of 77 vulnerabilities, 14 rated as Critical, 62 as Important, and only 1 as Moderate in severity. Microsoft released Patch Tuesday updates for July 2019 that address a total of 77 vulnerabilities, 14 rated as Critical, 62 as Important, and only 1 as Moderate in severity. Patch Tuesday updates for July 2019 […]

Microsoft Patch Tuesday

Microsoft Patch Tuesday updates for July 2019 address a total of 77 vulnerabilities, 14 rated as Critical, 62 as Important, and only 1 as Moderate in severity.

Microsoft released Patch Tuesday updates for July 2019 that address a total of 77 vulnerabilities, 14 rated as Critical, 62 as Important, and only 1 as Moderate in severity.

Patch Tuesday updates for July 2019 fixed security issued in numerous products of the tech giant, including Windows operating systems, Internet Explorer, Edge, Office, Azure DevOps, Open Source Software, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Exchange Server.

All the 14 critical vulnerabilities addressed by Microsoft are remote code execution issues affecting various products, including Internet Explorer and Edge to Windows Server DHCP, Azure DevOps and Team Foundation Servers.

Technical details for six important security flaws were publicly disclosed before a patch was released, fortunately, there is no news of the exploitation of the flaws in the wild.

Microsoft also addressed two privilege escalation flaws actively exploited in the wild.

The first one, tracked as CVE-2019-1132, affects the Win32k component and could be exploited to run arbitrary code in kernel mode.

“An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” reads the security advisory.

“To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.”

The second one, tracked as CVE-2019.0880, affects Windows 7 and Server 2008. The issue resides in the way splwow64 (Thunking Spooler APIs) handles certain calls.

“A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.” reads the advisory.

“This vulnerability by itself does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability (such as a remote code execution vulnerability or another elevation of privilege vulnerability) that is capable of leveraging the elevated privileges when code execution is attempted.”

Important-rated security flaws include remote code execution vulnerabilities, privilege escalation issues, information disclosure, cross-site scripting (XSS), security feature bypass, spoofing, and denial of service flaws.

Don’t forget to check that your system has installed the latest security patches released by Microsoft.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Microsoft Patch Tuesday updates for July 2019, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]