Microsoft Patch Tuesday – August 2019
This month, Intel was clean, their old chips are still a beautiful gate for attackers. But others still trying keep safe us. Microsoft, let’s see what happened in their territory.
The August security release consists of security updates for the following software:
- Microsoft Windows
- Internet Explorer
- Microsoft Edge
- Microsoft Office and Microsoft Office Services and Web Apps
- Visual Studio
- Online Services
- Active Directory
- Microsoft Dynamics
Let’s Focus on Windows Family
August 2019, here is the type of resolved security issues:
- Denial of Service
- Elevation of Privilege
- Information Disclosure
- Remote Code Execution
- Remote Code Execution
- Security Feature Bypass
Remote Desktop Services was a STAR like the previous months. After BlueKeep (The first wormable RDS vulnerability), there are another two resolved security issues:
“Wormable”, meaning that any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction.
Don’t bother yourself, descriptions are same for the mentioned CVEs:
A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP.
Seems, all Windows Servers (Sorry we don’t talk about client versions) have received security patches to resolving such the below issues:
Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Windows Server, Windows Input and Composition, the Microsoft JET Database Engine, Windows MSXML, Windows Datacenter Networking, Microsoft Scripting Engine, Internet Explorer, and Windows Virtualization.
Actually, security issues be able to affect performance so if highly recommended that apply security updates even you are HACKER!