Home Security Microsoft August Patch Tuesday Addressed 93 Security Flaws

Microsoft August Patch Tuesday Addressed 93 Security Flaws


This week marks the release of Microsoft’s monthly scheduled updates. With August Patch Tuesday, Microsoft has addressed 93 security flaws. These even include some critical wormable bugs in Windows Remote Desktop Services.

Critical Security Flaws In Windows RDS

Microsoft has addressed at least four different security flaws in Windows Remote Desktop Services. All of these vulnerabilities could allow remote code execution upon exploit.

Describing the vulnerabilities, Microsoft explained that the flaws existed in the way Windows RDS handles connection requests. As stated in the advisories,

A remote code execution vulnerability exists in Remote Desktop Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The vulnerabilities included CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226. Of these, Microsoft has categorized the first two as ‘wormable’, just like the BlueKeep vulnerability (CVE-2019-0708) that Microsoft patched with May updates.

All these flaws have received a critical severity rating with a CVSS base score of 9.8. As possible mitigation, Microsoft recommends disabling the Windows Remote Desktop Services when not in use. However, for adequate protection against potential attacks, users must ensure updating their devices with the patches.

Other Microsoft August Patch Tuesday Updates

Apart from the Windows RDS flaws, Microsoft also addressed numerous other vulnerabilities in various products. These include fixes in Microsoft Windows, Microsoft Edge, Internet Explorer, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, Visual Studio, Active Directory, Online Services, and Microsoft Dynamics.

Regarding the vulnerabilities, Microsoft addressed 29 critical (including the four discussed above), and 64 important security bugs. Whereas, none of the bugs addressed is of low-severity.

All the critical vulnerabilities could lead to remote code execution upon exploit. These include some memory corruption vulnerabilities in Chakra Scripting Engine (7), Microsoft Outlook (1), and Scripting Engine (2). Also include remote code execution flaws in Microsoft Graphics (6), Microsoft Word (2), and one RCE bug each in Hyper-V, Microsoft Outlook, LNK, Windows Hyper-V, Windows DHCP Client, Windows DHCP Server, and VBScript Engine.

Fortunately, this month’s security update bundle does not report of any publicly disclosed or actively exploited bug.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Source link

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More