July Patch Tuesday
Microsoft Resolved a Total of 77 Unique CVEs, Including Two Zero-Days that Have Been Reported in
Attacks in the Wild
By Chris Goettl, Director of Product Management, Security, Ivanti
Microsoft has released an update for everything including the kitchen smart sink! Ok, maybe not for sinks,
but there are updates for the Windows OS, Office, .Net, SQL, VSTS and an Advisory for Microsoft
Exchange Server! There are also updates for the following development binaries: Azure IoT Edge, Azure
Kubernetes Service, Azure Automation, Azure DevOps Server, ASP .Net Core, .Net Core and Chakra
Core. It is quite the lineup.
Microsoft resolved a total of 77 unique CVEs this month including two zero-days that have been reported
in attacks in the wild and six public disclosures.
The first exploited vulnerability (CVE- 2019 - 0880 ) is an Elevation of Privilege exploit in splwow64 affecting
windows 8.1, Server 2012 and later operating systems. If exploited, an attacker can elevate their privilege
level from a low to a medium-integrity. Once they have elevated their privilege level, an attacker could
exploit another vulnerability to allow them to execute code.
The second exploited vulnerability (CVE- 2019 - 1132 ) is also an Elevation of Privilege exploit. In this case
the vulnerability is in Win32k and affects Windows 7, Server 2008 and Server 2008 R2. While an attacker
would have to gain log-on access to the system to execute the exploit, the vulnerability, if exploited, would
allow the attacker to take full control of the system.