Microsoft released its Patch Tuesday July 2019 software updates to address a total of 77 vulnerabilities in its Windows operating systems and other products. Including 15 rated as critical and two zero-day vulnerabilities are known to be under active exploit.
Microsoft Patches Two Zero-Days Under Active Attack
Microsoft has fixed two actively exploited vulnerabilities that could allow programs to run with higher privilege levels. one affects all supported versions of the Windows operating system, and the other affects Windows 7 and Server 2008, have been reported as being actively exploited in the wild. Both actively exploited vulnerabilities lead to elevation of privilege, one (CVE-2019-1132) of which resides in the Win32k component and could allow an attacker to run arbitrary code in kernel mode.
The other actively exploited vulnerability (CVE-2019-0880) resides in the way splwow64 handles certain calls, allowing an attacker or a malicious program to elevate its privileges on an affected system from low-integrity to medium-integrity.
- CVE-2019-1132 - Win32k Elevation of Privilege Vulnerability
- CVE-2019-0880 - Microsoft splwow64 Elevation of Privilege Vulnerability
System administrators are strongly advised to apply the latest Microsoft security patches as soon as possible to keep hackers and cybercriminals away from taking control of their Windows computer systems.
Besides these two highly critical flaws, Microsoft also patched six other vulnerabilities whose exploitation details became public and could have helped attackers; however, they were not exploited until today, when Microsoft shipped patches.
- CVE-2018-15664 - Docker Elevation of Privilege Vulnerability
- CVE-2019-0865 - SymCrypt Denial of Service Vulnerability
- CVE-2019-0887 - Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2019-0962 - Azure Automation Elevation of Privilege Vulnerability
- CVE-2019-1068 - Microsoft SQL Server Remote Code Execution Vulnerability
- CVE-2019-1129 - Windows Elevation of Privilege Vulnerability
More in-depth information on July's Patch Tuesday updates is available on Microsoft's official Security Update Guide portal.
Run the July Patch Tuesday Audit
Similar to previous months, we've created an audit report which checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview which assets are already on the latest Windows update, and which ones still need to be patched.
If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.