#1263180: Microsoft Patch Tuesday — June 2019: Vulnerability disclosures and Snort coverage

Description: Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 88 vulnerabilities, 18 of which are rated “critical," 69 that are considered "important" and one "moderate." This release also includes a critical advisory regarding security updates to Adobe Flash Player.

This month’s security update covers security issues in a variety of Microsoft’s products, including the Chakra scripting engine, the Jet database engine and Windows kernel. For more on our coverage of these bugs, check out the Snort blog post here, covering all of the new rules we have for this release.

Critical vulnerabilities
Microsoft disclosed 19 critical vulnerabilities this month, 10 of which we will highlight below.

CVE-2019-0988, CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003 and CVE-2019-1024 are all memory corruption vulnerabilities in the Chakra scripting engine. An attacker could exploit any of these bugs by tricking a user into visiting a specially crafted, malicious website while using the Microsoft Edge browser. If successful, the attacker could then corrupt memory in such a way that would allow them to take control of an affected system.

CVE-2019-0620 is a remote code execution vulnerability in Windows Hyper-V that exists when Hyper-V fails to properly validate input on a host server from an authenticated user using a guest operating system. An attacker could exploit this bug by running a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

CVE-2019-0888 is a remote code execution vulnerability that exists in the way ActiveX Data Obejcts handles object in memory. An attacker could exploit this vulnerability by tricking the user into visiting a specially crafted, malicious website. If successful, the attacker could then execute code in the context of the current user.

The other critical vulnerabilities are:

CVE-2019-0709
CVE-2019-0722
CVE-2019-0985
CVE-2019-0990
CVE-2019-1038
CVE-2019-1051
CVE-2019-1052
CVE-2019-1055

Important vulnerabilities
This release also contains 65 important vulnerabilities, one of which we will highlight below.

CVE-2019-1065 is an elevation of privilege vulnerability that occurs when the Windows kernel improperly handles objects in memory. An attacker would first have to log onto the system in order to exploit this vulnerability, and then run a specially crafted application to take control of the system. They would then have the ability to run arbitrary code in kernel mode.

The other important vulnerabilities are:

CVE-2019-0710
CVE-2019-0711
CVE-2019-0713
CVE-2019-0904
CVE-2019-0905
CVE-2019-0906
CVE-2019-0907
CVE-2019-0908
CVE-2019-0909
CVE-2019-0941
CVE-2019-0943
CVE-2019-0959
CVE-2019-0960
CVE-2019-0968
CVE-2019-0972
CVE-2019-0973
CVE-2019-0974
CVE-2019-0977
CVE-2019-0983
CVE-2019-0984
CVE-2019-0986
CVE-2019-0998
CVE-2019-1005
CVE-2019-1007
CVE-2019-1009
CVE-2019-1010
CVE-2019-1011
CVE-2019-1012
CVE-2019-1013
CVE-2019-1014
CVE-2019-1015
CVE-2019-1016
CVE-2019-1017
CVE-2019-1018
CVE-2019-1019
CVE-2019-1021
CVE-2019-1022
CVE-2019-1023
CVE-2019-1025
CVE-2019-1026
CVE-2019-1027
CVE-2019-1028
CVE-2019-1029
CVE-2019-1031
CVE-2019-1032
CVE-2019-1033
CVE-2019-1034
CVE-2019-1035
CVE-2019-1036
CVE-2019-1039
CVE-2019-1040
CVE-2019-1041
CVE-2019-1043
CVE-2019-1044
CVE-2019-1045
CVE-2019-1046
CVE-2019-1047
CVE-2019-1048
CVE-2019-1049
CVE-2019-1050
CVE-2019-1053
CVE-2019-1054
CVE-2019-1064
CVE-2019-1069


Moderate vulnerability
There is one moderate vulnerability, CVE-2019-0948, which is an information disclosure vulnerability in Windows Event Manager.
Coverage
In response to these vulnerability disclosures, Talos is releasing the following SNORTⓇ rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.

Snort rules: 44813-44814, 48051-48052, 49762-49765, 50162-50163, 50183-50184, 50198-50199, 50357-50376, 50393-50408, 50411-50414
More info: https://blog.talosintelligence.com/2019/06/microsoft-patch-tuesday-june-2019.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos%E2%84%A2+Blog%29

Date added June 12, 2019, 12:10 a.m.
Source Talos
Subjects
  • Latest Global Security News
  • Microsoft News - Security Related and General