#1271693: Talos (Cisco) - Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage

Description: Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate."

This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories here, covering all of the new rules we have for this release.

Critical vulnerabilities
Microsoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below.

CVE-2019-1181 and CVE-2019-1182 are both remote code execution vulnerabilities in Remote Desktop Protocol. The vulnerabilities arise when an attacker connects to the target system using RDP and sends certain specially crafted requests. These bugs require no user interaction and do not require any authentication on the part of the attacker. An attacker could gain the ability to execute arbitrary code by exploiting these vulnerabilities. RDP has gained notoriety recently for being a part of the infamous BlueKeep vulnerability, a wormable bug in Microsoft that has yet to be exploited in the wild.

CVE-2019-1200 is a remote code execution vulnerability in Microsoft Outlook that occurs when the software fails to properly handle objects in memory. An attacker could use a specially crafted file to exploit this bug and be able to perform actions at the same security level as the current user. A user can exploit this vulnerability by tricking the user into opening a specially crafted file with a vulnerable version of Microsoft Outlook. However, this attack vector only works if the user opens the email itself — it does not work in preview mode.

The other critical vulnerabilities are:

CVE-2019-0719
CVE-2019-0720
CVE-2019-0736
CVE-2019-0965
CVE-2019-1131
CVE-2019-1133
CVE-2019-1139
CVE-2019-1140
CVE-2019-1141
CVE-2019-1144
CVE-2019-1145
CVE-2019-1149
CVE-2019-1150
CVE-2019-1151
CVE-2019-1152
CVE-2019-1181
CVE-2019-1182
CVE-2019-1183
CVE-2019-1188
CVE-2019-1194
CVE-2019-1195
CVE-2019-1196
CVE-2019-1197
CVE-2019-1199
CVE-2019-1200
CVE-2019-1201
CVE-2019-1204
CVE-2019-1205
CVE-2019-1213
CVE-2019-1222
CVE-2019-1226


Important vulnerabilities
This release also contains 65 important vulnerabilities, one of which we will highlight below.

CVE-2019-9506 is a vulnerability in Bluetooth that could allow an attacker to change the size of a device's encryption key. While it is not directly a Microsoft vulnerability, the company has released a fix for it. An attacker could use a special device to change the encryption key size of a Bluetooth-enabled device to become as small as one. This method only works if the attacker is within an appropriate range fo the targeted device. Microsoft released a software update that enforces a 7-octet minimum key length by default to ensure that a smaller encryption key does not allow an attacker to bypass encryption.

The other important vulnerabilities are:

CVE-2019-0712
CVE-2019-0714
CVE-2019-0715
CVE-2019-0716
CVE-2019-0717
CVE-2019-0718
CVE-2019-0723
CVE-2019-1030
CVE-2019-1057
CVE-2019-1078
CVE-2019-1143
CVE-2019-1146
CVE-2019-1147
CVE-2019-1148
CVE-2019-1153
CVE-2019-1154
CVE-2019-1155
CVE-2019-1156
CVE-2019-1157
CVE-2019-1158
CVE-2019-1159
CVE-2019-1160
CVE-2019-1161
CVE-2019-1162
CVE-2019-1163
CVE-2019-1164
CVE-2019-1168
CVE-2019-1169
CVE-2019-1170
CVE-2019-1171
CVE-2019-1172
CVE-2019-1173
CVE-2019-1174
CVE-2019-1175
CVE-2019-1176
CVE-2019-1177
CVE-2019-1178
CVE-2019-1179
CVE-2019-1180
CVE-2019-1184
CVE-2019-1185
CVE-2019-1186
CVE-2019-1187
CVE-2019-1190
CVE-2019-1192
CVE-2019-1193
CVE-2019-1198
CVE-2019-1202
CVE-2019-1203
CVE-2019-1206
CVE-2019-1211
CVE-2019-1212
CVE-2019-1218
CVE-2019-1223
CVE-2019-1224
CVE-2019-1225
CVE-2019-1227
CVE-2019-1228
CVE-2019-1229
CVE-2019-9511
CVE-2019-9512
CVE-2019-9513
CVE-2019-9514
CVE-2019-9518


Moderate vulnerability
There is one moderate vulnerability, CVE-2019-1185, an elevation of privilege vulnerability in Windows Subsystem for Linux.
Coverage
In response to these vulnerability disclosures, Talos is releasing a new SNORTⓇ rule set that detects attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.
More info: https://blog.talosintelligence.com/2019/08/microsoft-patch-tuesday-aug-2019.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+feedburner%2FTalos+%28Talos%E2%84%A2+Blog%29

Date added Aug. 14, 2019, 9:17 a.m.
Source Talos (Cisco)
Subjects
  • Latest Global Security News
  • Microsoft News - Security Related and General
  • Snort IDS