X
Tech

Microsoft August 2019 Patch Tuesday fixes 93 security bugs

Of the 93 vulnerabilities Microsoft patched today, 29 are rated Critical and 64 are rated Important in severity.
Written by Catalin Cimpanu, Contributor
windows-updates-patch-tuesday.jpg

On the second Tuesday of the month -- as clockwork -- Microsoft released its monthly rollup of security updates known as Patch Tuesday.

This month, Microsoft patched 93 security flaws and published two security advisories with mitigations for two security-related issues impacting the company's products & services.

Unlike in previous months, none of the vulnerabilities that have been patched today were under attack, or had their details publicly disclosed online.

The RDS RCEs

But while security researchers say that all security bugs are important, the "stars" of this month's Patch Tuesday are the four remote code execution bugs Microsoft fixed in the Windows Remote Desktop Services (RDS) component -- CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226.

Of the four, the first two are the biggest threats.

In a blog post, Simon Pope, Director of Incident Response for the Microsoft Security Response Center (MSRC), said the two bugs are "wormable," akin to the now-infamous BlueKeep (CVE-2019-0708) bug that Microsoft patched in RDS in May.

This means attackers can exploit the bugs to take over a computer and then spread to other computers without any user interaction.

Patching CVE-2019-1181 and CVE-2019-1182 is of the utmost urgency, and for good reasons.

Other patched vulnerabilities

But the four remote code execution (RCE) bugs in the RDS component are not the only RCEs patched this month.

There are also seven RCEs impacting the Chakra scripting engine (included in Microsoft Edge and other Microsoft apps), two RCEs in Microsoft Hyper-V virtual machine hypervisor technology, six RCEs in the Microsoft Graphics component, one in Outlook, two in Word, two in the Windows DHCP client, two in the older Scripting Engine component, and one in the VBScript engine.

And there is also a patch for a bug in the shadowy CTF protocol that impacts all Windows versions since Windows XP.

All in all, the August 2019 Patch Tuesday is both bulky and critical. Of the 93 vulnerabilities Microsoft patched today, 29 are rated Critical and 64 are rated Important in severity.

Furthermore, with this ocassion, Microsoft also wanted to remind users that Windows 7 and Windows Server 2008 R2 will be out of extended support and no longer receiving updates as of January 14, 2020.

"We strongly recommend that you update any computers running Windows 7 or Windows Server 2008 R2 so you will continue receiving security updates," the company said.]

Other non-Microsoft security updates

Since the Microsoft Patch Tuesday is also the day when other vendors also release security patches, it's also worth mentioning that Adobe, SAP, and VMWare have also published their respective security updates earlier today.

Of the three, Adobe's security updates are the largest, with fixes for Photoshop, Experience Manager, Acrobat/Reader, the Creative Cloud desktop app, Prelude, Premiere Pro, Character Animator, and After Effects. Of note, there are no Flash security updates this month.

More in-depth information on today's Patch Tuesday updates is available on Microsoft's official Security Update Guide portal. You can also consult the table embedded below, this Patch Tuesday report generated by ZDNet, or these ones, put together by Trend Micro and the SANS Internet Storm Center.

TagCVE IDCVE Title
Online Services ADV190014 Microsoft Live Accounts Elevation of Privilege Vulnerability
Active Directory ADV190023 Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing
HTTP/2 CVE-2019-9513 HTTP/2 Server Denial of Service Vulnerability
HTTP/2 CVE-2019-9512 HTTP/2 Server Denial of Service Vulnerability
HTTP/2 CVE-2019-9511 HTTP/2 Server Denial of Service Vulnerability
HTTP/2 CVE-2019-9518 HTTP/2 Server Denial of Service Vulnerability
HTTP/2 CVE-2019-9514 HTTP/2 Server Denial of Service Vulnerability
Microsoft Bluetooth Driver CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerability
Microsoft Browsers CVE-2019-1193 Microsoft Browser Memory Corruption Vulnerability
Microsoft Browsers CVE-2019-1192 Microsoft Browsers Security Feature Bypass Vulnerability
Microsoft Dynamics CVE-2019-1229 Dynamics On-Premise Elevation of Privilege Vulnerability
Microsoft Edge CVE-2019-1030 Microsoft Edge Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1154 Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1143 Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1144 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2019-1152 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2019-1078 Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1158 Windows Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1150 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2019-1151 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2019-1153 Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1145 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2019-1148 Microsoft Graphics Component Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-1149 Microsoft Graphics Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-1155 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-1146 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-1147 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-1156 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-1157 Jet Database Engine Remote Code Execution Vulnerability
Microsoft Malware Protection Engine CVE-2019-1161 Microsoft Defender Elevation of Privilege Vulnerability
Microsoft NTFS CVE-2019-1170 Windows NTFS Elevation of Privilege Vulnerability
Microsoft Office CVE-2019-1201 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2019-1200 Microsoft Outlook Remote Code Execution Vulnerability
Microsoft Office CVE-2019-1199 Microsoft Outlook Memory Corruption Vulnerability
Microsoft Office CVE-2019-1205 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2019-1218 Outlook iOS Spoofing Vulnerability
Microsoft Office CVE-2019-1204 Microsoft Outlook Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2019-1202 Microsoft SharePoint Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2019-1203 Microsoft Office SharePoint XSS Vulnerability
Microsoft Scripting Engine CVE-2019-1133 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1141 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1131 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1196 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1197 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1140 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1139 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1194 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-1195 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2019-1163 Windows File Signature Security Feature Bypass Vulnerability
Microsoft Windows CVE-2019-1162 Windows ALPC Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1188 LNK Remote Code Execution Vulnerability
Microsoft Windows CVE-2019-1198 Microsoft Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1177 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1186 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1168 Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1176 DirectX Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1174 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1173 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1175 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1179 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1180 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1178 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-1172 Windows Information Disclosure Vulnerability
Microsoft Windows CVE-2019-0716 Windows Denial of Service Vulnerability
Microsoft XML CVE-2019-1187 XmlLite Runtime Denial of Service Vulnerability
Microsoft XML Core Services CVE-2019-1057 MS XML Remote Code Execution Vulnerability
Visual Studio CVE-2019-1211 Git for Visual Studio Elevation of Privilege Vulnerability
Windows - Linux CVE-2019-1185 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows DHCP Client CVE-2019-0736 Windows DHCP Client Remote Code Execution Vulnerability
Windows DHCP Server CVE-2019-1213 Windows DHCP Server Remote Code Execution Vulnerability
Windows DHCP Server CVE-2019-1206 Windows DHCP Server Denial of Service Vulnerability
Windows DHCP Server CVE-2019-1212 Windows DHCP Server Denial of Service Vulnerability
Windows Hyper-V CVE-2019-0718 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2019-0717 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2019-0714 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2019-0715 Windows Hyper-V Denial of Service Vulnerability
Windows Hyper-V CVE-2019-0720 Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-0965 Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V CVE-2019-0723 Windows Hyper-V Denial of Service Vulnerability
Windows Kernel CVE-2019-1164 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1169 Win32k Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1227 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-1159 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-1228 Windows Kernel Information Disclosure Vulnerability
Windows Kernel CVE-2019-1190 Windows Image Elevation of Privilege Vulnerability
Windows RDP CVE-2019-1181 Remote Desktop Services Remote Code Execution Vulnerability
Windows RDP CVE-2019-1225 Remote Desktop Protocol Server Information Disclosure Vulnerability
Windows RDP CVE-2019-1226 Remote Desktop Services Remote Code Execution Vulnerability
Windows RDP CVE-2019-1223 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
Windows RDP CVE-2019-1224 Remote Desktop Protocol Server Information Disclosure Vulnerability
Windows RDP CVE-2019-1182 Remote Desktop Services Remote Code Execution Vulnerability
Windows RDP CVE-2019-1222 Remote Desktop Services Remote Code Execution Vulnerability
Windows Scripting CVE-2019-1183 Windows VBScript Engine Remote Code Execution Vulnerability
Windows Shell CVE-2019-1184 Windows Elevation of Privilege Vulnerability
Windows SymCrypt CVE-2019-1171 SymCrypt Information Disclosure Vulnerability

Windows 10 apps: Which are worth keeping? Which ones should you dump?

More vulnerability reports:

Editorial standards