The Cyber Source blog

Cyber Security and NOC Knowhow™, in plain English

Threat Intel July 2019: 77 vulnerabilities including 2 zero-days

Threat Intelligence.

July 2019 Threat Intelligence (CRITICAL ALERT)

This month, Microsoft have patched 77 vulnerabilities; 16 of which are ranked critical and 52 marked as important. Also included within this month's updates are fixes for 5 vulnerabilities that were made public (but not exploited).

11 of the critical bugs are for scripting engines and browsers. The additional 5 affect the DHCP server, GDI+, the .NET Framework and the Azure DevOps server/team foundation server.

Full information on this months patches can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

Zero-Days actively exploited in the wild

There were releases for 'important'-level patches for two privilege-escalation vulnerabilities, or zero-days, known as 'Win32k' and 'splwow64'. These are currently being exploited in the wild.

Although these patches were ranked 'important', they should be priorities because they're potentially linked with vulnerabilities that give attackers complete system access.

Win32k flaw

The win32k flaw (CVE-2019-1132) disturbs Windows 7, Server 2008 and Server 2008 R2.

While attackers would need to gain full log on access to the system to carry out the exploit, the vulnerability if exploited would grant the attacker full control of the system. This zero-day has also been connected to a chain of attacks carried out by a group of Russian state-funded hackers.

SPLwow64

The bug splwow64 (CVE-2019-0880) is the print driver host for 32-bit applications. This would give an attacker access to go from low to medium system privileges. If the patch can't be deployed immediately, the vulnerability can be reduced by disabling the print spooler. This big affects Windows 8.1, Server 2012 and later OS.

Microsoft have also patched five other vulnerabilities, where the exploit details were made public and could have aided attackers; however these were not exploited until today when Microsoft released patches.

Publicly disclosed vulnerabilities

Patching is important...

Security vulnerabilities are the 'low hanging fruit' for hackers. Patching is essentials to keep your information safe. It is also good practice to back up your system or at least your data before you apply any updates.

Customers are advised to follow these security tips:

  • Install vendor patches immediately when available.
  • Run all software with least privileges while still maintaining functionality.
  • Do not handle files from questionable sources.
  • Avoid visiting sites with unknown integrity.
  • Block external access at the network perimeter to all key systems unless access is necessary.

CIO-Expert-Step-by-Step-Guide-to-Cyber-Security-Improvement


Related articles:



About Comtact Ltd.

Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).

Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact's state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK's leading organisations.

Explore our 24/7 Security Operations Centre (SOC)

SHARE THIS STORY | |

Sign-up for weekly updates

Recent Posts

Recent Posts