Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Patch Tuesday for July is here and after the massive release in June, the 77 patches issued this month seem manageable. Sixteen of the CVEs patched are rated "Critical", sixty are rated as "Important", and one singular CVE rated as "Moderate". Along with the common "Critical" vulnerabilities are a Remote Code Execution vulnerability for the .NET framework and an authentication bypass vulnerability in the Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF). This affects several Microsoft platforms including Windows, .NET, and Sharepoint and can be exploited by an attacker signing a Security Assertion Markup Language (SAML) token with an arbitrary symmetric key. This would allow the attacker to sign in as any other user, including accounts with greater privilege like Administrator.

Among the vulnerabilities rated as "Important" are several RCE vulnerabilities in Microsoft SQL Server and Remote Desktop. There are also ten RCE vulnerabilities patched in DirectWrite which is a newer Microsoft API for text layout. Directwrite was meant as a replacement for the GDI/GDI+ text renderer which many will recognize as a common visitor to the Patch Tuesday list month after month.

Not listed this month are some older CVEs you should pay attention to. CVEs from 2017 and 2018 are currently being actively targeted in live, "in the wild" campaigns including CVE-2017-11882, CVE-2018-0798 and CVE-2018-0802 used to weaponize malicious RTF files. So, as always, make sure you are current on ALL your patches.

See you in August, but until then, stay safe.

 

Critical

.NET Framework Remote Code Execution Vulnerability
CVE-2019-1113
Remote Code Execution

Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability
CVE-2019-1072
Remote Code Execution

Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107
Remote Code Execution

GDI+ Remote Code Execution Vulnerability
CVE-2019-1102
Remote Code Execution

Internet Explorer Memory Corruption Vulnerability
CVE-2019-1063
Remote Code Execution

Microsoft Browser Memory Corruption Vulnerability
CVE-2019-1104
Remote Code Execution

Scripting Engine Memory Corruption Vulnerability
CVE-2019-1001, CVE-2019-1004, CVE-2019-1056, CVE-2019-1059
Remote Code Execution

WCF/WIF SAML Token Authentication Bypass Vulnerability
CVE-2019-1006
Elevation of Privilege

Windows DHCP Server Remote Code Execution Vulnerability
CVE-2019-0785
Remote Code Execution

 

Important

.NET Denial of Service Vulnerability
CVE-2019-1083
Denial of Service

ADFS Security Feature Bypass Vulnerability
CVE-2019-0975, CVE-2019-1126
Security Feature Bypass

Azure Automation Elevation of Privilege Vulnerability
CVE-2019-0962
Elevation of Privilege

DirectWrite Information Disclosure Vulnerability
CVE-2019-1093, CVE-2019-1097
Information Disclosure

DirectWrite Remote Code Execution Vulnerability
CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128
Remote Code Execution

DirectX Elevation of Privilege Vulnerability
CVE-2019-0999
Elevation of Privilege

Microsoft Excel Information Disclosure Vulnerability
CVE-2019-1112
Information Disclosure

Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-1110, CVE-2019-1111
Remote Code Execution

Microsoft Exchange Information Disclosure Vulnerability
CVE-2019-1084
Information Disclosure

Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2019-1136
Elevation of Privilege

Microsoft Exchange Server Spoofing Vulnerability
CVE-2019-1137
Spoofing

Microsoft Office SharePoint XSS Vulnerability
CVE-2019-1134
Spoofing

Microsoft Office Spoofing Vulnerability
CVE-2019-1109
Spoofing

Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2019-0880
Elevation of Privilege

Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2019-1068
Remote Code Execution

Microsoft unistore.dll Information Disclosure Vulnerability
CVE-2019-1091
Information Disclosure

Microsoft Windows Elevation of Privilege Vulnerability
CVE-2019-1074, CVE-2019-1082
Elevation of Privilege

Outlook on the Web Cross-Site Scripting Vulnerability
ADV190021
Spoofing

Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2019-1108
Information Disclosure

Remote Desktop Services Remote Code Execution Vulnerability
CVE-2019-0887
Remote Code Execution

SymCrypt Denial of Service Vulnerability
CVE-2019-0865
Denial of Service

Team Foundation Server Cross-site Scripting Vulnerability
CVE-2019-1076
Spoofing

Visual Studio Elevation of Privilege Vulnerability
CVE-2019-1077
Elevation of Privilege

Visual Studio Information Disclosure Vulnerability
CVE-2019-1079
Information Disclosure

Win32k Elevation of Privilege Vulnerability
CVE-2019-1132
Elevation of Privilege

Win32k Information Disclosure Vulnerability
CVE-2019-1096
Information Disclosure

Windows Audio Service Elevation of Privilege Vulnerability
CVE-2019-1086, CVE-2019-1087, CVE-2019-1088
Elevation of Privilege

Windows DNS Server Denial of Service Vulnerability
CVE-2019-0811
Denial of Service

Windows dnsrlvr.dll Elevation of Privilege Vulnerability
CVE-2019-1090
Elevation of Privilege

Windows Elevation of Privilege Vulnerability
CVE-2019-1129, CVE-2019-1130
Elevation of Privilege

Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2019-1037
Elevation of Privilege

Windows GDI Information Disclosure Vulnerability
CVE-2019-1094, CVE-2019-1095, CVE-2019-1098, CVE-2019-1099, CVE-2019-1100, CVE-2019-1101, CVE-2019-1116
Information Disclosure

Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0966
Denial of Service

Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-1067
Elevation of Privilege

Windows Kernel Information Disclosure Vulnerability
CVE-2019-1071, CVE-2019-1073
Information Disclosure

Windows RPCSS Elevation of Privilege Vulnerability
CVE-2019-1089
Elevation of Privilege

Windows WLAN Service Elevation of Privilege Vulnerability
CVE-2019-1085
Elevation of Privilege

 

Moderate

ASP.NET Core Spoofing Vulnerability
CVE-2019-1075
Spoofing

 

No Rating

Docker Elevation of Privilege Vulnerability
CVE-2018-15664

About the Author

Karl Sigler is Security Research Manager, SpiderLabs Threat Intelligence at Trustwave. Karl is a 20- year infosec veteran responsible for research and analysis of current vulnerabilities, malware and threat trends at Trustwave. Follow Karl on LinkedIn.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo