Today’s VERT Alert addresses Microsoft’s July 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-839 on Wednesday, July 10th.
In-The-Wild & Disclosed CVEs
CVE-2019-0865
This vulnerability describes a denial of service that occurs when SymCrypt processes specially crafted digital signatures. This vulnerability was discussed by Forbes on June 12th after being disclosed by Tavis Ormandy via Google Project Zero. Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.
CVE-2019-0887
A vulnerability in Remote Desktop Services clipboard redirection could lead to remote code execution. Clipboard redirection is the functionality that allows for the sharing of the clipboard between the local and remote host. A write-up on this attack was published by Eyal Itkin of Checkpoint back in February. It is important to note that the attacker would require access to a system running remote desktop and the victim would need to connect to the attacker-controlled system. Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.
CVE-2019-0880
A privilege escalation vulnerability in splwow64.exe allows attackers to elevate privileges from low-integrity to medium-integrity. You can learn more about Mandatory Integrity Control here. Microsoft has indicated that they are seeing active exploitation of this vulnerability against older releases of Windows. Microsoft has rated this as a 1 (Exploitation More Likely) for the Latest Software Release and a 0 (Exploitation Detected) for Older Software Releases on the Exploitability Index.
CVE-2019-1068
Microsoft SQL Server can incorrectly process internal functions leading to code execution in the context of the SQL Server Database Engine service account. To exploit this vulnerability, an attacker would need to be authenticated against the SQL server in order to perform the malicious query. Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.
CVE-2019-1129
A vulnerability in Windows AppX Deployment Service (AppXSVC) allows an elevation of privilege when improperly handling hard links. We previously saw CVE-2019-0841 patched in April and following the release of that update, a pair of bypasses for CVE-2019-0841 were released. This may not be the last time we see AppXSVC patched. Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.
CVE-2019-1132
CVE-2019-1132 is currently seeing active exploitation on older software releases, while the latest software release is not affected. The vulnerability is a privilege escalation in Win32k that could give an attacker full control of an affected system. Microsoft has rated this as a 4 (Not affected) for the Latest Software Release and a 0 (Exploitation Detected) for Older Software Releases on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag |
CVE Count |
CVEs |
Windows Media |
4 |
CVE-2019-1085, CVE-2019-1086, CVE-2019-1087, CVE-2019-1088 |
Open Source Software |
1 |
CVE-2018-15664 |
Microsoft Windows DNS |
2 |
CVE-2019-0811, CVE-2019-1090 |
ASP.NET |
1 |
CVE-2019-1075 |
Microsoft Windows |
14 |
CVE-2019-0865, CVE-2019-0887, CVE-2019-0966, CVE-2019-0975, CVE-2019-1126, CVE-2019-0785, CVE-2019-0880, CVE-2019-1037, CVE-2019-1067, CVE-2019-1074, CVE-2019-1082, CVE-2019-1091, CVE-2019-1129, CVE-2019-1130 |
SQL Server |
1 |
CVE-2019-1068 |
.NET Framework |
3 |
CVE-2019-1113, CVE-2019-1006, CVE-2019-1083 |
Microsoft Graphics Component |
21 |
CVE-2019-1093, CVE-2019-1094, CVE-2019-1095, CVE-2019-1096, CVE-2019-1097, CVE-2019-1098, CVE-2019-1100, CVE-2019-1101, CVE-2019-1102, CVE-2019-1116, CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128, CVE-2019-0999 |
Microsoft Browsers |
1 |
CVE-2019-1104 |
Windows RDP |
1 |
CVE-2019-1108 |
Visual Studio |
2 |
CVE-2019-1077, CVE-2019-1079 |
Windows Kernel |
4 |
CVE-2019-1071, CVE-2019-1073, CVE-2019-1089, CVE-2019-1132 |
Azure DevOps |
2 |
CVE-2019-1072, CVE-2019-1076 |
Microsoft Exchange Server |
2 |
CVE-2019-1136, CVE-2019-1137 |
Azure |
1 |
CVE-2019-0962 |
Internet Explorer |
1 |
CVE-2019-1063 |
Windows Shell |
1 |
CVE-2019-1099 |
Microsoft Office |
5 |
CVE-2019-1109, CVE-2019-1110, CVE-2019-1111, CVE-2019-1112, CVE-2019-1084 |
Microsoft Scripting Engine |
9 |
CVE-2019-1056, CVE-2019-1059, CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107, CVE-2019-1001, CVE-2019-1004 |
Microsoft Office SharePoint |
1 |
CVE-2019-1134 |
Other Information
In addition to the Microsoft vulnerabilities included in the July Security Guidance, several advisories were released today.
Outlook on the web Cross-Site Scripting Vulnerability [ADV190021]
Microsoft has released information regarding a cross-site scripting vulnerability affecting Outlook on the web (formerly Outlook Web App) on-premise deployments. The vulnerability requires an attached image in the SVG format, which can be blocked using the steps outlined in this advisory.
Guidance to mitigate unconstrained delegation vulnerabilities [ADV1900006]
This previously released advisory was updated this month to announce that security updates have been released for all versions of windows that set the new trust flag to Yes for CVE-2019-0683.
