HKCert
HKCERT logo Hong Kong Computer Emergency Response Team Coordination Centre

HKCERT logo Hong Kong Computer Emergency Response Team Coordination Centre

  

Microsoft Monthly Security Update (Aug 2019)

Release Date: 14 / 08 / 2019
Last Update: 21 / 08 / 2019
Risk Level:  


Microsoft has released monthly security update for their products:

 

Vulnerable ProductSeverityImpactsNotes
Microsoft OfficeModerately Critical Moderately CriticalRemote Code Execution
Elevation of Privilege
Spoofing
Information Disclosure
 
BrowserModerately Critical Moderately CriticalSecurity Restriction Bypass
Remote Code Execution
Information Disclosure
 
Developer ToolsModerately Critical Moderately CriticalRemote Code Execution
Elevation of Privilege
 
Microsoft DynamicsModerately Critical Moderately CriticalElevation of Privilege 
WindowsHighly Critical Highly CriticalData Manipulation
Security Restriction Bypass
Elevation of Privilege
Denial of Service
Remote Code Execution
Information Disclosure

Two critical vulnerabilities in Remote Desktop Services (RDS):
CVE-2019-1181
CVE-2019-1182

 

[Updated 21-Aug-2019]: We noticed a Proof-of-Concept exploit software for CVE-2019-1181 and CVE-2019-1182 was being developed. It potentially might develop into a worm-like outbreak in the Internet. As such, the criticality level is changed from Moderately to Highly.

 
 

 

Number of 'Extremely Critical' product(s): 0

Number of 'Highly Critical' product(s): 1

Number of 'Moderately Critical' product(s): 4

Evaluation of overall 'Criticality Level': Highly Critical

  • Denial of Service
  • Elevation of Privilege
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure
  • Data Manipulation
  • Microsoft Office
  • Browser
  • Developer Tools
  • Microsoft Dynamics
  • Windows

Before installation of the software, please visit the vendor web-site for more details.

  • Apply fixes issued by the vendor.