Microsoft patches 93 vulnerabilities with August 2019 Patch Tuesday update, including four severe bugs.
The second Tuesday of the month is Microsoft’s Patch Tuesday, the day the company releases its monthly bulk of security updates. In this month’s Patch Tuesday, Microsoft fixed 93 security vulnerabilities and released 2 advisories. The patch did not include any zero-day fixes, aka vulnerabilities that are exploited by cyber crooks before a patch is released, but four critical flaws were fixed.
Critical vulnerabilities patched
The patches address four major vulnerabilities in Microsoft’s Remote Desktop Service, the feature that is used to remotely access and administer a Windows computer. The vulnerabilities in question are CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226, with the first two being the most critical ones. According to Simon Pope, Director of Incident Response at Microsoft, the two vulnerabilities are “wormable”, just like the BlueKeep vulnerability (CVE-2019-0708), which means that any malware that exploits them would be able to spread from vulnerable computer to vulnerable computer without user interaction. The good news is that Microsoft does not believe the mentioned vulnerabilities were known to any third party.
Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions are affected by the vulnerabilities, thus require urgent updating.
Apart from the four mentioned bugs, Microsoft also patched other serious vulnerabilities, including seven RCEs impacting the Chakra scripting engine, six RCEs in Microsoft Graphics component, one RCE is Outlook, and two RCEs in Word.
In total, Microsoft released 93 vulnerability fixes, 35 of which affect Server versions of Windows, and 70 aimed at Windows 10. These security updates should be installed on as soon as possible to prevent malicious actors from taking advantage of the vulnerabilities. It is also recommended to turn on automatic updates. Microsoft also reminds that from January 14, 2020, Windows 7 and Windows Server 2008 R2 will no longer receive updates, thus it is strongly recommended to upgrade to a newer version of Windows.