1. IT-Security >
  2. Hacking >
  3. The June 2019 Security Update Review


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

The June 2019 Security Update Review

RSS Kategorie Pfeil Hacking vom | Quelle: thezdi.com Direktlink öffnen

June has arrived and so have the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.

Adobe Patches for June 2019

This month, Adobe has a small release with 10 CVEs addressed in Flash Player, Adobe Campaign, and ColdFusion. The update for Flash fixes an Important-severity Use-After-Free (UAF) bug reported through the ZDI program. The update for Campaign Classic is the largest of the three with seven CVEs included. The only Critical-rated bug fixed here corrects a command injection vulnerability. The other CVEs cover information disclosure bugs and an arbitrary read access bug. Three CVEs are included in the ColdFusion patch. All address Critical-rated code execution bugs. If you are using the development platform, this should be your priority.

Microsoft Patches for June 2019

In their largest patch cycle in recent memory, Microsoft released security patches for 88 CVEs along with four advisories. The updates cover Internet Explorer, Edge, Windows, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Skype for Business and Microsoft Lync, Exchange Server, Azure, and SQL Server. Of these 88 CVEs, 21 are rated Critical, 66 are rated Important, and one is rated Moderate in severity. A total of 18 of these CVEs came through the ZDI program. Four of these bugs are listed as publicly known, but none are listed as under active attack at the time of release.

Let’s take a closer look at some of the more interesting patches for this month, starting with some of the publicly known bugs:

 -       CVE-2019-1069 – Task Scheduler Elevation of Privilege Vulnerability
This patch covers one of the publicly known local privilege escalations (LPE) released as a group in late May. This case allows an attacker to escalate through the Task Scheduler – an exploit path popular in the days of Windows NT and XP. The initial PoC required having a cleartext password, but as ZDI researcher Simon Zuckerbraun shows, this isn’t always the case. Bugs from this source have been used by malware in the past, so it wouldn’t surprise me to see this highly exploitable bug used in future attacks. 

-       CVE-2019-0941 – Microsoft IIS Server Denial of Service Vulnerability
This patch corrects a bug in the IIS web server that could allow an attacker to take down a page utilizing request filtering. Note that it would not take down the entire server. Still, if the page attacked handles a critical function – like payment processing – the exploit affects could be significant. IIS security bugs aren’t as common as they once were, but don’t let that fact delay rolling this patch out to affected servers.

-       CVE-2019-1053 – Windows Shell Elevation of Privilege Vulnerability
Another one of the publicly known bugs, this patch corrects a sandbox escape that occurs when the Windows Shell fails to validate folder shortcuts. Anytime someone says “shortcuts vulnerability in Windows”, it evokes memories of exploits from years past. This vulnerability seems less severe, but any reliable sandbox escape should be taken seriously.

Here’s the full list of CVEs released by Microsoft for June 2019.

CVE Title Severity Public Exploited XI - Latest XI - Older Type
CVE-2019-1069 Task Scheduler Elevation of Privilege Vulnerability Important Yes No 1 1 EoP
CVE-2019-1064 Windows Elevation of Privilege Vulnerability Important Yes No 1 1 EoP
CVE-2019-0973 Windows Installer Elevation of Privilege Vulnerability Important Yes No 2 2 EoP
CVE-2019-1053 Windows Shell Elevation of Privilege Vulnerability Important Yes No 1 1 EoP
CVE-2019-0990 Scripting Engine Information Disclosure Vulnerability Critical No No 1 N/A Info
CVE-2019-1023 Scripting Engine Information Disclosure Vulnerability Critical No No 1 N/A Info
CVE-2019-0888 ActiveX Data Objects (ADO) Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2019-0989 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-0991 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-0992 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-0993 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-1002 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-1003 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-1024 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-1051 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-1052 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No 1 N/A RCE
CVE-2019-1038 Microsoft Browser Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2019-0985 Microsoft Speech API Remote Code Execution Vulnerability Critical No No N/A 1 RCE
CVE-2019-1080 Scripting Engine Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2019-0920 Scripting Engine Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2019-0988 Scripting Engine Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2019-1055 Scripting Engine Memory Corruption Vulnerability Critical No No 1 1 RCE
CVE-2019-0620 Windows Hyper-V Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2019-0709 Windows Hyper-V Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2019-0722 Windows Hyper-V Remote Code Execution Vulnerability Critical No No 2 2 RCE
CVE-2019-0972 Local Security Authority Subsystem Service Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2019-0941 Microsoft IIS Server Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2019-1029 Skype for Business and Lync Server Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2019-1025 Windows Denial of Service Vulnerability Important No No 1 1 DoS
CVE-2019-0710 Windows Hyper-V Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2019-0711 Windows Hyper-V Denial of Service Vulnerability Important No No 2 2 DoS
CVE-2019-0713 Windows Hyper-V Denial of Service Vulnerability Important No No N/A 2 DoS
CVE-2019-1018 DirectX Elevation of Privilege Vulnerability Important No No N/A 2 EoP
CVE-2019-0960 Win32k Elevation of Privilege Vulnerability Important No No N/A 1 EoP
CVE-2019-1014 Win32k Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2019-1017 Win32k Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-0943 Windows ALPC Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-1007 Windows Audio Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2019-1021 Windows Audio Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2019-1022 Windows Audio Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2019-1026 Windows Audio Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2019-1027 Windows Audio Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2019-1028 Windows Audio Service Elevation of Privilege Vulnerability Important No No 2 2 EoP
CVE-2019-0959 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-0984 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-1041 Windows Kernel Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-1065 Windows Kernel Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-1045 Windows Network File System Elevation of Privilege Vulnerability Important No No N/A 2 EoP
CVE-2019-0983 Windows Storage Service Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-0998 Windows Storage Service Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-0986 Windows User Profile Service Elevation of Privilege Vulnerability Important No No 1 1 EoP
CVE-2019-1081 Microsoft Browser Information Disclosure Vulnerability Important No No 1 N/A Info
CVE-2019-0968 Windows GDI Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2019-0977 Windows GDI Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2019-1009 Windows GDI Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2019-1010 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-1011 Windows GDI Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2019-1012 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-1013 Windows GDI Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2019-1015 Windows GDI Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2019-1016 Windows GDI Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2019-1046 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-1047 Windows GDI Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2019-1048 Windows GDI Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2019-1049 Windows GDI Information Disclosure Vulnerability Important No No N/A 2 Info
CVE-2019-1050 Windows GDI Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-1039 Windows Kernel Information Disclosure Vulnerability Important No No 2 2 Info
CVE-2019-1043 Comctl32 Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2019-0904 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2019-0905 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2019-0906 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2019-0907 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2019-0908 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2019-0909 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2019-0974 Jet Database Engine Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2019-1034 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2019-1035 Microsoft Word Remote Code Execution Vulnerability Important No No 2 2 RCE
CVE-2019-1005 Scripting Engine Memory Corruption Vulnerability Important No No 1 1 RCE
CVE-2019-1054 Microsoft Edge Security Feature Bypass Vulnerability Important No No 1 N/A SFB
CVE-2019-1019 Microsoft Windows Security Feature Bypass Vulnerability Important No No 2 2 SFB
CVE-2019-1044 Windows Secure Kernel Mode Security Feature Bypass Vulnerability Important No No N/A 2 SFB
CVE-2019-0996 Azure DevOps Server Spoofing Vulnerability Important No No 2 2 Spoof
CVE-2019-1040 Windows NTLM Tampering Vulnerability Important No No 2 2 Tampering
CVE-2019-1031 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2019-1032 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2019-1033 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2019-1036 Microsoft Office SharePoint XSS Vulnerability Important No No 2 2 XSS
CVE-2019-0948 Windows Event Viewer Information Disclosure Vulnerability Moderate No No 2 2 Info

The other publicly known bugs patched this month involve LPEs in the Windows Installer and the Windows AppX Deployment Service (AppXSVC).

Looking at the Critical-rated vulnerabilities patched for June, three Hyper-V Remote Code Execution (RCE) bugs definitely stand out. In each of these cases, someone on the guest OS could end up executing code on the underlying host OS. Another Critical-rated bug involves the text-to-speech (TTS) functionality of the Microsoft Speech API. While the exploit scenario itself involves a bit of social engineering, the abuse of this API for code execution is certainly fascinating. The remaining Critical-rated bugs all involve a browser component and lead to code execution should you visit a specially crafted website.

We should also note that two of the Critical-rated browser bugs are listed as information disclosure rather than RCE. These types of bugs are generally rated as Important, and it’s unclear why these would be different. Regardless, a successful exploit of either of these bugs would result in the disclosure of uninitialized memory, which could then be used for other purposes.

The June release contains a surprising number of denial-of-service (DoS) bugs being addressed. In addition to the aforementioned IIS vulnerability, DoS bugs in Hyper-V and Skype for Business get patches this month. A DoS bug in the OS could cause a system hang when connecting to a network share. Most concerning is a DoS in the LSASS service could be used to trigger an automatic reboot if the service receives a specially crafted request. One can envision a flood of these requests being quite the nuisance.

After getting 13 patches last month, the Jet Database Engine receives only seven patches for June. The Windows GDI component is the popular choice for this month, with 14 info disclosure bugs getting patches in this release.

A variety of Elevation of Privilege (EoP) bugs in various components also receive patches this month. Most notably are the ones for Windows Kernel and Windows Audio Service. The Audio Service vulnerabilities – all six of them – are slightly different than a standard EoP. Most EoPs just require an authorized user to execute specially crafted code on a target system. These bugs require a secondary exploit to be used in conjunction with the Audio Server bugs to execute code with elevated privileges. June brings a couple of patches for code execution bugs in Microsoft Word, but the majority of Office-related patches correct Cross-site Scripting (XSS) vulnerabilities in SharePoint.

Three patches in this release involve some form of Security Feature Bypass (SFB). One of these bugs involves Edge not properly recognizing Mark of the Web (MOTW) tagging on content. There’s quite a bit of Windows security technologies rely on identifying MOTW content, so it’s easy to understand why attackers would want to bypass it. The next bypass vulnerability impacts the Windows Secure Kernel Mode, as it allows attackers to violate Virtual Trust Levels (VTL). The final bypass impacts Windows authentication via NETLOGON. There are certain cases where an attacker could obtain a session key and sign messages. Should they manage this, the attacker could access a target machine using the original user privileges.

Another patch correcting an NTLM vulnerability addresses a tampering bug. In this case, the attacker would need to intercept traffic (e.g. be a man-in-the-middle) to bypass NTLM Message Integrity Check protection. A successful attack would downgrade NTLM security features. Rounding out the release is a patch for a cross-site request forgery (CSRF) bug in the Azure DevOps server. Successful exploitation of this vulnerability could bypass OAuth protections and register an application on behalf of the targeted user.

The June release includes several advisories. We’ve already mentioned the Exchange DiD update. Several CVEs are fixed by a patch for the HoloLens mixed reality headset that are related to the Broadcom wireless chipset. These four bugs could allow for code execution on the headset. ADV190016 provides a patch to fix the publicly known CVE-2019-2102, which covers a bug in the Bluetooth Low Energy (BLE) version of FIDO Security Keys. Google has issued their patch for Android, and Microsoft is using this advisory to block the pairing of these keys with the pairing misconfiguration. Microsoft Exchanged gets some defense-in-depth fixes through Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu The June 2019 Security Update Review






Ähnliche Beiträge

  • 1. CentOS Blog: CentOS Pulse Newsletter, March 2019 (#1903) vom 489.03 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, Another month into 2019, and we have a lot to tell you about. Releases and updates SIG updates Events Contributing to the newsletter CentOS is 15! As you may have seen either at recent events, or on social media, we're getti
  • 2. CentOS Blog: CentOS Pulse Newsletter, March 2019 (#1903) vom 489.03 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, Another month into 2019, and we have a lot to tell you about. Releases and updates SIG updates Events Contributing to the newsletter CentOS is 15! As you may have seen either at recent events, or on social media, we're getti
  • 3. CentOS Blog: CentOS Pulse Newsletter, March 2019 (#1903) vom 489.03 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, Another month into 2019, and we have a lot to tell you about. Releases and updates SIG updates Events Contributing to the newsletter CentOS is 15! As you may have seen either at recent events, or on social media, we're getti
  • 4. CentOS Blog: CentOS Pulse Newsletter, March 2019 (#1903) vom 489.03 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, Another month into 2019, and we have a lot to tell you about. Releases and updates SIG updates Events Contributing to the newsletter CentOS is 15! As you may have seen either at recent events, or on social media, we're getti
  • 5. The June 2019 Security Update Review vom 466.91 Punkte ic_school_black_18dp
    June has arrived and so have the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for June 2019 This month, Ad
  • 6. CentOS Blog: CentOS Community Newsletter, July 2019 (#1907) vom 451.95 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, Yes, I'm running a little behind schedule with this month's newsletter. That's because I just got back from the Open Source Summit in Shanghai, where I met a number of CentOS enthusiasts. More about that a little later. CentOS 8 u
  • 7. The February 2019 Security Update Review vom 384.22 Punkte ic_school_black_18dp
    February is here and with it comes the latest in security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2019
  • 8. The February 2019 Security Update Review vom 384.22 Punkte ic_school_black_18dp
    February is here and with it comes the latest in security offerings from Adobe and Microsoft. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for February 2019
  • 9. The May 2019 Security Update Review vom 383.19 Punkte ic_school_black_18dp
    May is here and so are the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month.   Adobe Patches for May 2019 This month, Ado
  • 10. The July 2019 Security Update Review vom 380 Punkte ic_school_black_18dp
    July has arrived and so have the scheduled security patches from Microsoft and Adobe. Take a break from your regularly scheduled activities and join us as we review the details for security patches for this month. Adobe Patches for July 2019 Adobe released
  • 11. CentOS Blog: CentOS Pulse Newsletter, May 2019 (#1905) vom 361.71 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, Another month into 2019, and we have a lot to tell you about. Releases and updates SIG updates Events Contributing to the newsletter #CentOS15 Yes, we've mentioned this before, but we're still pretty stoked about it. On the 15
  • 12. CentOS Blog: CentOS Pulse Newsletter, May 2019 (#1905) vom 361.71 Punkte ic_school_black_18dp
    Dear CentOS enthusiast, Another month into 2019, and we have a lot to tell you about. Releases and updates SIG updates Events Contributing to the newsletter #CentOS15 Yes, we've mentioned this before, but we're still pretty stoked about it. On the 15