Weekly Comments

13 - 20 August 2019

Microsoft Patch Tuesday August addresses 93 vulnerabilities, of which 29 are rated critical

Microsoft Patch Tuesday August addresses 93 vulnerabilities, of which 29 are rated critical as they can lead to remote code execution and memory corruption. Four critical vulnerabilities in Remote Desktop Services (RDS) can be exploited without authentication or user interaction. Of note, CVE-2019-1181 and CVE-2019-1182 can be considered “wormable” and are similar to the BlueKeep (CVE-2019-0708) vulnerability that is patched in May 2019. Other affected products include scripting engine used in MS Edge and other Microsoft apps, Hyper-V, MS Graphics component, MS Outlook, MS Word, Windows DHCP client, and VBScript engine.

Adobe also released its monthly patch in tandem with Microsoft, which addresses 119 flaws in Acrobat and Reader, Photoshop, Effects, Character Animator, Premiere Pro, Prelude, Creative Cloud and Experience Manager. Acrobat and Reader accounted for most of the flaws with 76 vulnerabilities that can lead to arbitrary code execution and information disclosure. Photoshop has 34 vulnerabilities of which 22 are rated critical that can lead to arbitrary code execution.

System administrators are encouraged to apply the latest security patch to reduce the attack surface of Windows systems deployed in their environment. Priority shall be accorded to the four critical vulnerabilities in the RDS services as threat actors may develop exploits for mass malware deployment.

 

References:

August 2019 Security Updates

Microsoft Security Update Guide

Security bulletin for Adobe Acrobat and Reader | APSB19-41

Security updates available for Adobe Photoshop CC | APSB19-44

Security updates available for Adobe Experience Manager | APSB19-42

Security updates available for Creative Cloud Desktop Application | APSB19-39

Security Updates Available for Adobe Prelude CC | APSB19-35

Security Updates Available for Adobe Premiere Pro CC | APSB19-33

Security Updates Available for Adobe Character Animator | APSB19-32

Security Updates Available for Adobe After Effects | APSB19-31

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence