Microsoft Patch Tuesday August addresses 93 vulnerabilities, of which 29 are rated critical as they can lead to remote code execution and memory corruption. Four critical vulnerabilities in Remote Desktop Services (RDS) can be exploited without authentication or user interaction. Of note, CVE-2019-1181 and CVE-2019-1182 can be considered “wormable” and are similar to the BlueKeep (CVE-2019-0708) vulnerability that is patched in May 2019. Other affected products include scripting engine used in MS Edge and other Microsoft apps, Hyper-V, MS Graphics component, MS Outlook, MS Word, Windows DHCP client, and VBScript engine.
Adobe also released its monthly patch in tandem with Microsoft, which addresses 119 flaws in Acrobat and Reader, Photoshop, Effects, Character Animator, Premiere Pro, Prelude, Creative Cloud and Experience Manager. Acrobat and Reader accounted for most of the flaws with 76 vulnerabilities that can lead to arbitrary code execution and information disclosure. Photoshop has 34 vulnerabilities of which 22 are rated critical that can lead to arbitrary code execution.
System administrators are encouraged to apply the latest security patch to reduce the attack surface of Windows systems deployed in their environment. Priority shall be accorded to the four critical vulnerabilities in the RDS services as threat actors may develop exploits for mass malware deployment.
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services