Tuesday, June 11, 2019

Microsoft Patch Tuesday — June 2019: Vulnerability disclosures and Snort coverage


Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 88 vulnerabilities, 18 of which are rated “critical," 69 that are considered "important" and one "moderate." This release also includes a critical advisory regarding security updates to Adobe Flash Player.

This month’s security update covers security issues in a variety of Microsoft’s products, including the Chakra scripting engine, the Jet database engine and Windows kernel. For more on our coverage of these bugs, check out the Snort blog post here, covering all of the new rules we have for this release.

Critical vulnerabilities

Microsoft disclosed 19 critical vulnerabilities this month, 10 of which we will highlight below.

CVE-2019-0988, CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003 and CVE-2019-1024 are all memory corruption vulnerabilities in the Chakra scripting engine. An attacker could exploit any of these bugs by tricking a user into visiting a specially crafted, malicious website while using the Microsoft Edge browser. If successful, the attacker could then corrupt memory in such a way that would allow them to take control of an affected system.

CVE-2019-0620 is a remote code execution vulnerability in Windows Hyper-V that exists when Hyper-V fails to properly validate input on a host server from an authenticated user using a guest operating system. An attacker could exploit this bug by running a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

CVE-2019-0888 is a remote code execution vulnerability that exists in the way ActiveX Data Obejcts handles object in memory. An attacker could exploit this vulnerability by tricking the user into visiting a specially crafted, malicious website. If successful, the attacker could then execute code in the context of the current user.

The other critical vulnerabilities are:

                Important vulnerabilities

                This release also contains 65 important vulnerabilities, one of which we will highlight below.

                CVE-2019-1065 is an elevation of privilege vulnerability that occurs when the Windows kernel improperly handles objects in memory. An attacker would first have to log onto the system in order to exploit this vulnerability, and then run a specially crafted application to take control of the system. They would then have the ability to run arbitrary code in kernel mode.

                The other important vulnerabilities are:


                Moderate vulnerability

                There is one moderate vulnerability, CVE-2019-0948, which is an information disclosure vulnerability in Windows Event Manager.

                Coverage 

                In response to these vulnerability disclosures, Talos is releasing the following SNORTⓇ rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.

                Snort rules: 44813-44814, 48051-48052, 49762-49765, 50162-50163, 50183-50184, 50198-50199, 50357-50376, 50393-50408, 50411-50414

                No comments:

                Post a Comment