Tuesday, August 13, 2019

Microsoft Patch Tuesday — Aug. 2019: Vulnerability disclosures and Snort coverage


Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 97 vulnerabilities, 31 of which are rated “critical," 65 that are considered "important" and one "moderate."

This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories here, covering all of the new rules we have for this release.

Critical vulnerabilities

Microsoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below.

CVE-2019-1181 and CVE-2019-1182 are both remote code execution vulnerabilities in Remote Desktop Protocol. The vulnerabilities arise when an attacker connects to the target system using RDP and sends certain specially crafted requests. These bugs require no user interaction and do not require any authentication on the part of the attacker. An attacker could gain the ability to execute arbitrary code by exploiting these vulnerabilities. RDP has gained notoriety recently for being a part of the infamous BlueKeep vulnerability, a wormable bug in Microsoft that has yet to be exploited in the wild.

CVE-2019-1200 is a remote code execution vulnerability in Microsoft Outlook that occurs when the software fails to properly handle objects in memory. An attacker could use a specially crafted file to exploit this bug and be able to perform actions at the same security level as the current user. A user can exploit this vulnerability by tricking the user into opening a specially crafted file with a vulnerable version of Microsoft Outlook. However, this attack vector only works if the user opens the email itself — it does not work in preview mode.

The other critical vulnerabilities are:

                Important vulnerabilities

                This release also contains 65 important vulnerabilities, one of which we will highlight below.

                CVE-2019-9506 is a vulnerability in Bluetooth that could allow an attacker to change the size of a device's encryption key. While it is not directly a Microsoft vulnerability, the company has released a fix for it. An attacker could use a special device to change the encryption key size of a Bluetooth-enabled device to become as small as one. This method only works if the attacker is within an appropriate range fo the targeted device. Microsoft released a software update that enforces a 7-octet minimum key length by default to ensure that a smaller encryption key does not allow an attacker to bypass encryption.

                The other important vulnerabilities are:

                Moderate vulnerability

                There is one moderate vulnerability, CVE-2019-1185, an elevation of privilege vulnerability in Windows Subsystem for Linux.

                Coverage 

                In response to these vulnerability disclosures, Talos is releasing a new SNORTⓇ rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.

                These rules are: 35190, 35191, 40851, 40852, 45142, 45143, 50936 - 50939, 50969 - 50974, 50987, 50988, 50940, 50941, 50998, 50999, 51001 - 51006

                No comments:

                Post a Comment