It’s time to get vulnerable installations patched. Microsoft’s July Patch Tuesday release includes updates for several vulnerabilities, along with new advisories. Critical patches covered in the release include fixes for Windows DHCP Server, Azure DevOps Server and Team Foundation Server, and .NET Framework, namely assigned as CVE-2019-0785, CVE-2019-1072, and CVE-2019-1113. Other flaws in Azure Automation, DirectWrite, DirectX, SymCrypt, Windows DNS Server, and Windows GDI have also been resolved. Elevation of privilege vulnerabilities in Microsoft splwow64 (CVE-2019-0880) and Win32k (CVE-2019-1132), which were reported as being exploited, have also been patched.
Here’s a look at some of the noteworthy patches for this month, covering Critical-rated vulnerabilities:
CVE-2019-1107 is a remote code execution (RCE) vulnerability in the Chakra scripting engine and how it handles objects in memory in Microsoft Edge. An attacker who successfully takes advantage of this vulnerability can gain the same user rights as the current user and execute arbitrary code on the affected system. Successfully exploiting this vulnerability also allows an attacker to install programs, modify data, and create new accounts with full user rights on the affected system.
CVE-2019-1063 is an RCE vulnerability in Internet Explorer, which improperly accesses objects in memory. An attacker can take control of an affected system if the current user is logged on with administrative user rights. To exploit the vulnerability, an attacker can trick a user into viewing a specially crafted website through an email, email attachment, or instant message.
CVE-2019-1004 is an RCE vu ..
Support the originator by clicking the read the rest link below.
