This month’s security update covers security issues in a variety of Microsoft services and software, including certain graphics components, Outlook and the Chakra Scripting Engine. For more on our coverage of these bugs, check out our Snort advisories here, covering all of the new rules we have for this release.
Critical vulnerabilities
Microsoft disclosed 31 critical vulnerabilities this month, three of which we will highlight below.
CVE-2019-1181 and CVE-2019-1182 are both remote code execution vulnerabilities in Remote Desktop Protocol. The vulnerabilities arise when an attacker connects to the target system using RDP and sends certain specially crafted requests. These bugs require no user interaction and do not require any authentication on the part of the attacker. An attacker could gain the ability to execute arbitrary code by exploiting these vulnerabilities. RDP has gained notoriety recently for being a part of the infamous BlueKeep vulnerability, a wormable bug in Microsoft that has yet to be exploited in the wild.
CVE-2019-1200 is a remote code execution vulnerability in Microsoft Outlook that occurs when the software fails to properly handle objects in memory. An attacker could ..
Support the originator by clicking the read the rest link below.
