By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 85 vulnerabilities, 19 of which are rated “critical," 65 that are considered "important" and one "moderate." There is also a critical advisory relating to the latest update to Adobe Flash Player.
This month’s security update covers security issues in a variety of Microsoft services and software, including the Jet Database Engine and the Hyper-V hypervisor.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here.
Critical vulnerabilities
Microsoft disclosed 19 critical vulnerabilities this month, all of which we will highlight below.
CVE-2019-1291, CVE-2019-1290, CVE-2019-0788 and CVE-2019-0787 are all remote code execution vulnerabilities in Windows Remote Desktop Protocol. An attacker can exploit these bugs by sending a specially crafted request to a client’s RDP software. If successful, the attacker could then gain the ability to execute arbitrary code. These vulnerabilities are pre-authentication and require no user interaction.
CVE-2019-1257, microsoft patch tuesday vulnerability disclosures snort coverage
