Cyber Security Agency of Singapore
  • Report an Incident
  • Contact Us
Explore CSA
Explore CSA
Who We Are
Mission, Vision and Values Our Identity About SingCERT Committees and Panels
What We Do
Careers
Working in CSA How We Recruit Job Opportunities Cybersecurity Development Programme (CSDP) Internships Scholarships
Mission, Vision and Values
Our Identity
About SingCERT
Committees and Panels
Working in CSA
How We Recruit
Job Opportunities
Cybersecurity Development Programme (CSDP)
Internships
Scholarships
Information For
Information For
CII Sectors Enterprises Security & IT Professionals General Public Parents & Educators Students Seniors
Alerts & Advisories
Alerts & Advisories
Alerts Advisories Bulletins Subscribe for Updates
News & Events
News & Events
Events
Upcoming Events Past Events
Press Releases Speeches News Articles
Upcoming Events
Past Events
Legislation
Legislation
Cybersecurity Act Codes of Practice Calculator Forms Handbook Notices Industry Consultation Supplementary References Whistleblowing
Our Programmes
Our Programmes
Talent & Skills Development
Cybersecurity Career Mentoring Programme SG Cyber Talent CSAT Programme
Support for Enterprises
SG Cyber Safe PSG Cybersecurity Solutions
Innovation Schemes
CSA Cybersecurity Co-Innovation and Development Fund (CCDF) ICE71
Cybersecurity and Labelling Schemes
CSA Common Criteria Cybersecurity Labelling Scheme (CLS) CLS-Ready National IT Evaluation Scheme (NITES) Archive
Cybersecurity Awareness
SG Cyber Safe Seniors SG Cyber Safe Students
Cybersecurity Career Mentoring Programme
SG Cyber Talent
CSAT Programme
SG Cyber Safe
PSG Cybersecurity Solutions
CSA Cybersecurity Co-Innovation and Development Fund (CCDF)
ICE71
CSA Common Criteria
Cybersecurity Labelling Scheme (CLS)
CLS-Ready
National IT Evaluation Scheme (NITES)
Archive
SG Cyber Safe Seniors
SG Cyber Safe Students
Tips & Resources
Tips & Resources
SingCERT
Resources
CyberSense GoSafeOnline Kindsville Times Magazine Videos
Publications Interactive Tools Forms and Documents Videos Infographics and Posters
CyberSense
GoSafeOnline
Kindsville Times Magazine
Videos
When autocomplete results are available use up and down arrows to review and enter to select.
CSA website will be undergoing scheduled maintenance from 12am to 8am on 30 October 2024, and will not be available during this period. We apologise for any inconvenience.
Home Alerts & Advisories Advisories 2019 [SingCERT] Microsoft July 2019 Patch Tuesday

[SingCERT] Microsoft July 2019 Patch Tuesday

Published on 10 Jul 2019 | Updated on 16 Mar 2022

Background

Microsoft has announced the release of 77 security patches to address vulnerabilities affecting its operating system and other products.

The following vulnerabilities were rated critical and require immediate attention:

Zero-day vulnerabilities

  • CVE-2019-1132 - This vulnerability exists when the Win32k component fails to properly handle objects in memory. Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code in kernel mode.
  • CVE-2019-0880 - This vulnerability exists in how splwow64.exe handles certain calls. Successful exploitation of the vulnerability could allow an attacker to elevate privileges on an affected system from low-integrity to medium-integrity.

Critical vulnerabilities

  • CVE-2019-1113 - This vulnerability exists in .NET software when the software fails to check the source markup of a file. Successful exploitation of the vulnerability could allow an attacker to run arbitrary code in the context of the current user.
  • CVE-2019-1072 - This vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input. Successful exploitation of the vulnerability could allow an attacker to execute code on the target server in the context of the DevOps or TFS service account.
  • CVE-2019-1063 - This vulnerability exists when Internet Explorer improperly accesses objects in memory. Successful exploitation of the vulnerability could allow an attacker to gain the same user rights as the current user.
  • CVE-2019-1104 - This vulnerability exists in the way that Microsoft browsers access objects in memory. Successful exploitation of the vulnerability could allow an attacker to gain the same user rights as the current user.
  • CVE-2019-1102 - This vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. Successful exploitation of the vulnerability could allow an attacker to take control of the affected system.
  • CVE-2019-1062, CVE-2019-1106, CVE-2019-1092, CVE-2019-1103, CVE-2019-1107- These vulnerabilities exist in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. Successful exploitation of the vulnerabilities could allow an attacker to gain the same user rights as the current user.
  • CVE-2019-1004, CVE-2019-1056- These vulnerabilities exist in the way that the scripting engine handles objects in memory in Internet Explorer. Successful exploitation of the vulnerabilities could allow an attacker to gain the same user rights as the current user.
  • CVE-2019-1001 - This vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. Successful exploitation of the vulnerability could allow an attacker to gain the same user rights as the current user.
  • CVE-2019-0785 - This vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. Successful exploitation of the vulnerability could allow an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive.
  • ADV990001 - This is a list of the latest servicing stack updates for each operating system. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001


For the full list of security updates released by Microsoft, please visit https://portal.msrc.microsoft.com/en-us/security-guidance.

Affected Products

The security release contains updates for the following:

  • Microsoft Windows
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Azure DevOps
  • Open Source Software
  • .NET Framework
  • Azure
  • SQL Server
  • ASP.NET
  • Visual Studio
  • Microsoft Exchange Server

Impact

Successful exploitation of these critical vulnerabilities could allow an attacker to perform remote code execution and take control of the affected systems to perform malicious activities, including unauthorised installation of programs, creating rogue administrator accounts and viewing, changing, or deleting data.

Recommendation

Users and system administrators of affected products are advised to apply the security updates immediately.

References

  • https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/253dc509-9a5b-e911-a98e-000d3a33c573
  • https://www.bleepingcomputer.com/news/microsoft/microsofts-june-2019-patch-tuesday-fixes-88-vulnerabilities/

 

Tags
Share
facebook-img twitter-img Twitter linkedin-img Linkedin whatsapp-img WhatsApp email-img Email

logoc9c46ef24db94f75a6c90328d075495b

Cyber Security Agency of Singapore

5 Maxwell Road#03-00 Tower Block, MND Complex Singapore 069110
  • Explore CSA
    • Who We Are
    • What We Do
    • Careers
  • Information For
    • CII Sectors
    • Enterprises
    • Security & IT Professionals
    • General Public
    • Parents & Educators
    • Students
    • Seniors
  • Our Programmes
    • Talent & Skills Development
    • Support for Enterprises
    • Innovation Schemes
    • Cybersecurity and Labelling Schemes
    • Cybersecurity Awareness
  • Tips & Resources
    • SingCERT
    • Resources
    • Publications
    • Interactive Tools
    • Forms and Documents
    • Videos
  • Legislation
    • Cybersecurity Act
    • Codes of Practice
    • Forms
    • Handbook
    • Notices
    • Supplementary References
    • Whistleblowing
  • News & Events
    • Events
    • Press Releases
    • Speeches
    • News Articles
  • Alerts & Advisories
    • Alerts
    • Advisories
    • Bulletins
    • Subscribe for Updates
Follow Us On Social Media
  • social-img
  • social-img
  • social-img
  • social-img
  • social-img
  • social-img
  • Feedback
  • Frequently Asked Questions
  • Subscribe for Updates
  • Privacy Statements
  • Terms of Use
  • Rate this Website
  • Report Vulnerability
  • Sitemap
  • GOV
  • REACH
© 2022, Government of Singapore
Last updated 23 Nov 2024
Back To Top