Microsoft Patches Zero-Day Vulnerabilities Under Active Attack

Microsoft issued fixes for 77 unique vulnerabilities this Patch Tuesday, including two zero-day privilege escalation vulnerabilities seen exploited in the wild.

Microsoft today patched 77 vulnerabilities and issued two advisories as part of its July security update. Two of these bugs are under active attack; six were publicly known at the time fixes were released.
Of the CVEs fixed today, 15 were categorized as Critical, 62 were rated Important, and one was ranked Moderate in severity. Patches address vulnerabilities in a range of Microsoft services including Microsoft Windows, Internet Explorer, Office and Office Services and Web Apps, Azure, Azure DevOps, .NET Framework, Visual Studio, SQL Server, ASP.NET, Exchange Server, and Open Source Software.
One of the vulnerabilities under active attack is
CVE-2019-1132
, a Win32k elevation of privilege flaw that exists when the Win32k component fails to properly handle objects in memory. Successful exploitation could lead to arbitrary code execution in kernel mode, which is normally reserved for trusted OS functions. An attacker would need access to a target system to exploit the bug and elevate privileges.
The other flaw seen exploited in the wild is
CVE-2019-0880
, another elevation of privilege vulnerability that exists in how splwow64.exe handles certain calls. On its own, the bug doesnt enable arbitrary code execution, but it could allow arbitrary code to run if an attacker uses it in combination with another bug, such as a remote code execution bug or another elevation of privilege flaw. Given its under attack, its likely this was paired with a second vulnerability, but Microsoft has not shared details on this.
These patches, though labeled as Important, should be prioritized, as they could be chained with other vulnerabilities to provide an attacker with complete system access, says Qualys patch management expert Jimmy Graham.
Graham also points to
CVE-2019-0785
, a Critical memory corruption vulnerability that exists in Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker with network access to the failover DHCP could run arbitrary code, he explains, noting that this patch should be prioritized for any organizations with systems running DHCP in failover mode.
One of the most critical vulnerabilities this month is present in Microsoft DHCP server, says Allan Liska, intelligence analyst for Recorded Future. This memory corruption vulnerability affects all versions of Windows Server from 2012 - 2019 and it is remotely exploitable. Recorded Future hasnt seen the bug being abused in the wild, he continues, and it doesnt appear to be a widely exploited flaw. That does not mean organizations should not prioritize patching this vulnerability, Liska says.
Another worth noting is publicly known vulnerability
CVE-2019-1068
, a remote code execution flaw that exists in Microsofts SQL Server when it incorrectly handles processing of internal functions. An attacker who successfully exploited this could execute code in the context of the SQL Server Database Engine service account, which they could do by sending a specially crafted query to an affected SQL server.
CVE-2019-1068 is categorized as Important, and it does require authentication, Graham points out. However, it could be chained with SQL injection to let an attacker completely compromise the server.
Satnam Narang, senior research engineer at Tenable, also points to
CVE-2019-0887
, a publicly known remote code execution vulnerability in Remote Desktop Services, formerly known as Terminal Services. Exploitation of this vulnerability could result in arbitrary code execution, but requires an attacker to have already compromised a target system, he explains. A successful attacker would have to first gain access to a system running RDS then wait for a victim system to connect to RDS. When the victim connects to the server, the attacker can exploit the bug to execute code on the victims system.
Microsoft patched four more publicly known bugs: Docker elevation of privilege vulnerability CVE-2018-15664; SymCrypt denial of service vulnerability CVE-2019-0865; Azure automation elevation of privilege vulnerability CVE-2019-0962; and Windows elevation of privilege vulnerability CVE-2019-1129.
Two advisories were also published today: one warns of a cross-site scripting
vulnerability
in Outlook on the Web. Another advisory
alerts
users to a Servicing Stack Update for all supported versions of Windows 10, Windows 8.1, Windows Server 2012 R2, and Windows Server 2012.
Related Content:
7 Ways to Mitigate Supply Chain Attacks
DevOps’ Inevitable Disruption of Security Strategy
Smash-and-Grab Crime Threatens Enterprise Security
7 Hot Cybersecurity Trends to Be Highlighted at Black Hat

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the
conference
and
to register.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Microsoft Patches Zero-Day Vulnerabilities Under Active Attack