Today’s VERT Alert addresses Microsoft’s July 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-839 on Wednesday, July 10th. 

In-The-Wild & Disclosed CVEs

CVE-2019-0865

This vulnerability describes a denial of service that occurs when SymCrypt processes specially crafted digital signatures. This vulnerability was discussed by Forbes on June 12th after being disclosed by Tavis Ormandy via Google Project Zero.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE-2019-0887

A vulnerability in Remote Desktop Services clipboard redirection could lead to remote code execution. Clipboard redirection is the functionality that allows for the sharing of the clipboard between the local and remote host. A write-up on this attack was published by Eyal Itkin of Checkpoint back in February. It is important to note that the attacker would require access to a system running remote desktop and the victim would need to connect to the attacker-controlled system.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-0880

A privilege escalation vulnerability in splwow64.exe allows attackers to elevate privileges from low-integrity to medium-integrity. You can learn more about Mandatory Integrity Control here. Microsoft has indicated that they are seeing active exploitation of this vulnerability against older releases of Windows.

Microsoft has rated this as a 1 (Exploitation More Likely) for the Latest Software Release and a 0 (Exploitation Detected) for Older Software Releases on the Exploitability Index.

CVE-2019-1068

Microsoft SQL Server can incorrectly process internal functions leading to code execution in the context of the SQL Server Database Engine service account. To exploit this vulnerability, an attacker would need to be authenticated against the SQL server in order to perform the malicious query.

Microsoft has rated this as a 2 (Exploitation Less (Read more...)