Automox Patch Tuesday Breakdown: August 2019

Welcome to August's Automox Patch Tuesday breakdown. Microsoft has rolled out over 90 updates this month, most of which are rated “Critical” or “Important.” Two of these vulnerabilities are Remote Desktop Protocol vulnerabilities that affect all versions of Windows. These are wormable vulnerabilities that can be used by attackers to download and install malware on targeted devices that are left vulnerable.

August looks like another big month for Microsoft, but they aren't the only ones rolling out critical updates.

A critical security flaw in Intel processors also gets addressed this month, and it affects virtually all processors made by Intel since 2012.  Adobe has been busy this Patch Tuesday as well, releasing eight security updates covering several different products. Valve Software has also issued an update to correct the zero-day local escalation of privilege vulnerability that was recently found in its Steam gaming platform.

There are several critical vulnerabilities to patch for this August. This has been some summer for security updates. In July, we saw updates released for two critical zero-day vulnerabilities, and over a dozen critical vulnerabilities – several of which were made public. See last month's breakdown for more on July's Patch Tuesday.

Microsoft Patches For Critical Vulnerabilities

For August, Microsoft has released 96 security updates; 29 of the CVEs are rated “Critical” and another 64 are rated “Important.” While all security fixes should be taken seriously, there are four remote code execution vulnerabilities (RCE) that were fixed this month that are especially critical. These include:

All four are Remote Desktop Services RCE. An attacker can exploit these vulnerabilities by sending a specially crafted request to target Remote Desktop Services through remote desktop protocol. These vulnerabilities are “pre-authentication” and do not require user interaction. If a malicious actor is able to successfully exploit one of these vulnerabilities, they can then run arbitrary code on the compromised system. From there, attackers can install programs, create new user accounts with full privileges, and view, change or delete data.

Of the four, CVE-2019-1181 and CVE-2019-1182 are considered the most substantial threats, according to reports. Simon Pope, the Director of Incident Response for the Microsoft Security Response Center, reportedly stated in a blog post that these two threats are also “wormable,” and likened them to the BlueKeep bug from May.

If a vulnerability is wormable, that means a malicious actor can exploit it, overtake one computer and then spread to other devices without any user interaction.

Microsoft suggests all users to patch for these critical vulnerabilities as quickly as possible.

There are also another 25 critically rated vulnerabilities to be aware of this month. Multiple RCEs for Hyper V, DHCP Client, Microsoft's Graphics component and others are all getting fixed this month, and Chakra scripting engine is getting fixes for RCEs as well as memory corruption vulnerabilities.

August's Patch Tuesday has seen another big release of security updates from Microsoft, and many other vendors have rolled out new updates for this month.

Other Updates For August

For August, Adobe has released eight security updates which address bugs within the following products: Acrobat/Reader, After Effects, Character Animator, Creative Cloud desktop app, Experience Manager, Photoshop, Premiere Pro and Prelude. In total, the eight patches reportedly address 115 CVEs and several of them are quite large – particularly the patches for Acrobat/Reader and Photoshop.

Valve Software has also released an update for the zero-day local privilege escalation security flaw that was recently found in their Steam gaming platform. Security researcher Vasily Kravets  first discovered the flaw in Steam Client Service, which can allow any user to run arbitrary code with LocalSystem privileges. Valve was reluctant to issue a patch for this issue at first, but after much controversy, a fix has been released.

However, security researchers say that the patch is not sufficient. While it does fix the issue publicized by Kravets, experts say there are many other holes in Steam that still need to be addressed.

Intel is also in the hot seat this month: Security researchers from BitDefender have also reportedly discovered a vulnerability in virtually all Intel processors from 2012 which could allow attackers to circumvent security and gain access to a system's protected kernel memory. From there, malicious actors can retrieve sensitive data, such as credentials and private conversations.

According to reports, the vulnerability affects all Intel processors which support SWAPGS system call, a function which allows the processor to swap between the “kernel mode” and “user mode” memory rings.

BitDefender suggests implementing Microsoft's July security update if you have not already; it contains a fix which should mitigate the risk of attack. While replacing the vulnerable CPUs would be the best course of action, that doesn't appear to be an option right now. So for the time being, users and admins should take advantage of the patches available from Microsoft to protect their systems.

This month's Patch Tuesday includes security fixes for critical flaws from several major vendors. Patching is key to having good cyber hygiene and keeping your organization secure – and with new, automated solutions for patch management, you can ensure that every device on your network is covered

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.