Microsoft today released its monthly batch of software security updates for the July month to patch a total of 77 vulnerabilities, 14 are rated Critical, 62 are Important, and 1 is rated Moderate in severity.
The July 2019 security updates include patches for various supported versions of Windows operating systems and other Microsoft products, including Internet Explorer, Edge, Office, Azure DevOps, Open Source Software, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Exchange Server.
Details of 6 security vulnerabilities, all rated important, were made public before a patch was released, none of which were found being exploited in the wild.
However, two new privilege escalation vulnerabilities, one affects all supported versions of the Windows operating system, and the other affects Windows 7 and Server 2008, have been reported as being actively exploited in the wild.
Both actively exploited vulnerabilities lead to elevation of privilege, one (CVE-2019-1132) of which resides in the Win32k component and could allow an attacker to run arbitrary code in kernel mode.
However, the other actively exploited vulnerability (CVE-2019-0880) resides in the way splwow64 (Thunking Spooler APIs) handles certain calls, allowing an attacker or a malicious program to elevate its privileges on an affected system from low-integrity to medium-integrity.
The publicly known flaws affect Docker runtime, SymCrypt Windows cryptographic library, Remote Desktop Services, Azure Automation, Microsoft SQL server, and Windows AppX Deployment Service (AppXSVC).
Microsoft also released updates to patch 14 critical vulnerabilities, and as expected, all of them lead to remote code execution attacks and affect Microsoft products ranging from Internet Explorer and Edge to Windows Server DHCP, Azure DevOps and Team Foundation Servers.
images from Hacker News