Η Microsoft κυκλοφόρησε σήμερα στο πλαίσιο του Patch Tuesday Αυγούστου, νέες ενημερώσεις ασφαλείας.
Με την κυκλοφορία των ενημερώσεων ασφαλείας Αυγούστου του 2019, η Microsoft κυκλοφόρησε 2 προειδοποιήσεις αλλά και ενημερώσεις για 94 ευπάθειες. Από όλες αυτές τις ευπάθειες οι 26 ταξινομούνται σαν κρίσιμες.
Στις ενημερώσεις του τρέχοντος μηνός περιλαμβάνονται δύο νέες κρίσιμες ευπάθειες για ένα worm που προσβάλει το πρωτόκολλο Remote Desktop Protocol (RDP) και επηρεάζουν όλες τις εκδόσεις των Windows.
Φυσικά όλοι οι χρήστες των Windows θα πρέπει να εγκαταστήσουν άμεσα αυτές τις ενημερώσεις ασφαλείας του Patch Tuesday για να προστατεύσουν τα συστήματά τους.
Για πληροφορίες σχετικά με τις ενημερώσεις των Windows που δεν αφορούν την ασφάλεια, μπορείτε να διαβάσετε την σχετική ανακοίνωση της Microsoft για τα Windows 10 Cumulative Updates Αυγούστου 2019.
όσον αφορά τις ενημερώσεις ασφαλείας, η Microsoft ανακοίνωσε δύο νέα τρωτά σημεία του Crytical Remote Desktop που επηρεάζουν όλες τις εκδόσεις των Windows.
Αυτά τα νέα τρωτά σημεία είναι παρόμοια με την προηγούμενη ευπάθεια του RDP που ονομαζόταν BlueKeep, καθώς είναι ένα Worm που επιτρέπει την απομακρυσμένη εκτέλεση κώδικα. Αυτό θα μπορούσε να επιτρέψει σε έναν εισβολέα να εγκαταστήσει εξ αποστάσεως κακόβουλο λογισμικό σε ευάλωτα μηχανήματα τα οποία στη συνέχεια μπορούν να μολύνουν άλλα ευάλωτα συστήματα, που βρίσκονται στο ίδιο δίκτυο.
Αυτό θα μπορούσε να οδηγήσει σε επιθέσεις τύπου Wannacry που εξαπλωνόταν μόνες τους.
Αυτά τα τρωτά σημεία είναι πιο επικίνδυνα BlueKeep που είχαν αποκαλυφθεί παλαιότερα καθώς επηρεάζουν όλες τις εκδόσεις των Windows, (Windows 7, 8, 10 και Windows Server).
Patch Tuesday: Οι δύο προειδοποιήσεις της Microsoft:
Εκτός από τις ενημερωμένες εκδόσεις ασφαλείας, η Microsoft εξέδωσε επίσης και δύο advisories που επιλύουν ζητήματα στα LDAP clients και Active Directory domain controllers, όπως και στους λογαριασμούς του Microsoft Live.
ADV190023 – Οδηγός της Microsoft για την ενεργοποίηση της σύνδεσης καναλιών LDAP
ADV190014 – Ανίχνευση ευπάθειας που επιτρέπει μεγαλύτερα δικαιώματα (Elevation of Privilege) σε λογαριασμούς του Microsoft Live
Patch Tuesday Αύγουστος 2019, οι άλλες ενημερώσεις:
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Active Directory | ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing | Unknown |
| HTTP/2 | CVE-2019-9513 | HTTP/2 Server Denial of Service Vulnerability | Important |
| HTTP/2 | CVE-2019-9512 | HTTP/2 Server Denial of Service Vulnerability | Important |
| HTTP/2 | CVE-2019-9511 | HTTP/2 Server Denial of Service Vulnerability | Important |
| HTTP/2 | CVE-2019-9518 | HTTP/2 Server Denial of Service Vulnerability | Important |
| HTTP/2 | CVE-2019-9514 | HTTP/2 Server Denial of Service Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2019-9506 | Encryption Key Negotiation of Bluetooth Vulnerability | Important |
| Microsoft Browsers | CVE-2019-1193 | Microsoft Browser Memory Corruption Vulnerability | Important |
| Microsoft Browsers | CVE-2019-1192 | Microsoft Browsers Security Feature Bypass Vulnerability | Important |
| Microsoft Dynamics | CVE-2019-1229 | Dynamics On-Premise Elevation of Privilege Vulnerability | Important |
| Microsoft Edge | CVE-2019-1030 | Microsoft Edge Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1154 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1143 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1144 | Microsoft Graphics Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2019-1152 | Microsoft Graphics Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2019-1078 | Microsoft Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1158 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1150 | Microsoft Graphics Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2019-1151 | Microsoft Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1153 | Microsoft Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1145 | Microsoft Graphics Remote Code Execution Vulnerability | Critical |
| Microsoft Graphics Component | CVE-2019-1148 | Microsoft Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2019-1149 | Microsoft Graphics Remote Code Execution Vulnerability | Critical |
| Microsoft JET Database Engine | CVE-2019-1155 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1146 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1147 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1156 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft JET Database Engine | CVE-2019-1157 | Jet Database Engine Remote Code Execution Vulnerability | Important |
| Microsoft Malware Protection Engine | CVE-2019-1161 | Microsoft Defender Elevation of Privilege Vulnerability | Important |
| Microsoft NTFS | CVE-2019-1170 | Windows NTFS Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2019-1201 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2019-1200 | Microsoft Outlook Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2019-1199 | Microsoft Outlook Memory Corruption Vulnerability | Critical |
| Microsoft Office | CVE-2019-1205 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2019-1218 | Outlook iOS Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2019-1204 | Microsoft Outlook Elevation of Privilege Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1202 | Microsoft SharePoint Information Disclosure Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2019-1203 | Microsoft Office SharePoint XSS Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2019-1133 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1141 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1131 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1196 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1197 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1140 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1139 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Scripting Engine | CVE-2019-1194 | Scripting Engine Memory Corruption Vulnerability | Moderate |
| Microsoft Scripting Engine | CVE-2019-1195 | Chakra Scripting Engine Memory Corruption Vulnerability | Moderate |
| Microsoft Windows | CVE-2019-1163 | Windows File Signature Security Feature Bypass Vulnerability | Important |
| Microsoft Windows | CVE-2019-1162 | Windows ALPC Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1188 | LNK Remote Code Execution Vulnerability | Critical |
| Microsoft Windows | CVE-2019-1198 | Microsoft Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1177 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1186 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1168 | Microsoft Windows p2pimsvc Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1176 | DirectX Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1174 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1173 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1175 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1179 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1180 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1178 | Windows Elevation of Privilege Vulnerability | Important |
| Microsoft Windows | CVE-2019-1172 | Windows Information Disclosure Vulnerability | Important |
| Microsoft Windows | CVE-2019-0716 | Windows Denial of Service Vulnerability | Important |
| Microsoft XML | CVE-2019-1187 | XmlLite Runtime Denial of Service Vulnerability | Important |
| Microsoft XML Core Services | CVE-2019-1057 | MS XML Remote Code Execution Vulnerability | Important |
| Online Services | ADV190014 | Microsoft Live Accounts Elevation of Privilege Vulnerability | Important |
| Visual Studio | CVE-2019-1211 | Git for Visual Studio Elevation of Privilege Vulnerability | Important |
| Windows – Linux | CVE-2019-1185 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | Important |
| Windows DHCP Client | CVE-2019-0736 | Windows DHCP Client Remote Code Execution Vulnerability | Critical |
| Windows DHCP Server | CVE-2019-1213 | Windows DHCP Server Remote Code Execution Vulnerability | Critical |
| Windows DHCP Server | CVE-2019-1206 | Windows DHCP Server Denial of Service Vulnerability | Important |
| Windows DHCP Server | CVE-2019-1212 | Windows DHCP Server Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2019-0718 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2019-0717 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2019-0714 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2019-0715 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Hyper-V | CVE-2019-0720 | Hyper-V Remote Code Execution Vulnerability | Critical |
| Windows Hyper-V | CVE-2019-0965 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Windows Hyper-V | CVE-2019-0723 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2019-1164 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2019-1169 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2019-1227 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2019-1159 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2019-1228 | Windows Kernel Information Disclosure Vulnerability | Important |
| Windows Kernel | CVE-2019-1190 | Windows Image Elevation of Privilege Vulnerability | Important |
| Windows RDP | CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows RDP | CVE-2019-1225 | Remote Desktop Protocol Server Information Disclosure Vulnerability | Important |
| Windows RDP | CVE-2019-1226 | Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows RDP | CVE-2019-1223 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important |
| Windows RDP | CVE-2019-1224 | Remote Desktop Protocol Server Information Disclosure Vulnerability | Important |
| Windows RDP | CVE-2019-1182 | Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows RDP | CVE-2019-1222 | Remote Desktop Services Remote Code Execution Vulnerability | Critical |
| Windows Scripting | CVE-2019-1183 | Windows VBScript Engine Remote Code Execution Vulnerability | Critical |
| Windows Shell | CVE-2019-1184 | Windows Elevation of Privilege Vulnerability | Important |
| Windows SymCrypt | CVE-2019-1171 | SymCrypt Information Disclosure Vulnerability | Important |
