See also 10 dangerous app vulnerabilities to watch out for (free PDF) On the second Tuesday of the month — as clockwork — Microsoft released its monthly rollup of security updates known as Patch Tuesday. This month, Microsoft patched 93 security flaws and published two security advisories with mitigations for two security-related issues impacting the company’s products & services. Unlike in previous months, none of the vulnerabilities that have been patched today were under attack, or had their details publicly disclosed online. The RDS RCEs But while security researchers say that all security bugs are important, the “stars” of this month’s Patch Tuesday are the four remote code execution bugs Microsoft fixed in the Windows Remote Desktop Services (RDS) component — CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226. Of the four, the first two are the biggest threats. In a blog post, Simon Pope, Director of Incident Response for the Microsoft Security Response Center (MSRC), said the two bugs are “wormable,” akin to the now-infamous BlueKeep (CVE-2019-0708) bug that Microsoft patched in RDS in May. This means attackers can exploit the bugs to take over a computer and then spread to other computers without any user interaction. Patching CVE-2019-1181 and CVE-2019-1182 is of the utmost urgency, and for good reasons. Other patched vulnerabilities But the four remote code execution (RCE) bugs in the RDS component are not the only RCEs patched this month. There are also seven RCEs impacting the Chakra scripting engine (included in Microsoft Edge and other Microsoft apps), two RCEs… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.