Service Notices

All Notices > Security Notices > July 2019 Microsoft Security Update

July 2019 Microsoft Security Update

Jul 31, 2019 GMT+08:00

I. Overview

Recently, Microsoft released its monthly set of security updates for July, addressing 77 vulnerabilities, among which 15 are rated "critical". Attackers can exploit vulnerabilities to execute remote code, escalate privileges, and obtain sensitive information. The following applications are affected: Microsoft Windows, Internet Explorer, Microsoft Edge, and NET Framework.

Microsoft release notes:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/48293f19-d662-e911-a98e-000d3a33c573

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, NET Framework

IV. Vulnerability Details

CVE ID

Vulnerability Name

Severity

Vulnerability Description

CVE-2019-1001

CVE-2019-1004

CVE-2019-1056

CVE-2019-1059

Scripting Engine Memory Corruption Vulnerability

Important

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users.

CVE-2019-0785

Windows DHCP Server Remote Code Execution Vulnerability

Important

A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive.

CVE-2019-1104

Microsoft Browser Memory Corruption Vulnerability

Important

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. This vulnerability may damage memory by allowing attackers to execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users.

CVE-2019-1063

Internet Explorer Memory Corruption Vulnerability

Important

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users.

CVE-2019-1102

GDI+ Remote Code Execution Vulnerability

Important

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

CVE-2019-1103

CVE-2019-1106

CVE-2019-1107

CVE-2019-1062

Chakra Scripting Engine Memory Corruption Vulnerability

Important

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users.

CVE-2019-1072

Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability

Important

A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input. An attacker who successfully exploited the vulnerability could execute code on the target server in the context of the DevOps or TFS service account.

CVE-2019-1113

NET Framework Remote Code Execution Vulnerability

Important

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://portal.msrc.microsoft.com/en-us/security-guidance

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.