Service Notices
July 2019 Microsoft Security Update
Jul 31, 2019 GMT+08:00
I. Overview
Recently, Microsoft released its monthly set of security updates for July, addressing 77 vulnerabilities, among which 15 are rated "critical". Attackers can exploit vulnerabilities to execute remote code, escalate privileges, and obtain sensitive information. The following applications are affected: Microsoft Windows, Internet Explorer, Microsoft Edge, and NET Framework.
Microsoft release notes:
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, NET Framework
IV. Vulnerability Details
CVE ID |
Vulnerability Name |
Severity |
Vulnerability Description |
CVE-2019-1001 CVE-2019-1004 CVE-2019-1056 CVE-2019-1059 |
Scripting Engine Memory Corruption Vulnerability |
Important |
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
CVE-2019-0785 |
Windows DHCP Server Remote Code Execution Vulnerability |
Important |
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive. |
CVE-2019-1104 |
Microsoft Browser Memory Corruption Vulnerability |
Important |
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. This vulnerability may damage memory by allowing attackers to execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
CVE-2019-1063 |
Internet Explorer Memory Corruption Vulnerability |
Important |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
CVE-2019-1102 |
GDI+ Remote Code Execution Vulnerability |
Important |
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. |
CVE-2019-1103 CVE-2019-1106 CVE-2019-1107 CVE-2019-1062 |
Chakra Scripting Engine Memory Corruption Vulnerability |
Important |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
CVE-2019-1072 |
Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability |
Important |
A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input. An attacker who successfully exploited the vulnerability could execute code on the target server in the context of the DevOps or TFS service account. |
CVE-2019-1113 |
NET Framework Remote Code Execution Vulnerability |
Important |
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://portal.msrc.microsoft.com/en-us/security-guidance
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.