Microsoft’s July Patch Tuesday updates resolve 77 vulnerabilities in Windows software, including two zero-day vulnerabilities which are being actively exploited and remote code execution vulnerabilities in DHCP Server and MS SQL Server.
DHCP Server RCE vulnerability
If you have your Microsoft DHCP server configured with a failover server, an attacker can send a specially crafted DHCP packet to the failover server and run arbitrary code. CVE-2019-0785 details this memory corruption vulnerability. This vulnerability exists in every version of Windows server from Windows Server 2012 through to Server 2019.
SQL Server RCE
A Microsoft SQL Server Remote Code Execution vulnerability CVE-2019-1068 is also included in the July security patches. Although this vulnerability does require a successful authentication to the server, it could be chained with other attacks (such as an SQL Injection) in order to fully compromise the server.
Two Zero-Day vulnerabilities patched
The two zero days are CVE-2019-0880 and CVE-2019-1132, both Elevation of Privilege (EoP) vulnerabilities currently being exploited in the wild by cyber-criminals. The first affects the Windows print spooler while the second is in the Windows Kernel.
These two zero-day vulnerabilities are more dangerous than their ‘Important’ security rating would indicate, as when chained with another vulnerability (such as a remote code execution flaw) either would allow the attacker to execute their code with Administrative or Kernel mode privileges and so obtain complete control of the target system.
Prompt patching is essential in order to protect your network from newly reported vulnerabilities. Remember the vulnerabilities are not new- many have been present in your system software for many years but have only now just been discovered and fixed by the good guys.
For advice on how to implement good basic cybersecurity practices, refer to our recent article: The Importance of Cybersecurity basics.