DOWNLOADMicrosoft исправила 96 уязвимостей безопасности
Traditionally, on the second Tuesday of the month, August 13, 2019, Microsoft released security updates, which are recommended to be installed by all Windows users and administrators as soon as possible.
On August Patch Tuesday, Microsoft published two security bulletins and patches for 94 vulnerabilities, 26 of which are classified as critical.
- Update KB4512508 (Build 18362.295) for Windows 10, Version 1903
- Update KB4511553 (Build 17763.678) for Windows 10, Version 1809
- Update KB4512501 (Build 17134.950) for Windows 10, Version 1803
- Update KB4512506 for Windows 7
- Update KB4512488 for Windows 8.1
The company fixed two new critical vulnerabilities of the Remote Desktop Access Protocol (RDP) that could be used to remotely download and install self-propagating malware (network worms) on vulnerable computers.
All users are advised to immediately install security updates to protect their Windows systems from additional security risks..
Remote Desktop Connection Vulnerabilities Fixed
Microsoft fixed two critical Remote Desktop Access Protocol vulnerabilities that affected all versions of Windows.
Vulnerabilities are very similar to the previous RDP vulnerability called BlueKeep, because they belong to the “wormable” category, i.e. can be used to spread network worms, and also allow you to remotely execute arbitrary code. In the event of successful exploitation, the attacker is able to remotely install malware on vulnerable devices, which will autonomously spread to other vulnerable machines over the network.
These vulnerabilities could be used to spread attacks like Wannacry, which can independently distribute themselves over the network.
These vulnerabilities are even more dangerous than the previously fixed BlueKeep, because they affect all supported modern versions of Windows, including Windows 10 and Windows Server.
Microsoft recommends that all users install fixes for these vulnerabilities as soon as possible.
Two safety recommendations issued
In addition to security updates, Microsoft has released two security bulletins that help fix problems with LDAP clients and Active Directory domain controllers, as well as vulnerabilities with Microsoft Live accounts.
- ADV190023 – Microsoft Guide for Enabling LDAP Link Binding and LDAP Signing
- ADV190014 – account privilege elevation vulnerability recommendations Microsoft Live
LDAP client material explains how to increase security to reduce the risk of exploitation of privilege escalation vulnerability, and the recommendation for Microsoft Live accounts discuss privilege escalation in Outlook Web Access (OWA).
The OWA vulnerability was automatically fixed by Microsoft. No additional action required.