No matter how prepared you are, Patch Tuesday never fails to throw in a surprise. With the Microsoft Security Response Center’s warning note, “August 2019 Security Update includes fixes for wormable RCE vulnerabilities in Remote Desktop Services (RDS), affecting all in-support versions of Windows. These should be patched quickly,” arrives the highly anticipated Microsoft Patch Tuesday August 2019.

 Just like the BlueKeep vulnerability that was patched this May’s Patch Tuesday, the two critical remote code execution (RCE) flaws tracked as CVE-2019-1181 and CVE-2019-1182 are wormable. Any malware that’s capable of exploiting these wormable flaws could propagate itself from one vulnerable computer to another without user interaction. Does that ring a bell? 2017’s deadliest ransomware, WannaCry, worked exactly the same way, highlighting how serious these flaws are. Besides those flaws, there are two more critical vulnerabilities, CVE-2019-1222 and CVE-2019-1226, affecting Remote Desktop Services. All of these vulnerabilities can be exploited without authentication or user interaction.

In total, the Microsoft Patch Tuesday August 2019 updates fix 93 vulnerabilities in Windows OSs and related products. Of these updates, 29 are rated critical, which includes the four wormable RCE vulnerabilities. Surprisingly, none of these vulnerabilities were publicly disclosed before the patches were released, and none have been exploited in attacks.

Patch Tuesday updates for Microsoft products

Microsoft Patch Tuesday August 2019 covers vulnerabilities in:

  • Windows OSs

  • Microsoft Edge

  • Internet Explorer

  • Microsoft Office

  • Microsoft Outlook

  • Windows RDP

  • Active Directory

  • Microsoft Jet Database Engine

  • Adobe products

Here’s a brief look at Microsoft Patch Tuesday August 2019’s most important releases.

Critical vulnerabilities patched

The 29 critical vulnerabilities impact Edge, Internet Explorer, Windows, Outlook, and Office.

 Other important vulnerabilities

Of all the vulnerabilities, 64 have been assigned an important severity rating by Microsoft. Windows OSs, Dynamics, SharePoint, Edge, Internet Explorer, Outlook, and Jet Database Engine are affected by them.

Third-party patches: Adobe updates

Adobe, another tech giant, has also patched 118 vulnerabilities across its After Effects, Character Animator, Premiere Pro, Prelude, Creative Cloud, Acrobat, Reader, Experience Manager, and Photoshop products.

How to handle Microsoft Patch Tuesday updates for August 2019

The following are a few best practices to tackle Microsoft Patch Tuesday August 2019 and ensure your organization is safe against threat actors leveraging software vulnerabilities.

  • Prioritize patching for these four critical RCE flaws since wormable vulnerabilities receive Microsoft’s highest exploitability ranking: CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226.

  • Automate other critical and important updates soon after that.

  • Schedule patches to go out during non-business hours to prevent downtime.

  • Create a test group to verify the stability of Patch Tuesday updates before rolling them out to production machines.

  • Decline problematic patches and less critical patches to prioritize important issues.

  • Postpone or schedule reboots for critical machines and servers.

  • Run patch reports to ensure network endpoints are up-to-date with the latest patches.

If you’re a sysadmin, you probably know what this means for you: a week full of testing and deploying updates on thousands of machines and troubleshooting patch failures, and then another week or so of waiting for hotfixes to mend issues in patches that were already released to patch issues.

 Don’t worry, we’ve got you covered.

 ManageEngine offers two solutions—Desktop Central and Patch Manager Plus. Both help you automate all the best practices mentioned above from one central console. Try both solutions free for 30 days to keep more than 750 applications, including over 300 third-party applications, up-to-date.

 Don’t miss out on our webinar on Patch Tuesday August 2019. We’ll have a rundown on August Patch Tuesday updates, analysis of critical vulnerabilities, as well as discussion of the impact of ignoring this month’s patches, and other complexities that come along with patching these vulnerabilities. Register now!

 Happy patching!

Joyal Bennison
content writer

  1. Ed D

    Can you please clarify which ManageEngine PatchID numbers match this vulnerability so that we can confirm we have properly and completely patched against it using our Patch Manager Plus software? Thank you!

    • Joyal Bennison

      Hello Ed D,

      Here’s the list of Patches and corresponding patch ID numbers for the reported RDS vulnerabilities.

      64 bit patches for CVE-2019-1181 and CVE-2019-1182:
      27195 – 2019-08 Security Only Quality Update for Windows 7 for x64-based Systems (KB4512486)
      27234 – 2019-08 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4512506)
      27196 – 2019-08 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB4512486)
      27232 – 2019-08 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4512506)
      27199 – 2019-08 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4512489)
      27235 – 2019-08 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4512488)
      27200 – 2019-08 Security Only Quality Update for Windows 8.1 for x64-based Systems (KB4512489)
      27236 – 2019-08 Security Monthly Quality Rollup for Windows 8.1 for x64-based Systems (KB4512488)
      27203 – 2019-08 Security Only Quality Update for Windows Server 2012 for x64-based Systems (KB4512482)
      27240 – 2019-08 Security Monthly Quality Rollup for Windows Server 2012 for x64-based Systems (KB4512518)
      27223 – 2019-08 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4512501)
      27224 – 2019-08 Cumulative Update for Windows Server 2016 (1803) for x64-based Systems (KB4512501)
      27221 – 2019-08 Cumulative Update for Windows 10 Version 1709 for x64-based Systems (KB4512516)
      27229 – 2019-08 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (KB4512508)
      27230 – 2019-08 Cumulative Update for Windows Server, version 1903 for x64-based Systems (KB4512508)
      27219 – 2019-08 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4512507)
      27215 – 2019-08 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4512517)
      27216 – 2019-08 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4512517)
      27226 – 2019-08 Cumulative Update for Windows Server 2019 for x64-based Systems (KB4511553)
      27227 – 2019-08 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4511553)
      27218 – 2019-08 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB4512497)

      32 bit patches for CVE-2019-1181 and CVE-2019-1182:
      27197 – 2019-08 Security Only Quality Update for Windows 7 for x86-based Systems (KB4512486)
      27233 – 2019-08 Security Monthly Quality Rollup for Windows 7 for x86-based Systems (KB4512506)
      27198 – 2019-08 Security Only Quality Update for Windows 8.1 for x86-based Systems (KB4512489)
      27237 – 2019-08 Security Monthly Quality Rollup for Windows 8.1 for x86-based Systems (KB4512488)
      27214 – 2019-08 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4512517)
      27225 – 2019-08 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4512501)
      27222 – 2019-08 Cumulative Update for Windows 10 Version 1709 for x86-based Systems (KB4512516)
      27231 – 2019-08 Cumulative Update for Windows 10 Version 1903 for x86-based Systems (KB4512508)
      27220 – 2019-08 Cumulative Update for Windows 10 Version 1703 for x86-based Systems (KB4512507)
      27228 – 2019-08 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB4511553)
      27217 – 2019-08 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB4512497)

      64 bit patches for CVE-2019-1222 and CVE-2019-1226:
      27223 – 2019-08 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4512501)
      27224 – 2019-08 Cumulative Update for Windows Server 2016 (1803) for x64-based Systems (KB4512501)
      27229 – 2019-08 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (KB4512508)
      27230 – 2019-08 Cumulative Update for Windows Server, version 1903 for x64-based Systems (KB4512508)
      27226 – 2019-08 Cumulative Update for Windows Server 2019 for x64-based Systems (KB4511553)
      27227 – 2019-08 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB4511553)

      32 bit patches for CVE-2019-1222 and CVE-2019-1226:
      27225 – 2019-08 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4512501)
      27231 – 2019-08 Cumulative Update for Windows 10 Version 1903 for x86-based Systems (KB4512508)
      27228 – 2019-08 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB4511553)

      For further queries, contact support: patchmanagerplus-support@manageengine.com

      Happy patching!