The much awaited Microsoft Patch Tuesday updates for July 2019 are here. If you’re a sysadmin, you probably know what this means for you: a week full of testing and deploying updates and troubleshooting patch failures, and then another week or so of waiting for hotfixes to mend issues in patches that were already released to patch issues. We hear you sighing over there, but let’s get back to business. Microsoft Patch Tuesday July 2019 comes with a huge bundle of patches addressing 77 vulnerabilities in Windows operating systems and related applications. Of these updates, 15 are rated critical, 62 are important, and one is rated moderate in severity.
Patch Tuesday updates for Microsoft products
Microsoft Patch Tuesday July 2019 covers vulnerabilities in:
-
Various Windows OSs
-
Internet Explorer
-
Microsoft Edge
-
Microsoft Office
-
Azure and Azure DevOps
-
.NET Framework
-
SQL Server
-
ASP.NET
-
Visual Studio
-
Exchange Server
Here’s a brief look at this Patch Tuesday’s most important releases.
Zero-day vulnerabilities patched
No matter how prepared you are, Patch Tuesday never fails to throw in a surprise. What’s so special about this July Patch Tuesday is that patches for two zero-day vulnerabilities—CVE-2019-0880 and CVE-2019-1132—were released. Unfortunately, both of these privilege escalation vulnerabilities have already been actively exploited in the wild. These vulnerabilities help attackers elevate standard user accounts to have user rights to restricted privileged accounts.
CVE-2019-1132, which resides in the Win32k component, allows an attacker to run arbitrary code in kernel mode.
CVE-2019-0880, which resides in splwow64.exe, a Windows core system file, allows an attacker to elevate privileges on an affected system from low-integrity to medium-integrity.
Publicly disclosed vulnerabilities
Microsoft has also patched six publicly disclosed vulnerabilities this July, none of which have been actively exploited in the wild. These flaws affect Docker runtime; SymCrypt, Windows’ cryptographic library; Remote Desktop Services; Azure Automation; SQL Server; and AppX Deployment Service (AppXSVC).
Critical vulnerabilities patched
Let’s not forget the 15 critical vulnerabilities that were also patched this Patch Tuesday. As usual, all of them are remote code execution vulnerabilities, and they affect Internet Explorer, Microsoft Edge, Windows Server DHCP, Azure DevOps, and Team Foundation Server.
Other important vulnerabilities
Sixty-two important vulnerabilities were also patched in July Patch Tuesday, a surprisingly high number of important vulnerabilities compared to previous Patch Tuesdays. Some of these vulnerabilities lead to remote code execution.
Other important vulnerabilities patched this month can lead to elevation of privilege, information disclosure, cross-site scripting (XSS), security feature bypass, spoofing, and denial-of-service attacks.
Third-party patches: Adobe updates
Adobe, another tech giant, has also released security updates for Adobe Bridge CC, Adobe Experience Manager, Adobe Dreamweaver, Adobe Flash Player, Adobe Campaign, Adobe ColdFusion, Adobe Media Encoder, and Adobe Acrobat Reader.
How to handle Microsoft Patch Tuesday updates for July 2019
-
Automate all Patch Tuesday updates right away.
-
Schedule patches to go out during non-business hours to prevent downtime.
-
Create a test group to verify the stability of patches before rolling them out to production machines.
-
Decline problematic patches found during the testing process.
-
Postpone or schedule reboots for critical machines and servers.
-
Run patch reports to ensure network endpoints are up to date with the latest patches.
Easier said than done, right? Don’t worry, we’ve got a solution.
Patch Manager Plus, our comprehensive patching solution, helps you automate all the tasks above from one, central console. Try it now for free for 30 days to keep more than 750 applications, including over 300 third-party applications, up to date.
Don’t miss out on our webinar on Patch Tuesday July 2019. We’ll have a rundown on July Patch Tuesday updates, analysis of critical vulnerabilities, as well as discussion of the impact of ignoring this month’s patches, and other complexities that come with patching these vulnerabilities. Register now!
Happy patching!
