Microsoft’s July 2019 Update Is Out and It Fixes 16 Critical Vulnerabilities

Microsoft is no stranger to vulnerabilities within its system. After all, its products are some of the best in the world, which make them an easy target for hackers who want to take advantage of their popularity for fraud and identity theft.

With the goal of keeping its consumers protected, Microsoft has been releasing regular updates for its software and this month is no different.

A few days ago, the company released a new security update addressing 77 vulnerabilities affecting Windows and several other software that run on the system including DirectX and Internet Explorer.

The categories

  • Critical vulnerabilities

According to Microsoft, the latest Windows Update fixes 16 critical vulnerabilities, most of which allow an attacker to plant a remote code in any system that he wants to target.

Six of these vulnerabilities are for Internet Explorer and five are for Chakra, which is the JavaScript engine for both Internet Explorer and Edge.

  • Important vulnerabilities

Microsoft marked 60 vulnerabilities as important because of the risks they can bring to a computer. 19 of these vulnerabilities are believed to be used for local elevation of privilege.

This means that a malicious website or Excel document can be manipulated through a social engineering attack to compromise a targeted machine.

  • Moderate vulnerabilities

Among this month’s vulnerabilities, only one was marked by Microsoft as moderate.

The fixes

Let’s take a closer look at the different fixes for various builds offered by Microsoft in its July 2019 update:

Windows 10 version 1903

  • Offers security updates for Microsoft Scripting Engine, Windows Wireless Networking, Windows Storage and Filesystems, Windows Server, Microsoft HoloLens, Windows Kernel, Internet Explorer, Windows Input and Composition, Windows App Platform and Frameworks, Windows Virtualization, Microsoft Edge, Windows Cryptography and Microsoft Graphics Component.
  • Fixes visual quality issues including seeing a titled world for Mixed Reality (WMR) headsets and Steam VR content.
  • Fixes an issue that could lead to BitLocker going into recovery mode if it is being provisioned at the same time as the installation of updates.

Windows 10 version 1809

  • Offer security updates to Microsoft Scripting Engine, Windows Server, Internet Explorer, Microsoft Graphics Component, Windows Virtualization, Windows Input and Composition, Windows Kernel, Windows App Platform and Frameworks, Windows Cryptography, Microsoft Edge and Windows Fundamentals
  • Fixes an issue that could lead to BitLocker going into recovery mode if it is being provisioned at the same time as the installation of updates.
  • Fixes an issue that causes a system to be unresponsive if an application uses CameraCaptureUI API.

This update also addresses multiple browser memory corruption vulnerabilities that affect both Internet Explorer and Edge.

If a victim is getting tricked into browsing a malicious website, an attacker could execute remote code in the context of the web browser.

To gain full control of the targeted machine, an attacker will need to escape the sandbox using another vulnerability tagged as CVE-2019-0880.

If you’re a Microsoft user, make sure to stay on top of its monthly updates to ensure that your computer is always safe and secure from all these vulnerabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like