Microsoft Releases August Security Release for Windows PCs, Fixing 93 Vulnerabilities

Microsoft has marked two critical vulnerabilities as 'wormable'.

Share on Facebook Tweet Share Reddit Comment
Microsoft Releases August Security Release for Windows PCs, Fixing 93 Vulnerabilities

Microsoft has noted four loopholes that the latest Windows security release patches

Highlights
  • The major issues are fixed in Windows Remote Desktop Services (RDS)
  • There are patches for the Chakra scripting engine as well
  • All compatible Windows users are recommended to download the updates

Microsoft has brought the August security release that patches as many as 93 vulnerabilities, including 29 issues rated Critical and 64 marked as Important. The latest Windows release, which is commonly known as the Patch Tuesday, also carries fixes for the four remote code execution bugs that could allow attackers to remotely overtake your computer. Alongside system-level patches, the August security release includes updates for the preloaded Internet Explorer, Microsoft Edge, and Online Services as well as Microsoft Office and Microsoft Office services, Visual Studio, and Microsoft Dynamics among other software packages. Microsoft is urging Windows 10 users

In the list of vulnerabilities that the Patch Tuesday August security release fixes, Microsoft has underlined four loopholes that are the remote code execution bugs, which have been fixed in the Windows Remote Desktop Services (RDS) component. These vulnerabilities are listed as CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226. There are the first two vulnerabilities that Microsoft calls 'wormable', meaning any future malware once exploits could propagate from one vulnerability computer to another without any user interaction.

Director of Incident Response at Microsoft Security Response Centre (MSRC) Simon Pope in a dedicated blog post mentions that the wormable vulnerabilities exist in Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions. However, Windows XP, Windows Server 2003, and Windows Server 2008 aren't affected. The Remote Desktop Protocol (RDP) also remains unaffected.

"These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products," writes Pope in the blog post. "At this time, we have no evidence that these vulnerabilities were known to any third party."

Apart from the patches specifically for the RDS component, the latest Windows security release fixes seven remote code execution bugs that affect the Chakra scripting engine. There are also two fixes towards Microsoft's Hyper-V and two in Word. The release also patches the loophole CVE-2019-1162 in the CTF protocol that was disclosed by Google Project Zero researcher Tavis Ormandy on Tuesday and exists in all Windows versions starting from Windows XP.

Users on all compatible Windows versions are advised to download the latest security release on their systems. You can download the updates available through the new release manually through Microsoft's Security Update Guide. Moreover, the security updates may have already reached your system if you've enabled the automatic updates option.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Jagmeet Singh Tech journalist by profession, tech explorer by passion. Budding philomath. More
Motorola One Zoom Is Just a Rebranded Motorola One Pro With Pre-Installed Amazon Apps: Report
Indian PC Market Grows 49.2 Percent in Q2, Lenovo Leads: IDC
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.