July Patch Tuesday 2019

Patch Tuesday Webinar
Wednesday, July 10, 2019
Hosted by: Chris Goettl & Todd Schell
Dial in: 1-877-668-4490 (US)
Event ID: 802 166 795

Copyright©2019Ivanti.Allrightsreserved
Agenda
July 2019 Patch Tuesday Overview
In the News
Bulletins
Q & A
1
2
3
4

 Overview

 In the News

In The News . . .
 BlueKeep
 July 1st Sophos Labs posts video showing an exploit of BlueKeep that granted
them root access to a system.
 https://news.sophos.com/en-us/2019/07/01/bluekeep-poc-demonstrates-
risk-of-remote-desktop-exploit/
 “Every CISO right now should have a plan already written down to deal with
BlueKeep once the exploit starts surfacing,”, Craig Williams, Cisco Talos’
director of outreach
 https://www.cyberscoop.com/bluekeep-removal-remote-desktop-
wannacry-notpetya/
 https://www.abc.net.au/news/2019-07-08/microsoft-windows-vulnerability-
bluekeep-and-cyber-security-risk/11277270

Windows 10 Lifecycle Awareness
 Windows 10 Branch Support
 Complete Lifecycle Fact Sheet
 https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
Source: Microsoft

Zero-day Exploited Vulnerabilities
 CVE-2019-0880 Microsoft splwow64 Elevation of Privilege Vulnerability
 A local elevation of privilege vulnerability exists in how splwow64.exe handles
certain calls. An attacker who successfully exploited the vulnerability could
elevate privileges on an affected system from low-integrity to medium-integrity.
 This vulnerability by itself does not allow arbitrary code execution; however, it
could allow arbitrary code to be run if the attacker uses it in combination with
another vulnerability (such as a remote code execution vulnerability or another
elevation of privilege vulnerability) that is capable of leveraging the elevated
privileges when code execution is attempted.

Zero-day Exploited Vulnerabilities (cont)
 CVE-2019-1132 Win32k Elevation of Privilege Vulnerability
 An elevation of privilege vulnerability exists in Windows when the Win32k
component fails to properly handle objects in memory. An attacker who
successfully exploited this vulnerability could run arbitrary code in kernel mode.
An attacker could then install programs; view, change, or delete data; or create
new accounts with full user rights.
 To exploit this vulnerability, an attacker would first have to log on to the system.
An attacker could then run a specially crafted application that could exploit the
vulnerability and take control of an affected system.
 The update addresses this vulnerability by correcting how Win32k handles
objects in memory

Zero-day Exploited Vulnerabilities (cont)
 CVE-2019-11707 Type confusion in Array.pop
 A type confusion vulnerability can occur when manipulating JavaScript
objects due to issues in Array.pop. This can allow for an exploitable
crash. We are aware of targeted attacks in the wild abusing this flaw.
 Fixed in 67.0.3
 CVE-2019-11708 Sandbox escape using Prompt:Open
 Insufficient vetting of parameters passed with the Prompt:Open IPC
message between child and parent processes can result in the non-
sandboxed parent process opening web content chosen by a
compromised child process. When combined with additional
vulnerabilities this could result in executing arbitrary code on the user's
computer.
 Fixed in 67.0.4

Publicly Disclosed Vulnerabilities
 CVE-2019-0865 SymCrypt Denial of Service Vulnerability
 A denial of service vulnerability exists when SymCrypt improperly handles a
specially crafted digital signature.
 An attacker could exploit the vulnerability by creating a specially crafted
connection or message.
 The security update addresses the vulnerability by correcting the way SymCrypt
handles digital signatures.

Publicly Disclosed Vulnerabilities (cont)
 CVE-2019-0887 Remote Desktop Services Remote Code Execution
Vulnerability
 A remote code execution vulnerability exists in Remote Desktop Services –
formerly known as Terminal Services – when an authenticated attacker abuses
clipboard redirection. An attacker who successfully exploited this vulnerability
could execute arbitrary code on the victim system. An attacker could then install
programs; view, change, or delete data; or create new accounts with full user
rights.
 To exploit this vulnerability, an attacker must already have compromised a
system running Remote Desktop Services, and then wait for a victim system to
connect to Remote Desktop Services.
 The update addresses the vulnerability by correcting how Remote Desktop
Services handles clipboard redirection.

 CVE-2019-1068 Microsoft SQL Server Remote Code Execution
Vulnerability
 A remote code execution vulnerability exists in Microsoft SQL Server when it
incorrectly handles processing of internal functions. An attacker who successfully
exploited this vulnerability could execute code in the context of the SQL Server
Database Engine service account.
 To exploit the vulnerability, an authenticated attacker would need to submit a
specially crafted query to an affected SQL server.
 The security update addresses the vulnerability by modifying how the Microsoft
SQL Server Database Engine handles the processing of functions.

 CVE-2019-1129 Windows Elevation of Privilege Vulnerability
 An elevation of privilege vulnerability exists when Windows AppX Deployment
Service (AppXSVC) improperly handles hard links. An attacker who successfully
exploited this vulnerability could run processes in an elevated context. An
attacker could then install programs; view, change or delete data.
 To exploit this vulnerability, an attacker would first have to log on to the system.
An attacker could then run a specially crafted application that could exploit the
vulnerability and take control of an affected system.
 The security update addresses the vulnerability by correcting how Windows AppX
Deployment Service handles hard links.

 CVE-2019-0962 Azure Automation Elevation of Privilege Vulnerability
 An elevation of privilege vulnerability exists in Azure Automation “RunAs account”
runbooks for users with contributor role. This vulnerability could potentially allow
members of an organization to access Key Vault secrets through a runbook,
even if these members would personally not have access to that Key Vault.
 To exploit this vulnerability, an attacker must be a member of an organization
who can run runbooks, with only global admins/co-admins who can create the
“run as” account.
 Microsoft is addressing the vulnerability by providing the following scripts for
existing RunAsAutomation accounts that modify existing roles by excluding
access to KeyVault within Azure Automation account.
 https://www.powershellgallery.com/packages/Check-AutomationRunAsAccountRoleAssignments
 https://www.powershellgallery.com/packages/Update-AutomationRunAsAccountRoleAssignments
 https://www.powershellgallery.com/packages/Extend-
AutomationRunAsAccountRoleAssignmentToKeyVault

 CVE-2018-15664 Docker Elevation of Privilege Vulnerability
 CVE-2018-15664 describes a vulnerability in the Docker runtime (and the
underlying community project, Moby) wherein a malicious/compromised
container can acquire full read/write access to the host operating system where
that container is running. The vulnerability depends on the way that the Docker
runtime handles symbolic links and is most directly exploitable through the
Docker copy API (‘docker cp’ in the Docker CLI).To exploit this vulnerability, an
attacker must be a member of an organization who can run runbooks, with only
global admins/co-admins who can create the “run as” account.
 What is the risk for Azure Kubernetes Service (AKS) and Azure IoT Edge
customers?
 The risk for AKS and Azure IoT Edge customers is minimal as the following need to be
true:
 A container on the host must be compromised.
 The attacker must have access to the host machine, as the docker API is not
exposed by default from outside of the host.

 When will the vulnerability be fixed?
 There is a pull request in review to fix this vulnerability. After the fix
is merged in the upstream Moby project, we will build and release a
new Moby build for use with AKS. For Azure IoT Edge customers,
we will make the fixed Moby packages available along with
installation instructions.
 What can customers do in the interim?
 We recommend that customers refrain from allowing the use of the
Docker copy command on their AKS clusters and Azure IoT Edge
devices.
 Note that this article will be updated as additional details become
available.

Microsoft Exchange Server Advisory 190021
 https://portal.msrc.microsoft.com/en-US/security-
guidance/advisory/ADV190021
 Outlook on the web Cross-Site Scripting Vulnerability
 Affects Exchange Server 2010 SP3, 2013, 2016 and 2019
 Email recipient victim must drag and drop, or paste, a specially crafted SVG
image into a browser tab for exploit to work
 Mitigation per Microsoft - ‘We recommend that administrators for Outlook on
the web block SVG images. This can be accomplished via the Set-
OwaMailboxPolicy command.’
 Instructions - https://docs.microsoft.com/en-
us/powershell/module/exchange/client-access/set-
owamailboxpolicy?view=exchange-ps

Microsoft Finally Switching to SHA2 Certificates
 https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-
support-requirement-for-windows-and-wsus
 Phased migration process from March to September 2019
 Dual signed SHA1/SHA2 migrating to SHA2 signed only
 Legacy OS and WSUS require updates
 As of July 9, the following OS updates are SHA2-signed only
 Server 2008 SP2
 Windows 10 1709, 1803, 1809, 1903 and Server 2019
 And after July 16 you can add
 Windows 10 1507, 1607 and 1703
 All current Ivanti products support this change

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates
 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV990001
 July Releases
 KB 4504418 – Server 2012
 KB 4504418 – Windows 8.1/Server 2012 R2
 KB 4509090 – Windows 10
 KB 4499091 – Windows 10 1607/Server 2016 (pre-req for new updates)
 KB 4509092 – Windows 10 1703
 KB 4509093 – Windows 10 1709/Server version 1709
 KB 4509095 – Windows 10 1809/Server 2019

Microsoft Patch Tuesday Updates of Interest (cont)
 Development Tool Updates
 Azure DevOps Server 2019.0.1
 Azure IoT Edge
 Team Foundation Server 2010 SP1 and 2018 Update 3.2
 Updated Development Components/Packages
 ChakraCore
 ASP.NET core 2.1 and 2.2
 Visual Studio 2010 SP1 – 2019 version 16.1

Weekly Patch BLOG
 Latest Patch Releases
 Microsoft and Third-party
 Security and non-Security
 CVE Analysis
 Security Events of Interest
 Host: Brian Secrist
 https://www.ivanti.com/blog/
topics/patch-tuesday

Patch Content Announcement System
Announcements Now Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

 Bulletins

MSFA-2019-21: Security Update for Firefox
 Maximum Severity: Critical
 Affected Products: Mozilla Firefox
 Description: This update provides fixes for 21 vulnerabilities in Firefox 68.
 Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of
Privilege and Information Disclosure
 Fixes 21 Vulnerabilities: See https://www.mozilla.org/en-
US/security/advisories/mfsa2019-21 for a list and description of CVEs remediated.
 Restart Required: Requires restart

MSFA-2019-22: Security Update for Firefox ESR
 Affected Products: Mozilla Firefox ESR
 Description: This update provides fixes for 11 vulnerabilities in Firefox 60.8.
 Impact: Remote Code Execution, Security Feature Bypass, Spoofing, Elevation of
Privilege and Information Disclosure
 Fixes 11 Vulnerabilities: See https://www.mozilla.org/en-
US/security/advisories/mfsa2019-22 for a list and description of CVEs remediated.

MS19-07-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1703, 1709, 1803,
1809,1903, Server 2016, Server 2019, Server 1709, Server 1803, IE 11 and Microsoft
Edge
 Description: This bulletin references 10 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Elevation of Privilege, and Information Disclosure
 Fixes 53 Vulnerabilities: CVE-2019-0865, CVE-2019-0887 and CVE-2019-1129 are
publicly disclosed. CVE-2019-0880 is known exploited and publicly disclosed. See
Details column of Security Update Guide for the complete list of CVEs.
 Known Issues: See next slides

July Known Issues for Windows 10
 KB 4507460 – Windows 10, Version 1607 and Server 2016
 For hosts managed by System Center Virtual Machine Manager (SCVMM), SCVMM cannot
enumerate and manage logical switches deployed on the host after installing the update.
Additionally, if you do not follow the best practices, a stop error may occur in vfpext.sys on the
hosts. Workaround: Run mofcomp on the following mof files on the affected host:
Scvmmswitchportsettings.mof and VMMDHCPSvr.mof. Follow the best practices.
 After installing KB 4467684, the cluster service may fail to start with the error “2245
(NERR_PasswordTooShort)” if the group policy “Minimum Password Length” is configured with
greater than 14 characters. Workaround: Set the domain default "Minimum Password Length"
policy to less than or equal to 14 characters. Microsoft is working on a resolution.
 [File Rename] Certain operations, such as rename, that you perform on files or folders that are
on a Cluster Shared Volume (CSV) may fail with the error,
“STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)”. This occurs when you perform the
operation on a CSV owner node from a process that doesn’t have administrator privilege.
Workaround: Perform the operation from a process that has administrator privilege or perform
the operation from a node that doesn’t have CSV ownership. Microsoft is working on a
resolution.

July Known Issues for Windows 10 (cont)
 KB 4507460 – Windows 10, Version 1607 and Server 2016
 Some applications may fail to run as expected on clients of Active Directory Federation Services
2016 (AD FS 2016) after installation of this update on the server. Applications that may exhibit
this behavior use an IFRAME during non-interactive authentication requests and receive X-
Frame Options set to DENY. Workaround: Use the Allow-From value of the header if the
IFRAME is only accessing pages from a single-origin URL. Directions in KB. Microsoft is
working on a resolution.
 [Window-Eyes] After installing this update, opening or using the Window-Eyes screen reader
app may result in an error and some features may not function as expected. Note: Users who
have already migrated from Window-Eyes to Freedom Scientific's other screen reader, JAWS,
should not be affected by this issue. Workaround: None. Microsoft is working on a resolution.

 KB 4507450 – Windows 10, Version 1703
 [File Rename] Issue
 [Window-Eyes] Issue
 [Black Logon] A small number of devices may startup to a black screen during the first logon
after installing updates. Workaround: Press Ctrl+Alt+Delete, then select the Power button in
the lower right corner of the screen and select Restart. Microsoft is working on a resolution.

 KB 4507469 – Windows 10, Version 1809, Server 2019 All Versions
 [Black Logon] Issue
 After installing KB4493509, devices with some Asian language packs installed may receive the
error, "0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.“ Workaround:
Uninstall and reinstall any recently added language packs or select Check for Updates and
install the April 2019 Cumulative Update. See KB for more recovery details. Microsoft is

 KB 4507453 – Windows 10, Version 1903, Windows Server version 2019
 Windows Sandbox may fail to start with "ERROR_FILE_NOT_FOUND (0x80070002)" on
devices in which the operating system language is changed during the update process when
installing Windows 10, version 1903. Workaround: None. Microsoft is working on a resolution.
 The Remote Access Connection Manager (RASMAN) service may stop working and you may
receive the error “0xc0000005” on devices where the diagnostic data level is manually
configured to the non-default setting of 0. You may also receive an error in the Application
section of Windows Logs in Event Viewer with Event ID 1000 referencing
“svchost.exe_RasMan” and “rasman.dll”. This issue only occurs when a VPN profile is
configured as an Always On VPN (AOVPN) connection with or without device tunnel. This does
not affect manual only VPN profiles or connections. Workaround: See KB for detailed
instructions to configure one of the default telemetry settings. Microsoft is working on a
resolution.

MS19-07-IE: Security Updates for Internet Explorer
 Affected Products: Microsoft Internet Explorer 9,10,11
 Description: The fixes that are included in the cumulative Security Update for Internet
Explorer are also included in the July 2019 Security Monthly Quality Rollup. Installing
either the Security Update for Internet Explorer or the Security Monthly Quality Rollup
installs the fixes that are in the cumulative update. This bulletin references 12 KB
articles.
 Impact: Remote Code Execution
 Fixes 6 Vulnerabilities: CVE-2019-1001, CVE-2019-1004, CVE-2019-1056, CVE-
2019-1059, CVE-2019-1063, CVE-2019-1104
 Restart Required: Requires browser restart
 Known Issues: See next slide

July Known Issues for Internet Explorer
 KB 4507434 – Internet Explorer 11 on Windows Server 2012 R2, Internet
Explorer 11 on Windows Server 2012, Internet Explorer 11 on Windows Server
2008 R2 SP1, Internet Explorer 11 on Windows 8.1 Update, Internet Explorer
11 on Windows 7 SP1, Internet Explorer 10 on Windows Server 2012, Internet
Explorer 9 on Windows Server 2008 SP2
 This cumulative security update 4507434 for Internet Explorer 10 might be offered for installation
through Windows Server Update Services (WSUS) or other update management solutions, even
after you install KB4492872 (Internet Explorer 11 for Windows Server 2012 and Windows
Embedded 8 Standard) and upgrade to Internet Explorer 11. Workaround: Although this
cumulative security update for Internet Explorer 10 might be offered for installation, this issue will
not affect the functionality of Internet Explorer 11. However, you should also install KB4507434
to apply the security fixes that are resolved this month for Internet Explorer 11. Microsoft is

MS19-07-MR2K8: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This security update includes improvements and fixes that were a part of
update KB 4503271 (released June 20, 2019). Security updates to Windows Server,
Microsoft Graphics Component, Windows Shell, Windows Input and Composition, and
Windows Kernel. This bulletin is based on KB 4507452.
 Impact: Remote Code Execution, Elevation of Privilege, and Information Disclosure
 Fixes 20 + 4 (IE) Vulnerabilities: CVE-2019-0887, CVE-2019-1006, CVE-2019-
1071, CVE-2019-1073, CVE-2019-1085, CVE-2019-1088, CVE-2019-1089, CVE-2019-
1108, CVE-2019-1116, CVE-2019-1132.
 Known Issues: Latest SSU (April KB 4493730) can hang during restart.

MS19-07-SO2K8: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Security updates to Windows Server, Microsoft Graphics Component,
Windows Shell, Windows Input and Composition, and Windows Kernel. This bulletin is
based on KB 4507461.
2019-1073, CVE-2019-1085, CVE-2019-1088, CVE-2019-1089, CVE-2019-1093, CVE-
2019-1116, CVE-2019-1132.
 Known Issues: Latest SSU (April KB 4493730) can hang during restart.

MS19-07-MR7: Monthly Rollup for Win 7 and Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE
Microsoft Graphics Component, Windows Storage and Filesystems, Windows Shell,
Windows Input and Composition, and Windows Kernel. This bulletin is based on KB
4507449.
1102, CVE-2019-1108, CVE-2019-1116, CVE-2019-1132.

July Known Issues for Windows 7 and Server 2008 R2
 KB 4507449 – Windows 7 SP1 and Server 2008 R2 SP1 (Monthly Rollup)
 [McAfee] Microsoft and McAfee have identified an issue on devices with McAfee Endpoint
Security (ENS) Threat Prevention 10.x or McAfee Host Intrusion Prevention (Host IPS) 8.0 or
McAfee VirusScan Enterprise (VSE) 8.8 installed. It may cause the system to have slow startup
or become unresponsive at restart after installing this update.
 Workarounds:
 McAfee Security(ENS) Threat Prevention 10.x
 McAfee Host Intrusion Prevention (Host IPS) 8.0
 McAfee VirusScan Enterprise (VSE) 8.8
 Microsoft is working on a resolution.

MS19-07-SO7: Security-only Update for Win 7 and Server 2008 R2
 Affected Products: Microsoft Windows 7 SP1, Server 2008 R2 SP1
 Description: Security updates to Windows Server, Microsoft Graphics Component,
Windows Storage and Filesystems, Windows Shell, Windows Input and Composition,
and Windows Kernel. This bulletin is based on KB 4507456.
2019-1108, CVE-2019-1116, CVE-2019-1132.
 Known Issues: None reported

MS19-07-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Server 2012 and IE
Windows Storage and Filesystems, Microsoft Graphics Component, Windows Kernel,
Windows App Platform and Frameworks, and Windows Server. This bulletin is based
on KB 4507462.
1130.
 Known Issues: [File Rename] Issue

MS19-07-SO8: Security-only Update for Server 2012
 Affected Products: Microsoft Server 2012
 Description: Security updates to Windows Server, Windows Storage and Filesystems,
Microsoft Graphics Component, Windows Kernel, Windows App Platform and
Frameworks, and Windows Server. This bulletin is based on KB 4507464.
2019-1096, CVE-2019-1097, CVE-2019-1102, CVE-2019-1108, CVE-2019-1130.
 Known Issues: [File Rename] Issue

MS19-07-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
update KB 4503283 (released June 20, 2019). Security updates to Windows Wireless
Networking, Windows Server, Windows Storage and Filesystems, Microsoft Graphics
Component, Windows Input and Composition, Windows Kernel, and Windows App
Platform and Frameworks. This bulletin is based on KB 4507448.
 Fixes 22 + 6 (IE) Vulnerabilities: CVE-2019-0880 is known exploited and CVE-
2019-0887 is publicly disclosed. See Details column of Security Update Guide for the
complete list of CVEs.

July Known Issues for Windows 8.1 and Server 2012 R2
 KB 4507448 – Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
 [McAfee] Issue
 [Windows-Eyes] Issue
 KB 4507457 – Windows 8.1, Windows Server 2012 R2 (Security-only Update)

MS19-07-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Description: Security updates to Windows Wireless Networking, Windows Server,
Windows Storage and Filesystems, Microsoft Graphics Component, Windows Input
and Composition, Windows Kernel, and Windows App Platform and Frameworks. This
bulletin is based on KB 4507457.
 Fixes 22 Vulnerabilities: CVE-2019-0880 is known exploited and CVE-2019-0887 is
publicly disclosed. See Details column of Security Update Guide for the complete list
of CVEs.
 Known Issues: See previous slide

MS19-07-MRNET: Monthly Rollup for Microsoft .Net
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8
 Description: Security updates address a remote code execution vulnerability where
the software fails to check the source markup of a file; an Authentication Bypass
vulnerability in WCF and WIF, allowing signing of SAML tokens with arbitrary symmetric
keys; and an information disclosure vulnerability where Exchange and Azure Active
Directory allow creation of entities with Display Names having non-printable characters.
This bulletin references 19 KB articles.
 Impact: Remote Code Execution, Denial of Service, and Elevation of Privilege
 Fixes 3 Vulnerabilities: CVE-2019-1006, CVE-2019-1083, CVE-2019-1113
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

MS19-07-SONET: Security-only Update for Microsoft .Net
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8
 Description: Security updates address a remote code execution vulnerability where
the software fails to check the source markup of a file; an Authentication Bypass
vulnerability in WCF and WIF, allowing signing of SAML tokens with arbitrary symmetric
keys; and an information disclosure vulnerability where Exchange and Azure Active
Directory allow creation of entities with Display Names having non-printable characters.
This bulletin references 19 KB articles.
 Impact: Remote Code Execution, Denial of Service, and Elevation of Privilege
 Fixes 3 Vulnerabilities: CVE-2019-1006, CVE-2019-1083, CVE-2019-1113
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

MS19-07-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Excel 2010-2016, Lync 2013, Office 2010-2016, Office 2016 and
2019 for Mac, Outlook 2010-2016, Skype for Business 2016
 Description: This security update resolves vulnerabilities in several Microsoft Office
applications. This bulletin references 16 KB articles plus release notes for MacOS.
 Impact: Remote Code Execution, Spoofing, Information Disclosure
2019-1111
 Restart Required: Requires application restart

MS19-07-O365: Security Updates for Office 365 ProPlus
 Affected Products: Office 365 ProPlus, Office 2019
 Description: This month’s update resolved various bugs and performance issues in
Microsoft Office 365 applications. Information on Office 365 ProPlus updates is
available at https://docs.microsoft.com/en-us/officeupdates/release-notes-office365-
proplus
 Impact: Remote Code Execution, Spoofing, Information Disclosure
2019-1111, CVE-2019-1112
 Restart Required: Requires application restart

MS19-07-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft Enterprise SharePoint Server 2010-2019
 Description: This security update resolves vulnerabilities in Microsoft Office that could
allow remote code execution if a user opens a specially crafted Office file. This bulletin
is based on 5 KB articles.
 Impact: Spoofing and Elevation of Privilege
 Fixes 2 Vulnerabilities: CVE-2019-1006, CVE-2019-1134
 Restart Required: Requires Restart

MS19-07-SQL: Security Updates for SQL Server
 Affected Products: Microsoft SQL Server 2014-2017
 Description: This security update fixes a remote code execution vulnerability in
Microsoft SQL Server where it incorrectly handles processing of internal functions. An
attacker who successfully exploited this vulnerability could execute code in the context
of the SQL Server Database Engine service account. This bulletin is based on 9 KB
articles.
 Impact: Remote Code Execution
 Fixes 1 Vulnerability: CVE-2019-1068

MS19-07-EX: Security Updates for Exchange Server
 Affected Products: Microsoft Exchange Server 2010-2019
 Description: This security update validates display names upon creation in Microsoft
Exchange, and renders invalid display names correctly in Microsoft Outlook clients;
ensures that Exchange Server properly sanitizes web requests; and changes the way
EWS handles NTLM tokens to prevent access to other user’s mailboxes. This bulletin
is based on KBs 4509408, 4509409 and 4509410.
 Impact: Spoofing, Elevation of Privilege, and Information Disclosure
 Fixes 3 Vulnerabilities: CVE-2019-1084, CVE-2019-1136 and CVE-2019-1137

Between Patch Tuesday’s
New Product Support: None
Security Updates: Adobe Acrobat (3), Camtasia (1), CCleaner (2), Citrix Receiver (1),
DropBox (1), Evernote (1), Firefox (2), Firefox ESR (2), FileZilla (1), GIMP (1), GOM
Player (1), Google Chrome (2), Microsoft (1), Nitro Pro (2), Node.JS (2), Notepad++ (1),
Opera (3), Power BI Desktop (3), Plex Media Server (2), PeaZip (1), Slack (2), Tableau
Desktop (5), Tableau Prep (1), Tableau Reader (1), Thunderbird (2), VLC Player (1),
VMware Horizon Client (2), Visual Studio Code (1)
Non-Security Updates: Box Edit (1), Blue Jeans (1), GoodSync (4), Google Backup
and Sync (3), Microsoft (50), Plex Media Player (2), Skype (1), Zoom Client (1), Zoom
Outlook Plugin (1)

Third Party CVE Information
 Firefox 67.0.3, Firefox 67.0.4
 FF19-015, QFF6703, QFF6704
 Firefox ESR 60.7.1, Firefox ESR 60.7.2
 FF19-6072, QFFE6071, QFFE6072
 Google Chrome 75.0.3770.100
 CHROME-256, QGC7503770100
 Fixes 1 Vulnerability: CVE-2019-5842

Third Party CVE Information (cont)
 Thunderbird 60.7.1
 TB19-6071, QTB6071
 Fixes 4 Vulnerabilities: CVE-2019-11703, CVE-2019-11704, CVE-2019-11705,
CVE-2019-11706
 Thunderbird 60.7.2
 TB19-6072, QTB6072
 Fixes 2 Vulnerability: CVE-2019-11707, CVE-2019-11708

 Wanted!

Ivanti Cloud and Patch Intelligence
 What is Patch Intelligence?
 Patch Intelligence is part of our Ivanti Cloud platform and is focused on solving
the next big challenges in patching your environment.
 Bridging the gap between Security and Operations
 Prioritization of updates
 Reconciling Risk vs Reliability
 Understanding known issues
 Crowd sourcing testing and issue gathering
 We are looking for early adopters who want to help us build the experience around
Patch Intelligence
 Contact Patch Intelligence Product Manager Helen Brown at
helen.brown@Ivanti.com

Ivanti Security Controls 2019.2
 What is coming in ISEC 2019.2?
 CentOS support
 3 Canned Multi-Platform reports
 Updated report views with Linux tables for Xtraction or integration with other solutions
 Machine View that shows a combined view of all discovered machines (Windows and
Linux)
 Added an ‘audit history’ of patch deployments
 Updated CVE Import to show more metadata and import now consolidates Windows and
Linux into a single step
 API has been updated to support a connector into Ivanti Cloud to feed data into Patch
Intelligence and other parts of Ivanti Cloud
 We are looking for early adopters who want to help us build the experience around
Patch Intelligence
 Contact Patch Intelligence Product Manager Helen Brown at
Sara.Otremba@Ivanti.com

July Patch Tuesday 2019

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to July Patch Tuesday 2019

Similar to July Patch Tuesday 2019 (20)

More from Ivanti

More from Ivanti (20)

Recently uploaded

Recently uploaded (20)

July Patch Tuesday 2019

Editor's Notes