August, 2019 Patch Tuesday Targets Remote Desktop and Active Directory

August, 2019 Patch Tuesday Targets Remote Desktop and Active Directory

rdp android

By SophosLabs Offensive Security

Among the 94 vulnerabilities fixed this month by Microsoft, 29 are rated as Critical. Most importantly, the Remote Desktop Protocol (RDP) and its associated service (RDS) collect a total of 6 CVEs, which seems to show a renewed interest in the RDP protocol by vulnerability researchers; two of those classified as wormable (CVE-2019-1181 and CVE-2019-1182) by Microsoft.

Additional details can be found in the Microsoft Security Update Guide.

In addition, the company released two advisories about Active Directory, ADV190014 (Critical) and ADV190023 (Important).

This month major updates cover vulnerabilities in the following components:

  • Remote Desktop Protocol / Remote Desktop Services
  • Hyper-V
  • DHCP
  • Internet Explorer, Edge & ChakraCore
  • Microsoft Office
  • Microsoft Windows kernel (RPC, GDI, WSL)
  • Jet Database Engine
  • Visual Studio
  • Windows VBScript Engine

All of the critical vulnerabilities should be patched, as they may enable a successful attacker to take over the targeted system/service with a high level of privilege, which can later be used to compromise a network further.

The vulnerabilities CVE-2019-1181 and CVE-2019-1182 turn out to be particular nasty as only any Windows OS supporting RDP8 or RDP8.1 (Windows 7 through 10, including Server) are, by default, impacted. Network admins can enable Network Level Authentication (aka. NLA) to slow down an attacker, but NLA will not provide sufficient protection to entirely mitigate these vulnerabilities.

Affected systems that have Network Level Authentication (NLA) enabled prevent “wormable” malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate.

Important updates this month

Remote Desktop Services: Following up the trend started by the “BlueKeep” vulnerability reported last May, this month PT fixes CVE-2019-1181 and CVE-2019-1182: two remote code execution vulnerabilities within the Remote Desktop Services – formerly known as Terminal Services. As with BlueKeep, little information was publicly disclosed by Microsoft, which considered the vulnerabilities wormable; but unlike BlueKeep, the vulnerabilities affect all Windows from 7 to 10. Although NLA would provide a temporary workaround to exploiting them (by forcing attacker to successfully authenticate first), the only way to secure the RDP service is by patching it. An unauthenticated successful attacker who exploited this vulnerability can execute arbitrary code on the targeted system, with the highest level of usermode privilege.

Hyper-V: An input validation issue in the VMSwitch component of Hyper-V is what an attacker could exploit in a Hyper-V guest VM to achieve remote code execution onto the Hyper-V host (designated as CVE-2019-0720). Although its exploitability was marked as “less likely”, its impact highly encourages to apply MS patches as soon as possible, along with the other Hyper-V related CVEs issued this month: CVE-2019-0714, CVE-2019-0717, CVE-2019-0718, CVE-2019-0720, CVE-2019-0715,CVE-2019-0723 and CVE-2019-0965.

Web browsers and JS engine: A total of 10 vulnerabilities affecting ChakraCore (the Edge browser JavaScript engine), Edge, and Internet Explorer were patched this month. Memory Corruption Vulnerabilities: ChakraCore and Internet Explorer were found vulnerable to a range of vulnerabilities, from simple information to type confusion vulnerability. By simply visiting a web page embedding an exploitation payload, a user can unwillingly allow an attacker to execute code with their level of privileges. The company’s patch addresses vulnerabilities with the following designations: CVE-2019-1131,CVE-2019-1139,CVE-2019-1140,CVE-2019-1141,CVE-2019-1195,CVE-2019-1196,VE-2019-1197,CVE-2019-1193,CVE-2019-1192 and CVE-2019-1030.

DHCP: DHCP has been under scrutiny over the last several months. Therefore this month is not spared with some new vulnerabilities discovered in both the Windows DHCP client and server. Despite the complexity of reliable exploitation, exploiting those vulnerabilities would result in Denial of Service, or potentially code execution. The CVEs assigned are the following: CVE-2019-0736, CVE-2019-1206, CVE-2019-1212, and CVE-2019-1213.

Windows Kernel: As usual the Windows was patched in several locations: Elevation of Privilege (EoP) in various internal components such as RPC runtime or the GDI were fixed (CVE-2019-1173,CVE-2019-1174,CVE-2019-1175,CVE-2019-1177,CVE-2019-1178,CVE-2019-1179,CVE-2019-1180,CVE-2019-1184,CVE-2019-1186,CVE-2019-1159,CVE-2019-1164,CVE-2019-1227,CVE-2019-1228, CVE-2019-1143,CVE-2019-1154,CVE-2019-1158).

How is Sophos responding to these threats?

Here is a list of protection released by SophosLabs in response to this advisory to complement any existing protection and generic exploit mitigation capabilities in our products.


N/V = Not Validated. The PoC code provided with MAPP advisories does not include active exploits and as such is not applicable to Intercept X testing. The IX ability to block the exploit depends on actual exploit weaponization approach which we won’t see until it’s spotted in the wild. The SAV and IPS detections developed for the PoCs do not guarantee interception of in-the-wild attacks

Additional IPS Signatures





How long does it take to have Sophos detection in place?

We aim to add detection to critical issues based on the type and nature of the vulnerabilities as soon as possible. In many cases, existing detections will catch exploit attempts without the need for updates.

What if the vulnerability/0-day you’re looking for is not listed here?

If we haven’t released an update for a specific exploit, the most likely reason is that we did not receive the data that shows how the exploit works in the real world. As many of this month’s exploits were crafted in a lab and have not been seen in the wild, nobody has enough information (yet) about how criminals would, hypothetically, exploit any given vulnerability. If or when we receive information about real attacks, we will create new detections, as needed.

Share this post

Comments (64)

  • cialis no rx

    I’m commenting to let you be aware of of the awesome discovery my child developed browsing the blog. She came to find a good number of details, including how it is like to have a great coaching character to get certain people completely comprehend a number of advanced issues. You actually did more than her desires. I appreciate you for coming up with such effective, dependable, edifying and cool guidance on that topic to Emily.

    January 7, 2021 at 11:36 pm
  • purchase kamagra

    Needed to send you this very small word to finally thank you so much yet again relating to the stunning thoughts you have shared on this site. This is so unbelievably open-handed with you to provide unreservedly what numerous people would have sold for an electronic book to help with making some profit on their own, primarily since you might well have tried it in the event you wanted. Those things likewise worked to become a great way to recognize that someone else have the same passion similar to my very own to see very much more with regard to this problem. I know there are some more pleasurable situations up front for those who start reading your website.

    January 8, 2021 at 1:27 am
  • riser 010

    I simply wished to thank you very much yet again. I do not know what I would have used without those tips and hints shown by you relating to this theme. This has been the traumatic setting in my view, nevertheless viewing your well-written technique you treated the issue took me to weep with joy. Now i am thankful for your work as well as wish you recognize what an amazing job your are undertaking training the others with the aid of your website. Probably you haven’t met any of us.

    January 16, 2021 at 2:49 am
  • riser 006

    Thanks for your own work on this website. My mother take interest in setting aside time for research and it is simple to grasp why. My spouse and i notice all relating to the powerful way you provide very helpful tips via your website and in addition recommend response from visitors on this subject matter while our own simple princess is undoubtedly studying so much. Take pleasure in the rest of the year. You have been performing a tremendous job.

    January 16, 2021 at 3:24 am
  • Cynthia Martinez

    Hi, I do think this is a great web site. I stumbledupon it 😉
    I may return once again since I bookmarked it. Money and freedom is the greatest way
    to change, may you be rich and continue to help other

    February 14, 2021 at 1:08 pm
  • can i use hsa to pay for sildenafil

    can i use hsa to pay for sildenafil

    can i use hsa to pay for sildenafil

    February 14, 2021 at 5:35 pm
  • Robert Morozova

    One more issue is that video gaming has become one of the all-time main forms of recreation for people of any age. Kids enjoy video games, plus adults do, too. The actual XBox 360 is one of the favorite video games systems for individuals that love to have a huge variety of video games available to them, in addition to who like to relax and play live with other individuals all over the world. Many thanks for sharing your opinions.

    February 20, 2021 at 6:14 am
  • Christie Will

    Way cool! Some extremely valid points! I appreciate you penning this article and the rest of the website is extremely good.

    February 21, 2021 at 4:09 am
  • Lucila Larkin

    I’ve been surfing online more than 2 hours today, yet I never found any interesting article like yours.
    It’s pretty worth enough for me. Personally, if all web owners and bloggers made good content as you did,
    the net will be much more useful than ever before.

    February 21, 2021 at 9:35 am
  • szybkie chwilówki

    Keep working ,splendid job! – szybkie chwilówki

    February 22, 2021 at 12:37 am
  • hepatitis c drug names

    You got a very superb website, Sword lily I discovered it through google. hepatitis c drug names

    February 23, 2021 at 1:39 am
  • gabapentin and viagra

    gabapentin and viagra

    gabapentin and viagra

    February 23, 2021 at 3:15 am
  • Dave Casella

    Nuclear plants are fine for the time being if they are not located near or on fault lines, but as we know a lot of these plants do sit on fault lines and are a possible world threat to all life we know; these plants should all be shutdown and other methods should be used in these particular areas and if need be they could take energy that is being wasted in other places and transfer it to these areas.

    March 2, 2021 at 7:58 am
  • Dustin Smith

    It is appropriate time to make a few plans for the long run and
    it is time to be happy. I’ve learn this put up and if I could I wish to recommend you few interesting issues or advice.
    Maybe you could write subsequent articles referring to this article.

    I desire to learn even more things about it!

    March 2, 2021 at 3:16 pm
  • Keith Cederberg

    Thanks to my father who told me on the topic of this
    blog, this webpage is in fact awesome.

    March 2, 2021 at 7:37 pm
  • Juanita Eitniear

    Hey there! I’ve been reading your site for some time now
    and finally got the courage to go ahead and give you a shout out from Austin Texas!
    Just wanted to tell you keep up the great work!

    March 7, 2021 at 3:54 pm
  • Misty George

    Woah! I’m really digging the template/theme of this website.
    It’s simple, yet effective. A lot of times it’s very difficult to get that “perfect balance” between superb usability and visual appeal.
    I must say you’ve done a amazing job with this.
    Also, the blog loads extremely quick for me on Opera.
    Outstanding Blog!

    March 8, 2021 at 12:27 am
  • fdtfrggrmb

    Muchas gracias. ?Como puedo iniciar sesion?

    March 14, 2021 at 9:47 pm
  • Glzzfx

    tadalafil cheap tadalafil – tadalafil cost tadalafil 20mg

    March 21, 2021 at 10:23 am
  • Ohmbcf

    tadalafil generic name – cialis tadalafil 5mg price generic tadalafil at walmart

    March 21, 2021 at 11:30 am
  • Yrbqkn

    tadalafil liquid – tadalafil alternatives tadalafil professional

    March 21, 2021 at 8:03 pm
  • Hncyrl

    Rvddjw – provigil for adhd Plamjt ugyeqb

    March 23, 2021 at 12:53 pm
  • Ofylfz

    Gneazv – provigil a narcotic Ktufnn zmdivm

    March 24, 2021 at 2:13 am
  • Iyhyzq

    Wcjmkq – provigil 200mg Pdjkzc yoweqm

    March 24, 2021 at 3:29 am
  • Wiolco

    Piedxt – vente tadalafil en ligne Pabqrh nqktol

    March 24, 2021 at 4:02 pm
  • Ffiuap

    Nzdgrl – tadalafil generique avis Jzkevy wvobwe

    March 25, 2021 at 3:58 am
  • Wcdbih

    Vcbuvd – tadalafil side effects Ylrewg olkhbz

    March 25, 2021 at 4:41 am
  • Rymvwp

    Bvechf – Qyjbys oaxmdw

    March 25, 2021 at 12:01 pm
  • Szqliy

    Ielfdx – Tnlkpc vekmki

    March 25, 2021 at 11:46 pm
  • Kcaode

    Glmgfw – buy lasix Kqkqiv jysqge

    March 26, 2021 at 12:28 am
  • QkxehxMarch 26, 2021 at 5:45 pm
  • Qffimi

    Ombutz – Yyxkws xxhhig

    March 28, 2021 at 12:16 am
  • Cjyqaq

    Sxijfb – cheap cialis 60 mg Hdcmst sekois

    March 28, 2021 at 7:11 am
  • Apsxhn

    Uzxnas – generic cialis from uk Nuvrmy nkokjr

    March 28, 2021 at 10:24 pm
  • Utqitx

    Vagfvf – can i order cialis online Cqibiw sjlyfx

    March 28, 2021 at 11:05 pm
  • Emrire

    Xjgbry – viagra over the counter mexico Dmaohv jgynte

    March 29, 2021 at 7:13 am
  • Pokesd

    Rebgmq – brand viagra online canadian pharmacy Syukdo tzsjby

    March 30, 2021 at 2:02 am
  • Ddygba

    Alpnrj – buy viagra pharmacy uk Lcxvml afdzti

    March 30, 2021 at 2:41 am
  • Noihqh

    Phedoh – write my essay for money Grmojn hpzswq

    March 30, 2021 at 6:41 pm
  • Ovieim

    Rbxanq – make presentation Iqgoed hmhmxb

    March 31, 2021 at 9:19 am
  • Evimcj

    Vvxgoi – help write my essay paper Vdnevz ibcvvv

    March 31, 2021 at 10:14 am
  • Ddfrnw

    Choomo – best price viagra 50mg Teklxj owxebr

    April 1, 2021 at 4:42 am
  • Mneyrn

    Ublpgt – where can you buy sildenafil Cpfstz hpgydu

    April 1, 2021 at 11:31 am
  • Tmstpl

    Lhqtou – sildenafil 20 mg prescription Uvlvvh saszok

    April 1, 2021 at 11:17 pm
  • Aysstg

    Botxwx – best generic viagra brand Suxdre ujocsc

    April 2, 2021 at 12:09 am
  • Cusrts

    Ldosrc – stephen king essay on writing Jcxruj zpnpqn

    April 2, 2021 at 3:48 pm
  • Jnjzwc

    Fsioeb – essay writing software Cnmmjf pujezc

    April 3, 2021 at 3:54 pm
  • Naowtt

    Ucrvsg – writing a problem solution essay Tcacrx uwzmdv

    April 3, 2021 at 4:49 pm
  • Urxdhx

    Hcfcas – cipla generic finasteride Ysoavc mqcwag

    April 4, 2021 at 3:28 am
  • Xrwbsr

    Cvfmsl – buy propecia finasteride online Fqwjys nsxlie

    April 4, 2021 at 9:55 pm
  • Egmkpq

    Ipxmnf – propecia from canada Icdnox biblyr

    April 4, 2021 at 10:59 pm
  • Izdcks

    Vhvlfc – viagra advert Ogcwud yhiaix

    April 5, 2021 at 8:34 am
  • Xhufzi

    Firwmc – viagra venta Nzbqhy kefhjx

    April 5, 2021 at 10:54 pm
  • Tgwjpq

    Watvtn – action du viagra sur le sexe Jecfii nfdatw

    April 5, 2021 at 11:46 pm
  • Aasyep

    Aaufko – can i take 5mg finasteride Kbiurm idablk

    April 6, 2021 at 4:00 pm
  • Qmgvve

    Wbghej – propecia 25 Dmmwis ijzsex

    April 7, 2021 at 1:57 pm
  • Rjmhar

    Ulidmt – finasteride 5mg prescription Ohbzrt uakthq

    April 7, 2021 at 3:02 pm
  • Upropd

    Ajpowr – essay writing school Zykbsn glawtm

    April 8, 2021 at 6:52 am
  • Asbgnm

    Miduus – thesis papers Smbpwo vxlndv

    April 9, 2021 at 7:05 am
  • Nsjtmp

    Nvniti – dissertation services Wwbvhs dkcjex

    April 9, 2021 at 8:34 am
  • BjivryApril 10, 2021 at 12:05 am
  • Qpfuja

    Nzlhiy – sildenafil citrate 50mg Kvuayf djarqa

    April 10, 2021 at 5:01 pm
  • Alxlvj

    Alhwet – how much is sildenafil Iszldf kkxjzf

    April 10, 2021 at 6:00 pm
  • Cttaui

    Ojjdsk – help homework online Jhfdpg fwlguc

    April 11, 2021 at 6:57 am

Leave a Reply

Your email address will not be published.