Microsoft Releases August Security Release for Windows PCs, Fixing 93 Vulnerabilities

Microsoft has marked two critical vulnerabilities as 'wormable'.

By Jagmeet Singh | Updated: 14 August 2019 19:05 IST

Microsoft Releases August Security Release for Windows PCs, Fixing 93 Vulnerabilities

Microsoft has noted four loopholes that the latest Windows security release patches

Highlights

The major issues are fixed in Windows Remote Desktop Services (RDS)
There are patches for the Chakra scripting engine as well
All compatible Windows users are recommended to download the updates

Microsoft has brought the August security release that patches as many as 93 vulnerabilities, including 29 issues rated Critical and 64 marked as Important. The latest Windows release, which is commonly known as the Patch Tuesday, also carries fixes for the four remote code execution bugs that could allow attackers to remotely overtake your computer. Alongside system-level patches, the August security release includes updates for the preloaded Internet Explorer, Microsoft Edge, and Online Services as well as Microsoft Office and Microsoft Office services, Visual Studio, and Microsoft Dynamics among other software packages. Microsoft is urging Windows 10 users

In the list of vulnerabilities that the Patch Tuesday August security release fixes, Microsoft has underlined four loopholes that are the remote code execution bugs, which have been fixed in the Windows Remote Desktop Services (RDS) component. These vulnerabilities are listed as CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226. There are the first two vulnerabilities that Microsoft calls 'wormable', meaning any future malware once exploits could propagate from one vulnerability computer to another without any user interaction.

Director of Incident Response at Microsoft Security Response Centre (MSRC) Simon Pope in a dedicated blog post mentions that the wormable vulnerabilities exist in Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions. However, Windows XP, Windows Server 2003, and Windows Server 2008 aren't affected. The Remote Desktop Protocol (RDP) also remains unaffected.

"These vulnerabilities were discovered by Microsoft during hardening of Remote Desktop Services as part of our continual focus on strengthening the security of our products," writes Pope in the blog post. "At this time, we have no evidence that these vulnerabilities were known to any third party."

Apart from the patches specifically for the RDS component, the latest Windows security release fixes seven remote code execution bugs that affect the Chakra scripting engine. There are also two fixes towards Microsoft's Hyper-V and two in Word. The release also patches the loophole CVE-2019-1162 in the CTF protocol that was disclosed by Google Project Zero researcher Tavis Ormandy on Tuesday and exists in all Windows versions starting from Windows XP.

Users on all compatible Windows versions are advised to download the latest security release on their systems. You can download the updates available through the new release manually through Microsoft's Security Update Guide. Moreover, the security updates may have already reached your system if you've enabled the automatic updates option.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.