Threat Alerts




           And Advisories








           Microsoft Releases Security Update for Windows Elevation of Privilege Vulnerability
           Microsoft has released a security update to address an elevation of privilege vulnerability (CVE-2019-
           1162) in Windows. An attacker could exploit this vulnerability to take control of an affected system. The
           Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review
           the Microsoft Security Advisory and apply the necessary update.



           Microsoft Releases Security Updates to Address Remote Code Execution Vulnerabilities
           Microsoft has released security updates to address two remote code execution vulnerabilities, CVE-2019-
           1181 and CVE-2019-1182, in the following operating systems:
                  • Windows 7 SP1
                  • Windows Server 2008 R2 SP1
                  • Windows Server 2012
                  • Windows 8.1
                  • Windows Server 2012 R2
                  • Windows 10
           An attacker could exploit these vulnerabilities to take control of an affected system. Similar to CVE-2019-
           0708—dubbed BlueKeep—these vulnerabilities are considered “wormable” because malware exploiting
           these vulnerabilities on a system could propagate to other vulnerable systems. The Cybersecurity and
           Infrastructure Security Agency (CISA) encourages users and users and administrators to review the
           following resources and apply the necessary updates:
                  • Microsoft Security Blog Post: Patch New Wormable Vulnerabilities in Remote Desktop Services
                     (CVE-2019-1181/1182)
                  • Microsoft Security Vulnerability Information for CVE-2019-1181
                  • Microsoft Security Vulnerability Information for CVE-2019-1182
                  • Microsoft Security Blog Post: Protect Against BlueKeep
                  • Microsoft Customer Guidance for CVE-2019-0708


           Multiple HTTP/2 Implementation Vulnerabilities
           The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting HTTP/2
           implementations. An attacker could exploit these vulnerabilities to cause a denial-of-service (DoS)
           condition. Attacks can consume excessive system resources and lead to distributed DoS (DDoS) attacks.
           The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to
           review CERT/CC’s Vulnerability Note VU#605641 for more information and refer to vendors for updates.















                                                    www.accumepartners.com
                                                                                                                    16