Critical patches covered in the release include fixes for Windows DHCP Server, Azure DevOps Server and Team Foundation Server, and .NET Framework, namely assigned as CVE-2019-0785, CVE-2019-1072, and CVE-2019-1113. Elevation of privilege vulnerabilities in Microsoft splwow64 (CVE-2019-0880) and Win32k (CVE-2019-1132), which were reported as being exploited, have also been patched.Read More
We found a Golang-based spreader being used in a campaign that drops a cryptocurrency miner payload. Trend Micro has been detecting the use of the spreader since May and saw it again in a campaign this month.Read More
Oracle WebLogic has recently disclosed and patched remote-code-execution (RCE) vulnerabilities in its software, many of which were due to insecure deserialization. Oracle addressed the most recent vulnerability, CVE-2019-2729, in an out-of-band security patch on June 18, 2019. CVE-2019-2729 was assigned a CVSS score of 9.8, making it a critical vulnerability. This vulnerability is relatively easy to exploit, but requires Java Development Kit (JDK) 1.6. By default, WebLogic version 10.3.6 is shipped with JDK 1.6.
CVE-2019-2729 is essentially a bypass to CVE-2019-2725. This security issue, however, first surfaced in April 24 2017 as CVE-2017-3506. We took a closer look at CVE-2019-2729 to see how this class of vulnerability has been remediated — particularly via blacklisting or whitelisting — and why it has become a recurring security issue.Read More
We discovered a double free vulnerability (assigned as CVE-2019-8635) in macOS. The vulnerability is caused by a memory corruption flaw in the AMD component. If successfully exploited, an attacker can implement privilege escalation and execute malicious code on the system with root privileges.Read More
Microsoft’s June Patch Tuesday announced the release of 88 vulnerability patches in this month’s security bulletin, as well as four advisories and one servicing stack update. Four of the critical patches included in the release are fixes for the zero-days SandboxEscaper previously disclosed.Read More