Microsoft Releases August Updates

Last Updated: 08/16/2019

Security Notice Level

SEVERE

Microsoft released the August updates to their software. Some of these updates address vulnerabilities that could potentially allow a remote attacker to take complete control of an affected system. This includes new Remote Desktop Services vulnerabilities like the previously fixed BlueKeep vulnerability. According to Microsoft, “these vulnerabilities are considered wormable because malware exploiting these vulnerabilities on a system could propagate to other vulnerable systems.” [1]

Affected Software

The IT Security Office advises owners of the software listed below to update as soon as possible.

  • Microsoft Windows
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Azure DevOps
  • Open Source Software
  • .NET Framework
  • Azure
  • SQL Server
  • ASP.NET
  • Visual Studio
  • Microsoft Exchange Server

Security Bulletin Name

  • Release Notes: August 2019 Security Updates
  • Microsoft Security Response Center: Patch new wormable vulnerabilities in Remote Desktop Services
  • CVE-2019-1181 | Remote Desktop Services Remote Code Execution Vulnerability

Additional Information

Additional information about these vulnerabilities can be viewed at:

If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or help@colorado.edu. IT Service Center Hours.

Definitions for this notice:
Urgent: severity represents a broad threat to the entire campus community including remotely exploitable administrator or root type attacks.
Severe: severity includes worms & web or email based exploits. 
Important: severity includes viruses and local exploits for commonly used services.