Krebs on Security: Patch Tuesday Lowdown, July 2019 Edition

Krebs on Security: Patch Tuesday Lowdown, July 2019 Edition. “Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash four other bugs that were publicly detailed prior to today, potentially giving attackers a head start in working out how to use them for nefarious purposes.”

Neowin: Microsoft’s Chromium-based Edge browser now available for Windows 7, 8, and 8.1

Neowin: Microsoft’s Chromium-based Edge browser now available for Windows 7, 8, and 8.1. “Microsoft first started offering public previews of its new Chromium-based Edge browser over two months ago. At the time, it was for AMD64 Windows 10 PCs only, but since then, it’s expanded to x86 Windows 10 PCs, and to macOS. Today though, the firm announced that you can now test out the browser on older versions of Windows, including Windows 7, Windows 8, and Windows 8.1.”

Patch Tuesday: Here’s what’s new for Windows 7 and 8.1 (Neowin)

Neowin: Patch Tuesday: Here’s what’s new for Windows 7 and 8.1. “Today is Patch Tuesday, the second Tuesday of the month when Microsoft releases updates for all supported versions of Windows. While that means that all but one version of Windows 10 got cumulative updates, older versions like Windows 7 and Windows 8.1 get updates as well. If you’re still on Windows 7 SP1 or Windows Server 2008 R2 SP1, you’ll get KB4503292 as this month’s rollup.”

SecurityWeek: Google Researcher Finds Code Execution Vulnerability in Notepad

SecurityWeek: Google Researcher Finds Code Execution Vulnerability in Notepad. “Google Project Zero researcher Tavis Ormandy revealed on Tuesday that he identified a code execution vulnerability in Microsoft’s Notepad text editor. Ormandy says he has reported his findings to Microsoft and the company has been given 90 days – per Project Zero’s vulnerability disclosure policy – to release a patch. Details of the security hole will be made public after 90 days or possibly sooner if Microsoft rolls out a fix.”

Ars Technica: Microsoft practically begs Windows users to fix wormable BlueKeep flaw

Ars Technica: Microsoft practically begs Windows users to fix wormable BlueKeep flaw. “In a Blog post published late Thursday night, members of the Microsoft Security Response Center cited findings published Tuesday by Errata Security CEO Rob Graham that almost 1 million Internet-connected computers remain vulnerable to the attacks. That indicates those machines have yet to install an update Microsoft issued two weeks ago patching against the so-called BlueKeep vulnerability, which is formally tracked as CVE-2019-0708. The exploits can reliably execute malicious code with no interaction on the part of an end user. The severity prompted Microsoft to take the unusual step of issuing patches for Windows 2003, XP, and Vista, which haven’t been supported in four, five, and two years, respectively.”

Bleeping Computer: New Zero-Day Exploit for Bug in Windows 10 Task Scheduler

Bleeping Computer: New Zero-Day Exploit for Bug in Windows 10 Task Scheduler. “Exploit developer SandboxEscaper has quietly dropped a new zero-day exploit for the Windows operating system just a week after Microsoft’s monthly cycle of security updates. This exploit is the fifth in a string that started in late August last year. It achieves local privilege escalation, granting a limited user full control over files reserved for full-privilege users like SYSTEM and TrustedInstaller.”