Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  Equities  >  Nasdaq  >  Qualys Inc    QLYS

QUALYS INC

(QLYS)
  Report  
Delayed Quote. Delayed Nasdaq - 09/20 04:00:00 pm
78.07 USD   -1.05%
09/20QUALYS : Cloud Platform 8.21.2 New Features
PU
09/16QUALYS : Assess Vulnerabilities, Misconfigurations in CI/CD Pipeline
PU
09/13QUALYS : Cloud Platform 8.21.2 New Features
PU
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
News SummaryMost relevantAll newsOfficial PublicationsSector newsAnalyst Recommendations

Qualys : August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns

share with twitter share with LinkedIn share with facebook
share via e-mail
0
08/13/2019 | 03:12pm EDT

This month's Microsoft Patch Tuesday addresses 93 vulnerabilities with 29 of them labeled as Critical. Of the 29 Critical vulns, 10 are for scripting engines and browsers, 6 for Windows Graphics/Font Library, and 4 are for Office apps. In addition, Microsoft has patched 4 (!) Critical RCEs in Remote Desktop (plus 3 Important,) two for Hyper-V, two in DHCP Client/Server, and one for LNK files. Adobe has also released a large number of patches covering multiple products.

Workstation Patches

Scripting Engine, Browser, Office, Graphics/Font, and LNK patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.

Remote Desktop Services (Seven Monkeys)

Microsoft has patched four different Critical vulnerabilities in Remote Desktop Services: CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226. All of them can be exploited without authentication or user interaction. According to Microsoft, at least two of these (CVE-2019-1181 &CVE-2019-1182) can be considered 'wormable' and equates them to BlueKeep. It is highly likely that at least one of these vulnerabilities will be quickly weaponized, and patching should be prioritized for all Windows systems.

Enabling NLA is listed as a workaround for the two 'wormable' vulnerabilities, but the other two show no workarounds available. This could be updated at a later date, as they also do not list disabling RDP or blocking port 3389 as Mitigations/Workarounds, which are likely still valid methods. Also for the two 'wormable' vulns, Microsoft notes that Windows 7 SP1 and Server 2008 SP1 are only vulnerable if RDP 8.0 or 8.1 is installed.

Of the three 'Important' RDP vulnerabilities, one (CVE-2019-1223) is a DoS, and the other two (CVE-2019-1224 and CVE-2019-1225) disclose memory contents.

Kevin Beaumont (the researcher who named BlueKeep) has named this collection of vulnerabilities 'Seven Monkeys.'

Hyper-V Hypervisor Escape

Two remote code execution vulnerabilities (CVE-2019-0720 and CVE-2019-0965) are patched in Hyper-V and Hyper-V Network Switch that would allow an authenticated user on a guest system to run arbitrary code on the host system. Microsoft notes that exploitation of this vulnerability is less likely, but these patches should still be prioritized for Hyper-V systems.

Windows DHCP Client / Server RCEs

The Windows DHCP Client is used across workstations and servers. Deployment of patches to cover CVE-2019-0736 should be prioritized for all Windows systems.

An RCE (CVE-2019-1213) was also patched in Windows 2008's DHCP Server. It is ranked as Critical and can lead to Remote Code Execution. Any unauthenticated attacker who can send packets to a DHCP server can exploit this vulnerability. This patch should be prioritized for any Windows 2008 DHCP implementations.

Windows LNK files

Microsoft also patched an RCE (CVE-2019-1188) in Windows that involves the parsing of LNK files (shortcuts.) This vulnerability could allow an attacker to automatically run a malicious binary against a target. This type of vuln can be leveraged by worms to spread inside of a network through file shares. This vulnerability should be prioritized for all Workstations and Servers.

Adobe

Adobe has fixed insecure DLL loading vulnerabilities in After Effects, Character Animator, Premiere Pro CC and Prelude CC. Multiple critical vulnerabilities were also patched in Experience Manager, Photoshop CC, and Creative Cloud Desktop, while Acrobat/Reader was patched for multiple Important vulnerabilities. Critical vulnerabilities should be prioritized on all devices, along with patching Acrobat/Reader on Workstations.

Related

Disclaimer

Qualys Inc. published this content on 13 August 2019 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 13 August 2019 19:11:03 UTC

share with twitter share with LinkedIn share with facebook
share via e-mail
0
Latest news on QUALYS INC
09/20QUALYS : Cloud Platform 8.21.2 New Features
PU
09/16QUALYS : Assess Vulnerabilities, Misconfigurations in CI/CD Pipeline
PU
09/13QUALYS : Cloud Platform 8.21.2 New Features
PU
09/11QUALYS POLICY COMPLIANCE NOTIFICATIO : Policy Library Updates, July 2019
PU
09/11QUALYS : Patch Management 1.3 New Features
PU
09/10QUALYS : September Patch Tuesday – 79 Vulns, 17 Critical, Remote Desktop C..
PU
08/29QUALYS : Cisco REST API Container for IOS XE Software Authentication Bypass Vuln..
PU
08/22QUALYS, INC. : Change in Directors or Principal Officers (form 8-K)
AQ
08/22QUALYS : Appoints Wendy M. Pfeiffer, CIO of Nutanix, to its Board of Directors
PR
08/13QUALYS : Windows Remote Desktop Vulnerabilities (Seven Monkeys) – How to D..
PU
More news
Financials (USD)
Sales 2019 322 M
EBIT 2019 102 M
Net income 2019 53,3 M
Finance 2019 277 M
Yield 2019 -
P/E ratio 2019 61,0x
P/E ratio 2020 57,5x
EV / Sales2019 8,65x
EV / Sales2020 7,21x
Capitalization 3 063 M
Chart QUALYS INC
Duration : Period :
Qualys Inc Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends QUALYS INC
Short TermMid-TermLong Term
TrendsNeutralBearishNeutral
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus OUTPERFORM
Number of Analysts 18
Average target price 94,72  $
Last Close Price 78,07  $
Spread / Highest target 42,2%
Spread / Average Target 21,3%
Spread / Lowest Target -7,78%
EPS Revisions
Managers
NameTitle
Philippe F. Courtot Chairman, President & Chief Executive Officer
Melissa B. Fisher Chief Financial Officer
Sandra England Bergeron Independent Director
Peter Pace Independent Director
Jeffrey P. Hank Independent Director
Sector and Competitors
1st jan.Capitalization (M$)
QUALYS INC4.46%3 063
SALESFORCE.COM13.31%135 854
ANAPLAN INC99.70%6 987
NUTANIX INC-37.10%4 865
CORNERSTONE ONDEMAND, INC.9.10%3 339
SOPHOS GROUP PLC7.05%2 467