Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  Equities  >  Nasdaq  >  Qualys, Inc.    QLYS

QUALYS, INC.

(QLYS)
  Report
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
News SummaryMost relevantAll newsPress ReleasesOfficial PublicationsSector newsAnalyst Recommendations

Qualys : August 2019 Patch Tuesday – 93 Vulns, 29 Critical, 7 Remote Desktop Vulns, Hyper-V, DHCP, Adobe vulns

share with twitter share with LinkedIn share with facebook
08/13/2019 | 03:12pm EDT

This month's Microsoft Patch Tuesday addresses 93 vulnerabilities with 29 of them labeled as Critical. Of the 29 Critical vulns, 10 are for scripting engines and browsers, 6 for Windows Graphics/Font Library, and 4 are for Office apps. In addition, Microsoft has patched 4 (!) Critical RCEs in Remote Desktop (plus 3 Important,) two for Hyper-V, two in DHCP Client/Server, and one for LNK files. Adobe has also released a large number of patches covering multiple products.

Workstation Patches

Scripting Engine, Browser, Office, Graphics/Font, and LNK patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.

Remote Desktop Services (Seven Monkeys)

Microsoft has patched four different Critical vulnerabilities in Remote Desktop Services: CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226. All of them can be exploited without authentication or user interaction. According to Microsoft, at least two of these (CVE-2019-1181 &CVE-2019-1182) can be considered 'wormable' and equates them to BlueKeep. It is highly likely that at least one of these vulnerabilities will be quickly weaponized, and patching should be prioritized for all Windows systems.

Enabling NLA is listed as a workaround for the two 'wormable' vulnerabilities, but the other two show no workarounds available. This could be updated at a later date, as they also do not list disabling RDP or blocking port 3389 as Mitigations/Workarounds, which are likely still valid methods. Also for the two 'wormable' vulns, Microsoft notes that Windows 7 SP1 and Server 2008 SP1 are only vulnerable if RDP 8.0 or 8.1 is installed.

Of the three 'Important' RDP vulnerabilities, one (CVE-2019-1223) is a DoS, and the other two (CVE-2019-1224 and CVE-2019-1225) disclose memory contents.

Kevin Beaumont (the researcher who named BlueKeep) has named this collection of vulnerabilities 'Seven Monkeys.'

Hyper-V Hypervisor Escape

Two remote code execution vulnerabilities (CVE-2019-0720 and CVE-2019-0965) are patched in Hyper-V and Hyper-V Network Switch that would allow an authenticated user on a guest system to run arbitrary code on the host system. Microsoft notes that exploitation of this vulnerability is less likely, but these patches should still be prioritized for Hyper-V systems.

Windows DHCP Client / Server RCEs

The Windows DHCP Client is used across workstations and servers. Deployment of patches to cover CVE-2019-0736 should be prioritized for all Windows systems.

An RCE (CVE-2019-1213) was also patched in Windows 2008's DHCP Server. It is ranked as Critical and can lead to Remote Code Execution. Any unauthenticated attacker who can send packets to a DHCP server can exploit this vulnerability. This patch should be prioritized for any Windows 2008 DHCP implementations.

Windows LNK files

Microsoft also patched an RCE (CVE-2019-1188) in Windows that involves the parsing of LNK files (shortcuts.) This vulnerability could allow an attacker to automatically run a malicious binary against a target. This type of vuln can be leveraged by worms to spread inside of a network through file shares. This vulnerability should be prioritized for all Workstations and Servers.

Adobe

Adobe has fixed insecure DLL loading vulnerabilities in After Effects, Character Animator, Premiere Pro CC and Prelude CC. Multiple critical vulnerabilities were also patched in Experience Manager, Photoshop CC, and Creative Cloud Desktop, while Acrobat/Reader was patched for multiple Important vulnerabilities. Critical vulnerabilities should be prioritized on all devices, along with patching Acrobat/Reader on Workstations.

Related

Disclaimer

Qualys Inc. published this content on 13 August 2019 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 13 August 2019 19:11:03 UTC

share with twitter share with LinkedIn share with facebook
Latest news on QUALYS, INC.
08/05QUALYS, INC. : half-yearly earnings release
07/30QUALYS : Integrates Ivanti Patch Management into Qualys VMDR Platform to Self-He..
PR
07/29QUALYS : Unveils Multi-Vector EDR, a New Approach to Endpoint Detection and Resp..
PR
07/29QUALYS : Acquires Software Assets of Spell Security
PR
07/27MEDIA ALERT : Qualys to Host ‘EDR Live' Virtual Event Wednesday July 29, a..
PU
07/27MEDIA ALERT : Qualys to Host 'EDR Live' Virtual Event Wednesday July 29, at 11 A..
PR
07/09QUALYS : to Report Second Quarter 2020 Financial Results on August 10
PR
07/07QUALYS : Appoints Ben Carr as Chief Information Security Officer
PR
06/23QUALYS : Offers Remote Endpoint Protection Solution with Malware Detection to th..
PR
06/16QUALYS, INC. : Change in Directors or Principal Officers (form 8-K)
AQ
More news
Financials (USD)
Sales 2020 358 M - -
Net income 2020 65,4 M - -
Net cash 2020 347 M - -
P/E ratio 2020 78,6x
Yield 2020 -
Capitalization 4 812 M 4 812 M -
EV / Sales 2020 12,5x
EV / Sales 2021 10,7x
Nbr of Employees 1 322
Free-Float 86,4%
Chart QUALYS, INC.
Duration : Period :
Qualys, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends QUALYS, INC.
Short TermMid-TermLong Term
TrendsBullishBullishBullish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus OUTPERFORM
Number of Analysts 18
Average target price 103,13 $
Last Close Price 123,52 $
Spread / Highest target 1,20%
Spread / Average Target -16,5%
Spread / Lowest Target -42,5%
EPS Revisions
Managers
NameTitle
Philippe F. Courtot Chairman & Chief Executive Officer
Sumedh S. Thakar President & Chief Product Officer
Joo Mi Kim Chief Financial Officer
Sandra England Bergeron Lead Independent Director
Peter Pace Independent Director
Sector and Competitors
1st jan.Capitalization (M$)
QUALYS, INC.48.16%4 812
SALESFORCE.COM, INC.27.76%187 219
CLOUDFLARE, INC.142.38%12 556
DYNATRACE, INC.63.00%11 591
ANAPLAN, INC.-14.01%6 198
BEIJING SINNET TECHNOLOGY CO., LTD33.13%5 930