Microsoft’s September 2019 Patch Tuesday Fixes 79 Vulnerabilities

Microsoft’s September 2019 Patch Tuesday Fixes 79 Vulnerabilities

.crit

Patch Tuesday

Right this moment is Microsoft’s September 2019 Patch Tuesday, which suggests your Home windows directors are going to be as much as their elbows in issues. So be good to them!

With the discharge of the September 2019 safety updates, Microsoft has launched 2 advisories and updates for 79 vulnerabilities. Of those vulnerabilities, 17 are categorized as Essential.

All customers ought to set up these safety updates as quickly as attainable to guard Home windows from safety dangers.

For details about the non-security Home windows updates, you’ll be able to examine immediately’s Home windows 10 September 2019 Cumulative Updates and September Microsoft Workplace Updates.

Additional repair launched for disclosed Home windows CTF Flaws

In August 2019, Google Challenge Zero researcher Tavis Ormandy disclosed varied Home windows CTF vulnerabilities that might permit attackers with low privileges to launch applications with elevated privileges.

As a part of the August Patch Tuesday, Microsoft fastened one of many associated vulnerabilities (CVE-2019-1162), however had indicated that different associated vulnerabilities can be fastened in later updates.

As a part of immediately’s safety updates, Microsoft has launched one other repair for these flaws titled “CVE-2019-1235 | Home windows Textual content Service Framework Elevation of Privilege Vulnerability”.

“An elevation of privilege vulnerability exists in Home windows Textual content Service Framework (TSF) when the TSF server course of doesn’t validate the supply of enter or instructions it receives. An attacker who efficiently exploited this vulnerability might inject instructions or learn enter despatched by means of a malicious Enter Methodology Editor (IME). This solely impacts methods which have put in an IME.

To use this vulnerability, an attacker would first have to go online to the system. An attacker might then run a specifically crafted utility that might exploit the vulnerability and take management of an affected system.

The safety replace addresses this vulnerability by correcting how the TSF server and shopper validate enter from one another.”

Extra distant desktop vulnerabilities

It would not be a Patch Tuesday these days with out Distant Desktop vulnerabilities.

With the September updates, Microsoft has fastened four vulnerabilities with IDs CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, CVE-2019-1291 that may permit distant code execution if connecting to a malicious server.

“A distant code execution vulnerability exists within the Home windows Distant Desktop Shopper when a consumer connects to a malicious server. An attacker who efficiently exploited this vulnerability might execute arbitrary code on the pc of the connecting shopper. An attacker might then set up applications; view, change, or delete knowledge; or create new accounts with full consumer rights.

To use this vulnerability, an attacker would wish to have management of a server after which persuade a consumer to hook up with it. An attacker would don’t have any manner of forcing a consumer to hook up with the malicious server, they would wish to trick the consumer into connecting by way of social engineering, DNS poisoning or utilizing a Man within the Center (MITM) approach. An attacker might additionally compromise a reputable server, host malicious code on it, and watch for the consumer to attach.”

three publicly disclosed vulnerabilities, 2 identified exploits

Microsoft has said that three of the vulnerabilities have been publicly disclosed and two have identified exploits.

The publicly launched vulnerabilities are:

  • CVE-2019-1235 – Home windows Textual content Service Framework Elevation of Privilege Vulnerability
  • CVE-2019-1253 – Home windows Elevation of Privilege Vulnerability
  • CVE-2019-1294 – Home windows Safe Boot Safety Function Bypass Vulnerability

The 2 listed as being exploited are:

  • CVE-2019-1214 – Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability
  • CVE-2019-1215 – Home windows Elevation of Privilege Vulnerability

It’s not identified how the vulnerabilities had been exploited, however CVE-2019-1214 was found by the Qihoo 360 Vulcan Workforce, so it might have been malware. It was not disclosed who found CVE-2019-1215.

Two advisories launched

Along with the safety updates, Microsoft additionally launched two advisories that resolve two Essential code execution vulnerabilities in Adobe Flash and a brand new Servicing Stack Replace for Home windows 10.

  • ADV190022 – September 2019 Adobe Flash Safety Replace

  • ADV990001 – Newest Servicing Stack Updates

The September 2019 Patch Tuesday Safety Updates

Under is the complete listing of vulnerabilities resolved, and advisories within the September 2019 Patch Tuesday updates. To entry the complete description of every vulnerability and the methods that it impacts, you’ll be able to view the full report right here.

Tag CVE ID CVE Title Severity
.NET Core CVE-2019-1301 .NET Core Denial of Service Vulnerability Essential
.NET Framework CVE-2019-1142 .NET Framework Elevation of Privilege Vulnerability Essential
Lively Listing CVE-2019-1273 Lively Listing Federation Providers XSS Vulnerability Essential
Adobe Flash Participant ADV190022 September 2019 Adobe Flash Safety Replace Essential
ASP.NET CVE-2019-1302 ASP.NET Core Elevation Of Privilege Vulnerability Essential
Frequent Log File System Driver CVE-2019-1282 Home windows Frequent Log File System Driver Info Disclosure Vulnerability Essential
Frequent Log File System Driver CVE-2019-1214 Home windows Frequent Log File System Driver Elevation of Privilege Vulnerability Essential
Microsoft Browsers CVE-2019-1220 Microsoft Browser Safety Function Bypass Vulnerability Essential
Microsoft Edge CVE-2019-1299 Microsoft Edge based mostly on Edge HTML Info Disclosure Vulnerability Essential
Microsoft Alternate Server CVE-2019-1233 Microsoft Alternate Denial of Service Vulnerability Essential
Microsoft Alternate Server CVE-2019-1266 Microsoft Alternate Spoofing Vulnerability Essential
Microsoft Graphics Part CVE-2019-1245 DirectWrite Info Disclosure Vulnerability Essential
Microsoft Graphics Part CVE-2019-1252 Home windows GDI Info Disclosure Vulnerability Essential
Microsoft Graphics Part CVE-2019-1284 DirectX Elevation of Privilege Vulnerability Essential
Microsoft Graphics Part CVE-2019-1283 Microsoft Graphics Parts Info Disclosure Vulnerability Essential
Microsoft Graphics Part CVE-2019-1216 DirectX Info Disclosure Vulnerability Essential
Microsoft Graphics Part CVE-2019-1286 Home windows GDI Info Disclosure Vulnerability Essential
Microsoft Graphics Part CVE-2019-1244 DirectWrite Info Disclosure Vulnerability Essential
Microsoft Graphics Part CVE-2019-1251 DirectWrite Info Disclosure Vulnerability Essential
Microsoft JET Database Engine CVE-2019-1248 Jet Database Engine Distant Code Execution Vulnerability Essential
Microsoft JET Database Engine CVE-2019-1246 Jet Database Engine Distant Code Execution Vulnerability Essential
Microsoft JET Database Engine CVE-2019-1243 Jet Database Engine Distant Code Execution Vulnerability Essential
Microsoft JET Database Engine CVE-2019-1247 Jet Database Engine Distant Code Execution Vulnerability Essential
Microsoft JET Database Engine CVE-2019-1241 Jet Database Engine Distant Code Execution Vulnerability Essential
Microsoft JET Database Engine CVE-2019-1240 Jet Database Engine Distant Code Execution Vulnerability Essential
Microsoft JET Database Engine CVE-2019-1250 Jet Database Engine Distant Code Execution Vulnerability Essential
Microsoft JET Database Engine CVE-2019-1249 Jet Database Engine Distant Code Execution Vulnerability Essential
Microsoft JET Database Engine CVE-2019-1242 Jet Database Engine Distant Code Execution Vulnerability Essential
Microsoft Workplace CVE-2019-1264 Microsoft Workplace Safety Function Bypass Vulnerability Essential
Microsoft Workplace CVE-2019-1263 Microsoft Excel Info Disclosure Vulnerability Essential
Microsoft Workplace CVE-2019-1297 Microsoft Excel Distant Code Execution Vulnerability Essential
Microsoft Workplace SharePoint CVE-2019-1259 Microsoft SharePoint Spoofing Vulnerability Average
Microsoft Workplace SharePoint CVE-2019-1260 Microsoft SharePoint Elevation of Privilege Vulnerability Essential
Microsoft Workplace SharePoint CVE-2019-1295 Microsoft SharePoint Distant Code Execution Vulnerability Essential
Microsoft Workplace SharePoint CVE-2019-1257 Microsoft SharePoint Distant Code Execution Vulnerability Essential
Microsoft Workplace SharePoint CVE-2019-1296 Microsoft SharePoint Distant Code Execution Vulnerability Essential
Microsoft Workplace SharePoint CVE-2019-1262 Microsoft Workplace SharePoint XSS Vulnerability Essential
Microsoft Workplace SharePoint CVE-2019-1261 Microsoft SharePoint Spoofing Vulnerability Essential
Microsoft Scripting Engine CVE-2019-1298 Chakra Scripting Engine Reminiscence Corruption Vulnerability Essential
Microsoft Scripting Engine CVE-2019-1300 Chakra Scripting Engine Reminiscence Corruption Vulnerability Essential
Microsoft Scripting Engine CVE-2019-1217 Chakra Scripting Engine Reminiscence Corruption Vulnerability Essential
Microsoft Scripting Engine CVE-2019-1208 VBScript Distant Code Execution Vulnerability Essential
Microsoft Scripting Engine CVE-2019-1138 Chakra Scripting Engine Reminiscence Corruption Vulnerability Average
Microsoft Scripting Engine CVE-2019-1221 Scripting Engine Reminiscence Corruption Vulnerability Essential
Microsoft Scripting Engine CVE-2019-1237 Chakra Scripting Engine Reminiscence Corruption Vulnerability Essential
Microsoft Scripting Engine CVE-2019-1236 VBScript Distant Code Execution Vulnerability Average
Microsoft Home windows CVE-2019-1219 Home windows Transaction Supervisor Info Disclosure Vulnerability Essential
Microsoft Home windows CVE-2019-1280 LNK Distant Code Execution Vulnerability Essential
Microsoft Home windows CVE-2019-1277 Home windows Audio Service Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1278 Home windows Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1215 Home windows Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1289 Home windows Replace Supply Optimization Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1292 Home windows Denial of Service Vulnerability Essential
Microsoft Home windows CVE-2019-1294 Home windows Safe Boot Safety Function Bypass Vulnerability Essential
Microsoft Home windows CVE-2019-1287 Home windows Community Connectivity Assistant Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1270 Microsoft Home windows Retailer Installer Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1235 Home windows Textual content Service Framework Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1271 Home windows Media Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1303 Home windows Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1272 Home windows ALPC Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1269 Home windows ALPC Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1253 Home windows Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1267 Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability Essential
Microsoft Home windows CVE-2019-1268 Winlogon Elevation of Privilege Vulnerability Essential
Microsoft Yammer CVE-2019-1265 Microsoft Yammer Safety Function Bypass Vulnerability Essential
Challenge Rome CVE-2019-1231 Rome SDK Info Disclosure Vulnerability Essential
Servicing Stack Updates ADV990001 Newest Servicing Stack Updates Essential
Skype for Enterprise and Microsoft Lync CVE-2019-1209 Lync 2013 Info Disclosure Vulnerability Essential
Workforce Basis Server CVE-2019-1305 Workforce Basis Server Cross-site Scripting Vulnerability Essential
Workforce Basis Server CVE-2019-1306 Azure DevOps and Workforce Basis Server Distant Code Execution Vulnerability Essential
Visible Studio CVE-2019-1232 Diagnostics Hub Normal Collector Service Elevation of Privilege Vulnerability Essential
Home windows Hyper-V CVE-2019-0928 Home windows Hyper-V Denial of Service Vulnerability Essential
Home windows Hyper-V CVE-2019-1254 Home windows Hyper-V Info Disclosure Vulnerability Essential
Home windows Kernel CVE-2019-1274 Home windows Kernel Info Disclosure Vulnerability Essential
Home windows Kernel CVE-2019-1293 Home windows SMB Shopper Driver Info Disclosure Vulnerability Essential
Home windows Kernel CVE-2019-1285 Win32ok Elevation of Privilege Vulnerability Essential
Home windows Kernel CVE-2019-1256 Win32ok Elevation of Privilege Vulnerability Essential
Home windows RDP CVE-2019-1291 Distant Desktop Shopper Distant Code Execution Vulnerability Essential
Home windows RDP CVE-2019-1290 Distant Desktop Shopper Distant Code Execution Vulnerability Essential
Home windows RDP CVE-2019-0788 Distant Desktop Shopper Distant Code Execution Vulnerability Essential
Home windows RDP CVE-2019-0787 Distant Desktop Shopper Distant Code Execution Vulnerability Essential

Associated Articles:

The Completely different Forms of Home windows 10 Updates

Microsoft Releases Servicing Stack Updates for Home windows 10 Model 1703

Home windows 10 KB4512941 Replace Inflicting Excessive CPU Utilization in Cortana

Home windows 7 Nonetheless Utilized in Nearly 50% of Surveyed Companies

Microsoft Blocks Home windows 10 1903 Replace on Zebra Rugged Tablets

Leave a Reply

avatar
  Subscribe  
Notify of