Microsoft Patch Tuesday, September 2019 released its Patch Tuesday security updates today, revised 80 common vulnerabilities and exposures (CVEs) in the family of Windows operating systems and other products. However, out of these 17 are classified as “Critical“, 61 as “Important”, and 1 as “Moderate“. Therefore, a good Vulnerability Management System can prevent these attacks.
While most of the “Critical” rated vulnerabilities influence the scripting engines and browsers in an assortment of Microsoft products, there are two “zero-day” vulnerabilities that are being actively exploited in the wild by hackers and have caught our eyes. Thus, a Vulnerability Management System can resolve these issues.
-
Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2019-1214: Moreover, an elevation of privilege vulnerability exists when Windows Common Log File System (CLFS) driver improperly handles objects in memory. Moreover, to exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control of the affected system and if successful then the attacker could run processes in an elevated context.
-
Windows Elevation of Privilege Vulnerability | CVE-2019-1215: An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. However, to exploit the vulnerability, a locally authenticated attacker could run a specially crafted application and if successful, then the attacker could execute code with elevated privileges.
Publicly Disclosed Microsoft Patch Tuesday, September 2019:
Microsoft also patched two vulnerabilities that were publicly disclosed before the release:
-
Windows Text Service Framework Elevation of Privilege Vulnerability | CVE-2019-1235: An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. Hence, to exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control of the affected system if successful then the attacker could inject commands or read input sent through a malicious Input Method Editor (IME). Note: This only affects systems that have installed an IME.
-
Windows Secure Boot Security Feature Bypass Vulnerability | CVE-2019-1294: A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. To exploit the vulnerability, an attacker must gain physical access to the target system before the next system reboots, and on a successful exploit, the attacker could disclose protected kernel memory.
Four Critical vulnerabilities in the Microsoft Remote Desktop Client are also addressed in this Microsoft patch Tuesday (CVE-2019-1290, CVE-2019-1291, CVE-2019-0787, CVE-2019-0788). Indistinct to BlueKeep (CVE-2019-0708) and DejaBlue, disclosed in May and August respectively and discovered by Microsoft’s internal team targeting vulnerable Remote Desktop Servers, these vulnerabilities require an attacker to convince a user via social engineering, DNS poisoning, or Man in the Middle (MITM) attacks to connect to a malicious Remote Desktop server.
CVE-2019-1280:
Another interesting “Critical” remote code execution vulnerability in Microsoft Patch Tuesday, September 2019 is fixed(CVE-2019-1280) in the way Windows handles link files ending in “.lnk”. A successful exploitation of the vulnerability requires an attacker to present to the user, a removable drive or remote share with a booby-trapped malicious “.lnk” file, and when the user opens this drive or remote share, the malware will be launched on a vulnerable system. However, users with the least privileges on their accounts could be less impacted than users with administrative privileges.
It may be significant that poisoned “.lnk” files were one of the four known exploits bundled with Stuxnet (“a multi-million dollar cyberweapon that American and Israeli intelligence services used to derail Iran’s nuclear enrichment plans roughly a decade ago.”)
Microsoft released patches for 12 more Critical vulnerabilities to address remote code execution attacks that reside in various Microsoft products such as Yammer, Scripting Engine, Chakra Scripting Engine, SharePoint server, VBScript, and Team Foundation Server.
A couple of other important vulnerabilities also lead to remote code execution attacks, while others allow elevation of privilege, cross-site scripting (XSS), security feature bypass, information disclosure, and denial of service attacks.
Along with Microsoft, Adobe also released patches for two Critical vulnerabilities in Flash Player browser plugin (ADV190022) which is packaged in Microsoft’s IE/Edge and Chrome that could lead to arbitrary code execution.
Product Information:
1)Product: Microsoft Windows
CVEs/Advisory : CVE-2019-0787, CVE-2019-0788, CVE-2019-0928, CVE-2019-1214, CVE-2019-1215, CVE-2019-1216, CVE-2019-1219, CVE-2019-1232, CVE-2019-1235, CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1244, CVE-2019-1245, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250, CVE-2019-1251, CVE-2019-1252, CVE-2019-1253, CVE-2019-1254, CVE-2019-1256, CVE-2019-1267, CVE-2019-1268, CVE-2019-1269, CVE-2019-1270, CVE-2019-1271, CVE-2019-1272, CVE-2019-1273, CVE-2019-1274, CVE-2019-1277, CVE-2019-1278, CVE-2019-1280, CVE-2019-1282, CVE-2019-1283, CVE-2019-1284, CVE-2019-1285, CVE-2019-1286, CVE-2019-1287, CVE-2019-1289, CVE-2019-1290, CVE-2019-1291, CVE-2019-1292, CVE-2019-1293, CVE-2019-1294, CVE-2019-1303
Impact: Denial of Service, Elevation of Privilege, Impact, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
Severity: Critical
KBs : 4512578, 4515384, 4516026, 4516033, 4516044, 4516051, 4516055, 4516058, 4516062, 4516064, 4516065, 4516066, 4516067, 4516068, 4516070
2)Product : Internet Explorer
CVEs/Advisory : CVE-2019-1208, CVE-2019-1220, CVE-2019-1221, CVE-2019-1236
Impact: Remote Code Execution, Security Feature Bypass
Severity: Critical
KBs : 4512578, 4515384, 4516026, 4516044, 4516046, 4516055, 4516058, 4516065, 4516066, 4516067, 4516068, 4516070
3)Product: Microsoft Edge (EdgeHTML-based)
CVEs/Advisory : CVE-2019-1138, CVE-2019-1217, CVE-2019-1220, CVE-2019-1237, CVE-2019-1298, CVE-2019-1299, CVE-2019-1300
Impact : Information Disclosure, Remote Code Execution, Security Feature Bypass
Severity : Critical
KBs : 4512578, 4515384, 4516044, 4516058, 4516066, 4516068, 4516070
4)Product : ChakraCore
CVEs/Advisory : CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300
Impact : Remote Code Execution
Severity : Critical
5)Product : Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory : CVE-2019-1209, CVE-2019-1246, CVE-2019-1257, CVE-2019-1259, CVE-2019-1260, CVE-2019-1261, CVE-2019-1262, CVE-2019-1263, CVE-2019-1264, CVE-2019-1295, CVE-2019-1296, CVE-2019-1297
Impact : Elevation of Privilege, Impact, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
Severity : Critical
KBs : 4461631, 4464548, 4464557, 4464566, 4475566, 4475574, 4475579, 4475583, 4475589, 4475590, 4475591, 4475594, 4475596, 4475599, 4475605, 4475607, 4475611, 4484098, 4484099, 4515509
Products:
6)Product : Adobe Flash Player
CVEs/Advisory : ADV190022
Impact : Remote Code Execution
Severity : Critical
KBs : 4516115
7)Product : Microsoft Lync
CVEs/Advisory : CVE-2019-1209
Impact : Information Disclosure
Severity : Important
KBs : 4515509
8)Product : Visual Studio
CVEs/Advisory : CVE-2019-1232
Impact : Elevation of Privilege
Severity : Important
KBs : 4513696
9)Product : Microsoft Exchange ServerCVEs/Advisory : CVE-2019-1233, CVE-2019-1266
Impact : Denial of Service, Spoofing
Severity : Important
KBs : 4515832
10)Product : .NET Framework
CVEs/Advisory :CVE-2019-1142
Impact : Elevation of Privilege
Severity : Important
KBs : 4514354, 4514355, 4514356, 4514357, 4514359, 4514598, 4514599, 4514601, 4514603, 4514604, 4516044, 4516058, 4516066, 4516068, 4516070
11)Product : Microsoft Yammer
CVEs/Advisory : CVE-2019-1265
Impact : Security Feature Bypass
Severity : Important
Products:
12)Product :.NET Core
CVEs/Advisory: CVE-2019-1301
Impact : Denial of Service
Severity : Important
13)Product : ASP.NET
CVEs/Advisory : CVE-2019-1302
Impact : Elevation of Privilege
Severity : Important
14)Product : Team Foundation Server
CVEs/Advisory : CVE-2019-1305, CVE-2019-1306
Impact : Remote Code Execution , Spoofing
Severity : Critical
15)Product : Project Rome
CVEs/Advisory : CVE-2019-1231
Impact : Information Disclosure
Severity : Important
SecPod Saner detects these vulnerabilities and hence, automatically fixes them by applying security updates. Therefore, download Saner now and keep your systems updated and secure.