Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Financial Services Threat Reports Highlight Alarming Trends in Insider Threats & Phishing-as-a-Service. Learn More
Microsoft’s security update for the month of October is one of the lightest patch Tuesdays of the year with the release of only 60 CVEs. However, it still packs a punch with 9 “Critical” CVEs and the remaining 51 CVEs are rated as “Important”. The good news is that none of these CVEs have publicly available exploits or been seen yet exploited in the wild. Additionally, there are no rollup patch for Adobe Flash which is very uncommon. However, it shouldn’t be ruled out possibly an out-of-band roll-out for Adobe Flash later this month.
One of the most severe vulnerabilities on the “Critical” list could allow a Remote Desktop Protocol (RDP) server running specifically crafted code to achieve Remote Code Execution (RCE) on a Windows RDP client known as CVE-2019-1333. Unlike the infamous BlueKeep RDP vulnerability (CVE- 2019-0708), this affects the RDP client and requires user interaction for an attack to be successful. An attacker could exploit this vulnerability by convincing a victim to connect to a malicious RDP server.
Similar to previous months, a slew of "Critical" vulnerabilities has been patched affecting various scripting engines embedded in a variety of Microsoft products. While it has become the norm for these to become included in monthly releases, these still shouldn’t be taken lightly. In late September, Microsoft released an out-of-band patch for a 0-day affecting the Internet Explorer scripting engine (CVE-2019-1367).
On the "Important" list, there are 20 CVEs that could allow an elevation of privileges for Microsoft products. This should be sufficient reason to update ASAP since affected products include the Windows platform, Microsoft IIS Server and SharePoint. Another notable vulnerability on the list is a denial of service vulnerability affecting the Windows RDP.
Have a great day and happy patching!
Critical
VBScript Remote Code Execution Vulnerability
CVE-2019-1060, CVE-2019-1238, CVE-2019-1239
Remote Code Execution
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-1307, CVE-2019-1308, CVE-2019-1335, CVE-2019-1366
Remote Code Execution
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2019-1333
Remote Code Execution
Azure App Service Elevation of Privilege Vulnerability
CVE-2019-1372
Elevation of Privilege
Important
Microsoft Browser Spoofing Vulnerability
CVE-2019-0608
Spoofing
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-1070
Elevation of Privilege
Windows NTLM Tampering Vulnerability
CVE-2019-1166
Tampering
Hyper-V Information Disclosure Vulnerability
CVE-2019-1230
Information Disclosure
Windows Imaging API Remote Code Execution Vulnerability
CVE-2019-1311
Remote Code Execution
SQL Server Management Studio Information Disclosure Vulnerability
CVE-2019-1313
Information Disclosure
Windows 10 Mobile Security Feature Bypass Vulnerability
CVE-2019-1314
Security Feature Bypass
Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2019-1315
Elevation of Privilege
Microsoft Windows Setup Elevation of Privilege Vulnerability
CVE-2019-1316
Elevation of Privilege
Microsoft Windows Denial of Service Vulnerability
CVE-2019-1317
Denial of Service
Microsoft Windows Transport Layer Security Spoofing Vulnerability
CVE-2019-1318
Spoofing
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2019-1319
Elevation of Privilege
Microsoft Windows Elevation of Privilege Vulnerability
CVE-2019-1320, CVE-2019-1322, CVE-2019-1340
Elevation of Privilege
Microsoft Windows CloudStore Elevation of Privilege Vulnerability
CVE-2019-1321
Elevation of Privilege
Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE-2019-1323
Elevation of Privilege
Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
CVE-2019-1325
Elevation of Privilege
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2019-1326
Denial of Service
Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-1327, CVE-2019-1331
Remote Code Execution
Microsoft SharePoint Spoofing Vulnerability
CVE-2019-1328
Spoofing
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2019-1329, CVE-2019-1330
Elevation of Privilege
Windows Kernel Information Disclosure Vulnerability
CVE-2019-1334
Information Disclosure
Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE-2019-1336
Elevation of Privilege
Windows Update Client Information Disclosure Vulnerability
CVE-2019-1337
Information Disclosure
Windows NTLM Security Feature Bypass Vulnerability
CVE-2019-1338
Security Feature Bypass
Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2019-1339
Elevation of Privilege
Windows Power Service Elevation of Privilege Vulnerability
CVE-2019-1341
Elevation of Privilege
Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2019-1342
Elevation of Privilege
Windows Denial of Service Vulnerability
CVE-2019-1343, CVE-2019-1346, CVE-2019-1347
Denial of Service
Windows Code Integrity Module Information Disclosure Vulnerability
CVE-2019-1344
Information Disclosure
Windows Kernel Information Disclosure Vulnerability
CVE-2019-1345
Information Disclosure
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
CVE-2019-1356
Information Disclosure
Microsoft Browser Spoofing Vulnerability
CVE-2019-1357
Spoofing
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1358, CVE-2019-1359
Remote Code Execution
Microsoft Graphics Components Information Disclosure Vulnerability
CVE-2019-1361
Information Disclosure
Win32k Elevation of Privilege Vulnerability
CVE-2019-1362, CVE-2019-1364
Elevation of Privilege
Windows GDI Information Disclosure Vulnerability
CVE-2019-1363
Information Disclosure
Microsoft IIS Server Elevation of Privilege Vulnerability
CVE-2019-1365
Elevation of Privilege
Windows Secure Boot Security Feature Bypass Vulnerability
CVE-2019-1368
Security Feature Bypass
Open Enclave SDK Information Disclosure Vulnerability
CVE-2019-1369
Information Disclosure
Internet Explorer Memory Corruption Vulnerability
CVE-2019-1371
Remote Code Execution
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2019-1375
Spoofing
SQL Server Management Studio Information Disclosure Vulnerability
CVE-2019-1376
Information Disclosure
Windows 10 Update Assistant Elevation of Privilege Vulnerability
CVE-2019-1378
Elevation of Privilege
Karl Sigler is Security Research Manager, SpiderLabs Threat Intelligence at Trustwave. Karl is a 20- year infosec veteran responsible for research and analysis of current vulnerabilities, malware and threat trends at Trustwave. Follow Karl on LinkedIn.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.