Microsoft rolls out October Patch Tuesday security updates today, remediating 60 common vulnerabilities and exposures (CVEs) in the family of Windows operating systems and related products. Out of these 9 are classified as “Critical“, and 51 as “Important”.

There are no reported zero-days this month but there is one publicly disclosed vulnerability Windows Error Reporting Manager Elevation of Privilege(CVE-2019-1315).

While most of the “Critical” rated vulnerabilities affect the core Windows product in which includes, two remote code execution bugs in the VBScript engine and one in the Remote Desktop Client

  • VBScript Remote Code Execution Vulnerability |CVE-2019-1238 and CVE-2019-1239:
    • A remote code execution exists vulnerability in the VBScript engine while handling objects in memory, which enables the perpetrator to corrupt memory and execute arbitrary code in the context of the current user.
    • An attacker can likewise abuse these vulnerabilities utilizing an application or Microsoft Office documents by embedding an ActiveX control that uses Internet Explorer rendering engine but this vulnerability is client-side, where it requires an attacker to lure victims to visit a maliciously crafted website in IE through social engineering, Man in the Middle (MITM) technique, or DNS poisoning.
    • In case if the user has logged as an administrator, an attacker who effectively exploited the weakness could take control of that system and then could install programs, read, write, delete or create new accounts with full user rights.
  • Remote Desktop client Remote Code Execution Vulnerability|CVE-2019-1333:
    • A remote code execution vulnerability exists in the Windows Remote Desktop Client while handling a maliciously crafted file which enables a remote attacker to exploit this and execute arbitrary code within the context of the compromised system.
    • To exploit the vulnerability, an attacker would need to lure a user via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique to connect to an attacker-controlled server and take control over the affected system and also an attacker could compromise a legitimate server, host malicious code on it, and wait for the user to connect.
    • If on a successful exploit of the vulnerability, the attacker could install programs, view, change, delete data and also create new accounts with full user rights.

Other interesting vulnerability:

Azure App Service Remote Code Execution Vulnerability|CVE-2019-1372:

  • A remote code execution vulnerability exists in the Azure App Service which fails to check the length of a buffer, before copying the buffer into memory.
  • A successful exploit of the vulnerability could allow an unprivileged function to execute arbitrary code outside the sandbox in the context of “NT AUTHORITY\system” which leads to a complete compromise of the system.

MS XML Remote Code Execution Vulnerability|CVE-2019-1060:

  • A remote code execution vulnerability in MS XML exists due to an improper parsing of user-supplied input by Microsoft XML Core Services MSXML parser.
  • A successful exploit of the vulnerability could allow a remote attacker could take control of the user’s system by luring a user to browse to a specially crafted webpage, which will invoke MSXML to run malicious code.

Publicly Disclosed:

  • Windows Error Reporting Manager Elevation of Privilege|CVE-2019-1315:

    • An elevation of privilege vulnerability exists in the Windows Error Reporting manager which has been publicly disclosed along with PoC code which is due to improper handling files.
    • A successful exploit of the vulnerability could allow a remote attacker to overwrite arbitrary files leading to an elevation of privileges.

Also Microsoft released security patches for Microsoft SharePoint, Microsoft IIS Server, Microsoft Windows, Internet Explorer, SQL Server, and other Windows applications which the impacts of these vulnerability leads to elevation of privilege, information disclosure, security feature by-pass, remote code execution, spoofing, tampering, and denial of service attacks.


Product: Microsoft Windows
CVEs/Advisory: CVE-2019-1060,CVE-2019-1166,CVE-2019-1230,CVE-2019-1311,CVE-2019-1315,CVE-2019-1316,CVE-2019-1317,CVE-2019-1318,CVE-2019-1319,CVE-2019-1320,CVE-2019-1321,CVE-2019-1322,CVE-2019-1323,CVE-2019-1325,CVE-2019-1326,CVE-2019-1333,CVE-2019-1334,CVE-2019-1336,CVE-2019-1337,CVE-2019-1338,CVE-2019-1339,CVE-2019-1340,CVE-2019-1341,CVE-2019-1342,CVE-2019-1343,CVE-2019-1344,CVE-2019-1345,CVE-2019-1346,CVE-2019-1347,CVE-2019-1358,CVE-2019-1359,CVE-2019-1361,CVE-2019-1362,CVE-2019-1363,CVE-2019-1364,CVE-2019-1365,CVE-2019-1368,CVE-2019-1378
Impact: Denial of Service,Elevation of Privilege,Impact,Information Disclosure,Remote Code Execution,Security Feature Bypass,Spoofing,Tampering
Severity: Critical
KBs:4517389,4519338,4519976,4519985,4519990,4519998,4520002,4520003,4520004,4520005,4520007,4520008,4520009,4520010,4520011


Product: Internet Explorer
CVE/Advisory : CVE-2019-0608,CVE-2019-1238,CVE-2019-1239,CVE-2019-1357,CVE-2019-1371
Impact:Remote Code Execution,Spoofing
Severity: Critical
KBs:4517389,4519338,4519974,4519976,4519998,4520002,4520004,4520005,4520007,4520008,4520010,4520011


Product: Microsoft Edge
CVEs/Advisory : CVE-2019-0608,CVE-2019-1307,CVE-2019-1308,CVE-2019-1335,CVE-2019-1356,CVE-2019-1357,CVE-2019-1366
Impact :Information Disclosure,Remote Code Execution,Spoofing
Severity : Critical
KBs : 4517389,4519338,4519998,4520004,4520008,4520010,4520011


Product :ChakraCore
CVEs/Advisory :CVE-2019-1307, CVE-2019-1308, CVE-2019-1335, CVE-2019-1366
Impact :Remote Code Execution
Severity :Critical


Product :Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory :CVE-2019-1327,CVE-2019-1331
Impact :Remote Code Execution
Severity :Important
KBs : 4475554,4475558,4475569


Product :SQL Server Management Studio
CVEs/Advisory :CVE-2019-1313, CVE-2019-1376
Impact : Information Disclosure
Severity : Important


Product :Open Source Software
CVEs/Advisory : CVE-2019-1369
Impact : Information Disclosure
Severity : Important


Product :Microsoft Dynamics 365
CVEs/Advisory :CVE-2019-1375
Impact : Spoofing
Severity : Important
KBs : 4515519


Product :Windows Update Assistant
CVEs/Advisory :CVE-2019-1378
Impact : Elevation of Privilege
Severity : Important


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Summary
Patch Tuesday: Microsoft Security Bulletin Summary for October 2019
Article Name
Patch Tuesday: Microsoft Security Bulletin Summary for October 2019
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *