Microsoft released its Patch Tuesday security updates today, revised 80 common vulnerabilities and exposures (CVEs) in the family of Windows operating systems and other products. Out of these 17 are classified as “Critical“, 61 as “Important”, and 1 as “Moderate“.

While most of the “Critical” rated vulnerabilities influence the scripting engines and browsers in an assortment of Microsoft products, there are two “zero-day” vulnerabilities which are being actively exploited in the wild by hackers and have caught our eyes.

  • Windows Common Log File System Driver Elevation of Privilege Vulnerability | CVE-2019-1214: An elevation of privilege vulnerability exists when Windows Common Log File System (CLFS) driver improperly handles objects in memory. To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system and if successful then the attacker could run processes in an elevated context.

  • Windows Elevation of Privilege Vulnerability | CVE-2019-1215: An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application and if successful, then the attacker could execute code with elevated privileges.

Publicly Disclosed:

Microsoft also patched two vulnerabilities which were publicly disclosed before the release:

  • Windows Text Service Framework Elevation of Privilege Vulnerability | CVE-2019-1235: An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives.To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system and if successful then the attacker could inject commands or read input sent through a malicious Input Method Editor (IME). Note: This only affects systems that have installed an IME.

  • Windows Secure Boot Security Feature Bypass Vulnerability | CVE-2019-1294 : A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. To exploit the vulnerability, an attacker must gain physical access to the target system before the next system reboots and on a successful exploit, the attacker could disclose protected kernel memory.

Four Critical vulnerabilities in the Microsoft Remote Desktop Client are also addressed in this Microsoft patch Tuesday (CVE-2019-1290, CVE-2019-1291, CVE-2019-0787, CVE-2019-0788). Indistinct to BlueKeep (CVE-2019-0708) and DejaBlue, disclosed in May and August respectively and discovered by Microsoft’s internal team targeting vulnerable Remote Desktop Servers, these vulnerabilities require an attacker to convince a user via social engineering, DNS poisoning, or Man in the Middle (MITM) attacks to connect to a malicious Remote Desktop server.

Another interesting “Critical” remote code execution vulnerability is fixed(CVE-2019-1280) in the way Windows handles link files ending in “.lnk”. A successful exploitation of the vulnerability requires an attacker to present to the user, a removable drive or remote share with a booby-trapped malicious “.lnk” file and when the user opens this drive or remote share, the malware will be launched on a vulnerable system. However, users with least-privileges on their accounts could be less impacted than users with administrative privileges.

It may be significant that poisoned “.lnk” files were one of the four known exploits bundled with Stuxnet (“a multi-million dollar cyberweapon that American and Israeli intelligence services used to derail Iran’s nuclear enrichment plans roughly a decade ago.”)

Microsoft released patches for 12 more Critical vulnerabilities to address remote code execution attacks that reside in various Microsoft products such as Yammer, Scripting Engine, Chakra Scripting Engine, SharePoint server, VBScript, and Team Foundation Server.

A couple of other important vulnerabilities also lead to remote code execution attacks, while others allow elevation of privilege, cross-site scripting (XSS), security feature bypass, information disclosure, and denial of service attacks.

Along with Microsoft, Adobe also released patches for two Critical vulnerabilities in Flash Player browser plugin (ADV190022) which is packaged in Microsoft’s IE/Edge and Chrome that could lead to arbitrary code execution.


Product : Microsoft Windows
CVEs/Advisory : CVE-2019-0787, CVE-2019-0788, CVE-2019-0928, CVE-2019-1214, CVE-2019-1215, CVE-2019-1216, CVE-2019-1219, CVE-2019-1232, CVE-2019-1235, CVE-2019-1240, CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, CVE-2019-1244, CVE-2019-1245, CVE-2019-1246, CVE-2019-1247, CVE-2019-1248, CVE-2019-1249, CVE-2019-1250, CVE-2019-1251, CVE-2019-1252, CVE-2019-1253, CVE-2019-1254, CVE-2019-1256, CVE-2019-1267, CVE-2019-1268, CVE-2019-1269, CVE-2019-1270, CVE-2019-1271, CVE-2019-1272, CVE-2019-1273, CVE-2019-1274, CVE-2019-1277, CVE-2019-1278, CVE-2019-1280, CVE-2019-1282, CVE-2019-1283, CVE-2019-1284, CVE-2019-1285, CVE-2019-1286, CVE-2019-1287, CVE-2019-1289, CVE-2019-1290, CVE-2019-1291, CVE-2019-1292, CVE-2019-1293, CVE-2019-1294, CVE-2019-1303
Impact : Denial of Service, Elevation of Privilege, Impact, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
Severity : Critical
KBs : 4512578, 4515384, 4516026, 4516033, 4516044, 4516051, 4516055, 4516058, 4516062, 4516064, 4516065, 4516066, 4516067, 4516068, 4516070


Product : Internet Explorer
CVEs/Advisory : CVE-2019-1208, CVE-2019-1220, CVE-2019-1221, CVE-2019-1236
Impact : Remote Code Execution, Security Feature Bypass
Severity : Critical
KBs : 4512578, 4515384, 4516026, 4516044, 4516046, 4516055, 4516058, 4516065, 4516066, 4516067, 4516068, 4516070


Product : Microsoft Edge (EdgeHTML-based)
CVEs/Advisory : CVE-2019-1138, CVE-2019-1217, CVE-2019-1220, CVE-2019-1237, CVE-2019-1298, CVE-2019-1299, CVE-2019-1300
Impact : Information Disclosure, Remote Code Execution, Security Feature Bypass
Severity : Critical
KBs : 4512578, 4515384, 4516044, 4516058, 4516066, 4516068, 4516070


Product :ChakraCore
CVEs/Advisory : CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300
Impact : Remote Code Execution
Severity : Critical


Product : Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory : CVE-2019-1209, CVE-2019-1246, CVE-2019-1257, CVE-2019-1259, CVE-2019-1260, CVE-2019-1261, CVE-2019-1262, CVE-2019-1263, CVE-2019-1264, CVE-2019-1295, CVE-2019-1296, CVE-2019-1297
Impact : Elevation of Privilege, Impact, Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
Severity : Critical
KBs : 4461631, 4464548, 4464557, 4464566, 4475566, 4475574, 4475579, 4475583, 4475589, 4475590, 4475591, 4475594, 4475596, 4475599, 4475605, 4475607, 4475611, 4484098, 4484099, 4515509


Product : Adobe Flash Player
CVEs/Advisory : ADV190022
Impact : Remote Code Execution
Severity : Critical
KBs : 4516115


Product : Microsoft Lync
CVEs/Advisory : CVE-2019-1209
Impact : Information Disclosure
Severity : Important
KBs : 4515509


Product : Visual Studio
CVEs/Advisory : CVE-2019-1232
Impact : Elevation of Privilege
Severity : Important
KBs : 4513696


Product : Microsoft Exchange Server
CVEs/Advisory : CVE-2019-1233, CVE-2019-1266
Impact : Denial of Service, Spoofing
Severity : Important
KBs : 4515832


Product : .NET Framework
CVEs/Advisory :CVE-2019-1142
Impact : Elevation of Privilege
Severity : Important
KBs : 4514354, 4514355, 4514356, 4514357, 4514359, 4514598, 4514599, 4514601, 4514603, 4514604, 4516044, 4516058, 4516066, 4516068, 4516070


Product : Microsoft Yammer
CVEs/Advisory : CVE-2019-1265
Impact : Security Feature Bypass
Severity : Important


Product :.NET Core
CVEs/Advisory : CVE-2019-1301
Impact : Denial of Service
Severity : Important


Product : ASP.NET
CVEs/Advisory : CVE-2019-1302
Impact : Elevation of Privilege
Severity : Important


Product : Team Foundation Server
CVEs/Advisory : CVE-2019-1305, CVE-2019-1306
Impact : Remote Code Execution , Spoofing
Severity : Critical


Product : Project Rome
CVEs/Advisory : CVE-2019-1231
Impact : Information Disclosure
Severity : Important


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Summary
Patch Tuesday: Microsoft Security Bulletin Summary for September 2019
Article Name
Patch Tuesday: Microsoft Security Bulletin Summary for September 2019
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *