Microsoft rolls out October Patch Tuesday security updates today, remediating 60 common vulnerabilities and exposures (CVEs) in the family of Windows operating systems and related products. Out of these 9 are classified as “Critical“, and 51 as “Important”.
There are no reported zero-days this month but there is one publicly disclosed vulnerability Windows Error Reporting Manager Elevation of Privilege(CVE-2019-1315).
While most of the “Critical” rated vulnerabilities affect the core Windows product in which includes, two remote code execution bugs in the VBScript engine and one in the Remote Desktop Client
- VBScript Remote Code Execution Vulnerability |CVE-2019-1238 and CVE-2019-1239:
- A remote code execution exists vulnerability in the VBScript engine while handling objects in memory, which enables the perpetrator to corrupt memory and execute arbitrary code in the context of the current user.
- An attacker can likewise abuse these vulnerabilities utilizing an application or Microsoft Office documents by embedding an ActiveX control that uses Internet Explorer rendering engine but this vulnerability is client-side, where it requires an attacker to lure victims to visit a maliciously crafted website in IE through social engineering, Man in the Middle (MITM) technique, or DNS poisoning.
- In case if the user has logged as an administrator, an attacker who effectively exploited the weakness could take control of that system and then could install programs, read, write, delete or create new accounts with full user rights.
- Remote Desktop client Remote Code Execution Vulnerability|CVE-2019-1333:
- A remote code execution vulnerability exists in the Windows Remote Desktop Client while handling a maliciously crafted file which enables a remote attacker to exploit this and execute arbitrary code within the context of the compromised system.
- To exploit the vulnerability, an attacker would need to lure a user via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique to connect to an attacker-controlled server and take control over the affected system and also an attacker could compromise a legitimate server, host malicious code on it, and wait for the user to connect.
- If on a successful exploit of the vulnerability, the attacker could install programs, view, change, delete data and also create new accounts with full user rights.
Other interesting vulnerability:
Azure App Service Remote Code Execution Vulnerability|CVE-2019-1372:
- A remote code execution vulnerability exists in the Azure App Service which fails to check the length of a buffer, before copying the buffer into memory.
- A successful exploit of the vulnerability could allow an unprivileged function to execute arbitrary code outside the sandbox in the context of “NT AUTHORITY\system” which leads to a complete compromise of the system.
MS XML Remote Code Execution Vulnerability|CVE-2019-1060:
- A remote code execution vulnerability in MS XML exists due to an improper parsing of user-supplied input by Microsoft XML Core Services MSXML parser.
- A successful exploit of the vulnerability could allow a remote attacker could take control of the user’s system by luring a user to browse to a specially crafted webpage, which will invoke MSXML to run malicious code.
- Windows Error Reporting Manager Elevation of Privilege|CVE-2019-1315:
- An elevation of privilege vulnerability exists in the Windows Error Reporting manager which has been publicly disclosed along with PoC code which is due to improper handling files.
- A successful exploit of the vulnerability could allow a remote attacker to overwrite arbitrary files leading to an elevation of privileges.
Also Microsoft released security patches for Microsoft SharePoint, Microsoft IIS Server, Microsoft Windows, Internet Explorer, SQL Server, and other Windows applications which the impacts of these vulnerability leads to elevation of privilege, information disclosure, security feature by-pass, remote code execution, spoofing, tampering, and denial of service attacks.
Product: Microsoft Windows
Impact: Denial of Service,Elevation of Privilege,Impact,Information Disclosure,Remote Code Execution,Security Feature Bypass,Spoofing,Tampering
Product: Internet Explorer
CVE/Advisory : CVE-2019-0608,CVE-2019-1238,CVE-2019-1239,CVE-2019-1357,CVE-2019-1371
Impact:Remote Code Execution,Spoofing
Product: Microsoft Edge
CVEs/Advisory : CVE-2019-0608,CVE-2019-1307,CVE-2019-1308,CVE-2019-1335,CVE-2019-1356,CVE-2019-1357,CVE-2019-1366
Impact :Information Disclosure,Remote Code Execution,Spoofing
Severity : Critical
KBs : 4517389,4519338,4519998,4520004,4520008,4520010,4520011
Product :Open Source Software
CVEs/Advisory : CVE-2019-1369
Impact : Information Disclosure
Severity : Important
Product :Windows Update Assistant
Impact : Elevation of Privilege
Severity : Important