Posted: 18 Min ReadThreat Intelligence

Microsoft Patch Tuesday – October 2019

This month the vendor has patched 59 vulnerabilities, 9 of which are rated Critical.

This month the vendor has patched 59 vulnerabilities, 9 of which are rated Critical.

As always, customers are advised to follow these security best practices:

  • Install vendor patches as soon as they are available.
  • Run all software with the least privileges required while still maintaining functionality.
  • Avoid handling files from unknown or questionable sources.
  • Never visit sites of unknown or questionable integrity.
  • Block external access at the network perimeter to all key systems unless specific access is required.

Microsoft's summary of the October 2019 releases can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance

 

This month's update covers vulnerabilities in:

  • Internet Explorer
  • Microsoft Edge
  • ChakraCore
  • Microsoft Office
  • Microsoft Windows
  • Microsoft Hyper-V
  • Graphics Device Interface
  • Jet Database Engine
  • Azure App Service
  • Open Enclave SDK
  • Microsoft Dynamics 365
  • SQL Server Management Studio

The following is a breakdown of the issues being addressed this month:

  1. Cumulative Security Update for Microsoft Browsers

    VBScript Remote Code Execution Vulnerability (CVE-2019-1238) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    VBScript Remote Code Execution Vulnerability (CVE-2019-1239) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1307) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1308) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1335) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1366) MS Rating: Critical

    A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

    Microsoft Edge Spoofing Vulnerability (CVE-2019-0608) MS Rating: Important

    A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content. An attacker who successfully exploited this vulnerability could impersonate a user request by crafting HTTP queries.

     

    Microsoft Edge based on Edge HTML Information Disclosure Vulnerability (CVE-2019-1356) MS Rating: Important

    An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system.

     

    Microsoft Browser Spoofing Vulnerability (CVE-2019-1357) MS Rating: Important

    A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies. An attacker who successfully exploited this vulnerability could trick a browser into overwriting a secure cookie with an insecure cookie.

     

    Internet Explorer Memory Corruption Vulnerability (CVE-2019-1371) MS Rating: Important

    A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted web page.

     

  2. Cumulative Security Update for Microsoft Office

    Microsoft Office SharePoint XSS Vulnerability (CVE-2019-1070) MS Rating: Important

    A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1327) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

    Microsoft SharePoint Spoofing Vulnerability (CVE-2019-1328) MS Rating: Important

    A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2019-1329) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected SharePoint server.

     

    Microsoft SharePoint Privilege Escalation Vulnerability (CVE-2019-1330) MS Rating: Important

    A privilege escalation vulnerability exists in Microsoft SharePoint. An attacker who successfully exploited this vulnerability could attempt to impersonate another user of the SharePoint server.

     

    Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1331) MS Rating: Important

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

     

  3. Cumulative Security Update for Microsoft Windows Kernel

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-1334) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Windows Kernel Information Disclosure Vulnerability (CVE-2019-1345) MS Rating: Important

    An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Win32k Privilege Escalation Vulnerability (CVE-2019-1362) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

    Win32k Privilege Escalation Vulnerability (CVE-2019-1364) MS Rating: Important

    A privilege escalation vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

     

  4. Cumulative Security Update for Microsoft Hyper-V

    Hyper-V Information Disclosure Vulnerability (CVE-2019-1230) MS Rating: Important

    An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker on a guest operating system could run a specially crafted application that could cause the Hyper-V host operating system to disclose memory information.

     

  5. Security Update for Microsoft Graphics

    Microsoft Graphics Components Information Disclosure Vulnerability (CVE-2019-1361) MS Rating: Important

    An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation.

     

    Windows GDI Information Disclosure Vulnerability (CVE-2019-1363) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability.

     

  6. Security Update for Microsoft Windows

    Remote Desktop Client Remote Code Execution Vulnerability (CVE-2019-1333) MS Rating: Critical

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client.

     

    MS XML Remote Code Execution Vulnerability (CVE-2019-1060) MS Rating: Critical

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user's system.

     

    Windows NTLM Tampering Vulnerability (CVE-2019-1166) MS Rating: Important

    A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.

     

    Windows Imaging API Remote Code Execution Vulnerability (CVE-2019-1311) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Imaging API improperly handles objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user.

     

    Windows 10 Mobile Security Bypass Vulnerability (CVE-2019-1314) MS Rating: Important

    A security bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen. An attacker who successfully exploited this vulnerability could access the photo library of an affected phone and modify or delete photos without authenticating to the system.

     

    Windows Error Reporting Manager Privilege Escalation Vulnerability (CVE-2019-1315) MS Rating: Important

    A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

     

    Microsoft Windows Setup Privilege Escalation Vulnerability (CVE-2019-1316) MS Rating: Important

    A privilege escalation vulnerability exists in the Microsoft Windows Setup when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Microsoft Windows Denial of Service Vulnerability (CVE-2019-1317) MS Rating: Important

    A denial of service vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

     

    Microsoft Windows Spoofing Vulnerability (CVE-2019-1318) MS Rating: Important

    A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions. An attacker who successfully exploited this vulnerability may gain access to unauthorized information.

     

    Windows Error Reporting Privilege Escalation Vulnerability (CVE-2019-1319) MS Rating: Important

    A privilege escalation vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files. The vulnerability could allow elevation of privilege if an attacker can successfully exploit it.

     

    Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1320) MS Rating: Important

    A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Microsoft Windows CloudStore Privilege Escalation Vulnerability (CVE-2019-1321) MS Rating: Important

    A privilege escalation vulnerability exists when Windows 'CloudStore' improperly handles file Discretionary Access Control List (DACL). An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

     

    Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1322) MS Rating: Important

    A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Microsoft Windows Update Client Privilege Escalation Vulnerability (CVE-2019-1323) MS Rating: Important

    A privilege escalation vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Windows Redirected Drive Buffering System Privilege Escalation Vulnerability (CVE-2019-1325) MS Rating: Important

    A privilege escalation vulnerability exists in the Windows redirected drive buffering system ('rdbss.sys') when the operating system improperly handles specific local calls within Windows 7 for 32-bit systems.

     

    Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability (CVE-2019-1326) MS Rating: Important

    A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RDP service on the target system to stop responding.

     

    Microsoft Windows Update Client Privilege Escalation Vulnerability (CVE-2019-1336) MS Rating: Important

    A privilege escalation vulnerability exists in the Microsoft Windows Update Client when it does not properly handle privileges. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

     

    Microsoft Windows Update Client Information Disclosure Vulnerability (CVE-2019-1337) MS Rating: Important

    An information disclosure vulnerability exists when Windows Update Client fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose memory contents of an elevated process.

     

    Microsoft Windows NTLM Security Bypass Vulnerability (CVE-2019-1338) MS Rating: Important

    A security bypass vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLMv2 protection if a client is also sending LMv2 responses. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.

     

    Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1339) MS Rating: Important

    A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

     

    Microsoft Windows Privilege Escalation Vulnerability (CVE-2019-1340) MS Rating: Important

    A privilege escalation vulnerability exists in Windows AppX Deployment Server that allows file creation in arbitrary locations. To exploit the vulnerability, an attacker would first have to log on to the system.

     

    Windows Power Service Privilege Escalation Vulnerability (CVE-2019-1341) MS Rating: Important

    A privilege escalation vulnerability exists when umpo. dll of the Power Service, improperly handles a Registry Restore Key function.

     

    Windows Error Reporting Manager Privilege Escalation Vulnerability (CVE-2019-1342) MS Rating: Important

    A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles a process crash. An attacker who successfully exploited this vulnerability could delete a targeted file leading to an elevated status.

     

    Microsoft Windows Denial of Service Vulnerability (CVE-2019-1343) MS Rating: Important

    A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

     

    Microsoft Windows Code Integrity Module Information Disclosure Vulnerability (CVE-2019-1344) MS Rating: Important

    An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.

     

    Microsoft Windows Denial of Service Vulnerability (CVE-2019-1346) MS Rating: Important

    A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

     

    Microsoft Windows Denial of Service Vulnerability (CVE-2019-1347) MS Rating: Important

    A denial of service vulnerability exists when Windows improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.

     

    Microsoft IIS Server Privilege Escalation Vulnerability (CVE-2019-1365) MS Rating: Important

    A privilege escalation vulnerability exists when Microsoft IIS Server fails to check the length of a buffer prior to copying memory to it. An attacker who successfully exploited this vulnerability can allow an unprivileged function ran by the user to execute code in the context of 'NT AUTHORITY\system' escaping the Sandbox.

     

    Microsoft Windows Secure Boot Security Bypass Vulnerability (CVE-2019-1368) MS Rating: Important

    A security bypass exists when Windows Secure Boot improperly restricts access to debugging functionality. An attacker who successfully exploited this vulnerability could disclose protected kernel memory.

     

  7. Security Update for Jet Database Engine

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1358) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

    Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1359) MS Rating: Important

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system.

     

  8. Security Update for SQL Server Management Studio

    SQL Server Management Studio Information Disclosure Vulnerability (CVE-2019-1313) MS Rating: Important

    An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database.

     

    SQL Server Management Studio Information Disclosure Vulnerability (CVE-2019-1376) MS Rating: Important

    An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions. An attacker could exploit the vulnerability if the attacker's credentials allow access to an affected SQL server database.

     

  9. Security Update for Azure App Service

    Azure App Service Remote Code Execution Vulnerability (CVE-2019-1372) MS Rating: Critical

    An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.

     

  10. Security Update for Microsoft Dynamics 365 (On-Premise)

    Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability (CVE-2019-1375) MS Rating: Important

    A cross site scripting vulnerability because it fails to properly sanitize user-supplied input. An authenticated attacker can exploit this issue by sending a specially crafted request to an affected Dynamics server.

     

  11. Security Update for Open Enclave SDK

    Open Enclave SDK Information Disclosure Vulnerability (CVE-2019-1369) MS Rating: Important

    An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information stored in the Enclave.

     

More information is available on Symantec's free Security Center portal and to our customers through the DeepSight Threat Management System.

About the Author

Ratheesh PM

Sr Threat Analysis Engineer

Ratheesh is a member of Symantec's Cyber Security Services organization which provides round-the-clock monitoring and protection services against cyber attacks.