October’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Most of the critical bulletins were for various Internet Explorer and Microsoft Edge vulnerabilities, with one covering a Remote Desktop Client vulnerability. The Important bulletins fixed several issues, including NLTM and Microsoft IIS server vulnerabilities.
Here’s a closer look at the notable vulnerabilities patched this month:
Remote Desktop Client
CVE-2019-1333 covered a remote code execution (RCE) vulnerability in Microsoft’s Remote Desktop Client. However, for an attacker to successfully exploit and gain remote access to a targeted system using this vulnerability they must have the user access their malicious RDP server, which may involve some use of social engineering.
Browser vulnerabilities
CVE-2019-1060, CVE-2019-1238, and CVE-2019-1239 are vulnerabilities found in how the VBScript engine of Internet Explorer handles objects in memory. CVE-2019-1307, CVE-2019-1308, CVE-2019-1335, and CVE-2019-1366 are similar vulnerabilities in the Chakra scripting engine of Microsoft Edge.
For both cases, a hacker can use these vulnerabilities to corrupt memory in a way that would make it possible to run arbitrary code with the same rights as the user. These vulnerabilities allow an attacker to gain the same privileges as the logged on user.
Authentication vulnerabilities
CVE-2019-1166 is a tampering vulnerability in Microsoft’s NTLM authentication protocol. This vulnerability could allow a possible man-in-the-middle (MITM) attacker to bypass protection mechanisms employed by NTLM called Message Integrity Check (MIC) and downgrade its security features. This is done without the signature of the NTLM packet becoming invalid.
CVE-2019-1338 is a security feature bypass vulnerability where a MitM attack could bypass NTLMv2 protection if the client is also sending out LMv2 responses. A successful exploit of this vulnerability could allow an attacker to downgrade NTLM security features, but they would need to modify NTLM traffic exchange to do so.
Microsoft IIS Server
CVE-2019-1365 is an elevation of privilege vulnerability that could allow a potential attacker to perform cross-site scripting and run scripts in the same security context as the user. This vulnerability exists because of instances where the Microsoft IIS server inadequately sanitizes a specially crafted request.
Trend Micro solutions
Users with affected installations are advised to prioritize the updates in order to avoid possible system exploitation through unpatched vulnerabilities. The Trend Micro
The post Short October Patch Tuesday Includes Remote Desktop Client, Browser, and Authentication Patches appeared first on .
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was… Read More
For nearly a dozen years, residents of South Carolina have been kept in the dark… Read More
The U.S. government is warning that “smart locks” securing entry to an estimated 50,000 dwellings… Read More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach… Read More
On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead.… Read More
If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead… Read More