October 8, 2019—KB4520007 (Monthly Rollup)

October 8, 2019—KB4520007 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4516069released September 24, 2019 and addresses the following issues: Addresses an issue with applications and printer drivers that utilize the Window...

November 12, 2019—KB4525236 (OS Build 14393.3326)

November 12, 2019—KB4525236 OS Build 14393.3326 Reminder The additional servicing for Windows 10 Enterprise, Education, and IoT Enterprise editions ended on April 9, 2019 and doesn't extend beyond this date. To continue receiving security and quality updates, Microsoft recommends updating to the...

November 12, 2019—KB4523205 (OS Build 17763.864)

November 12, 2019—KB4523205 OS Build 17763.864 Note This release also contains updates for Microsoft HoloLens OS Build 17763.865 released November 12, 2019. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have...

November 12, 2019—KB4525234 (Monthly Rollup)

November 12, 2019—KB4525234 Monthly Rollup IMPORTANT Customers who have purchased the Extended Security Update ESU for on-premises versions of some operating systems must follow specific procedures to continue receiving security updates after extended support ends on January 14, 2020. For more...

November 12, 2019—KB4525243 (Monthly Rollup)

November 12, 2019—KB4525243 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4520012 released October 15, 2019 and addresses the following issues: Addresses an issue that prevents a 16-bit Visual Basic 3 VB3 application or oth...

November 12, 2019—KB4525232 (OS Build 10240.18395)

November 12, 2019—KB4525232 OS Build 10240.18395 For more information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following article. Highlights Updates to improve security when using Internet Explorer. Updates to improve...

KLA11605 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A security feature bypass vulnerability in Microsoft Edge can be exploited remotely...

KLA11871 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, obtain sensitive information, bypass security restrictions. Below is a complete list of...

KB4524570: Windows 10 Version 1903 and Windows 10 Version 1909 November 2019 Security Update

The remote Windows host is missing security update 4524570. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Windows Netlogon improperly handles a secure communications channel. An attacker who successfully exploited the vulnerability...

KB4525233: Windows 7 and Windows Server 2008 R2 November 2019 Security Update

The remote Windows host is missing security update 4525233 or cumulative update 4525235. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an...

Internet Explorer RCE through scripting engine memory corruption (IE 9, 10, 11)

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428. Recent assessments: busterb at November...

Gustuff return, new features for victims

By Vitor Ventura with contributions from Chris Neal. Executive summary The Gustuff banking trojan is back with new features, months after initially appearing targeting financial institutions in Australia. Cisco Talos first reported on Gustuff in April. Soon after, the actors behind Gustuff starte...

Gustuff Android Banker Switches Up Technical Approach

An Instagram-initiated campaign using the Gustuff Android mobile banking trojan has rolled out in October, featuring an updated version of the malware that lowers its detection profile. How the cybercriminals are rolling out the campaign is the same as a previous offensive seen in June, according...

Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2019-36634)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from a memory corruption vulnerability in the Chakra scripting engine. The vulnerability stems from a problem in the way the Chakra scripting engine handles objects...

Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2019-36636)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from a memory corruption vulnerability in the Chakra scripting engine. The vulnerability stems from a problem in the way the Chakra scripting engine handles objects...

Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CNVD-2019-36635)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from a memory corruption vulnerability in the Chakra scripting engine. The vulnerability stems from a problem in the way the Chakra scripting engine handles objects...

CVE-2019-1366

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335...

CVE-2019-1366

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1335...

CVE-2019-1335

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1308, CVE-2019-1366...

CVE-2019-1308

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366...