Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
talosblog[email protected] (Jon Munshaw)TALOSBLOG:3052A7B74E1E13F630CF51AB1B1A36D6
HistoryOct 08, 2019 - 10:11 a.m.

Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage

2019-10-0810:11:15
[email protected] (Jon Munshaw)
feedproxy.google.com
119
JSON

By Jon Munshaw.

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered “critical,” with the rest being deemed “important.”

This month’s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software.

Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here.

Critical vulnerabilities

Microsoft disclosed nine critical vulnerabilities this month, eight of which we will highlight below.

CVE-2019-1333 is a client-side remote execution vulnerability in Remote Desktop Services (RDP) that occurs when a user visits a malicious server. An attacker could exploit this vulnerability by having control of a malicious server, and then convincing the user to connect to it — likely via social engineering or a man-in-the-middle attack. An attacker could also compromise a legitimate server and then host malicious code on it, waiting for a user to connect. If successful, the attacker could gain the ability to remotely execute code on the victim machine that connected to the server.

CVE-2019-1238 and CVE-2019-1239 are remote code execution vulnerabilities that exist in the way VBScript handles objects in memory. These bugs all could lead to memory corruption in a way that would allow an attacker to execute arbitrary code on the victim machine. An attacker could exploit these vulnerabilities by tricking a user into visiting a specially crafted, malicious website through Internet Explorer. They could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that utilizes the Internet Explorer rendering engine.

CVE-2019-1307, CVE-2019-1308, CVE-2019-1335 and CVE-2019-1366 are all memory corruption vulnerabilities in the Chakra Scripting Engine inside of the Microsoft Edge web browser. An attacker could use these bugs to corrupt memory on the victim machine in a way that would allow them to remotely execute arbitrary code. A user could trigger these vulnerabilities by visiting a specially crafted, malicious website in Edge.

CVE-2019-1372 is an elevation of privilege vulnerability on Azure Stack when the Azure App Service fails to properly check the length of a buffer prior to copying memory to it. An attacker could exploit this vulnerability to copy any function run by the user, thereby executing code in the context of NT AUTHORITY/system, which could allow the attacker to escape a sandbox.

There is also CVE-2019-1060, a remote code execution vulnerability in Microsoft XML Core Services.

Important vulnerabilities

This release also contains 51 important vulnerabilities.

Coverage

In response to these vulnerability disclosures, Talos is releasing a new SNORTⓇ rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org.

These rules are: 51733 - 51736, 51739 - 51742, 51781 - 51794

Related

nessus 18
kaspersky 7
openvas 18
mskb 26
threatpost 1
prion 40
veracode 4
cve 38
osv 7
github 4
attackerkb 5
qualysblog 1
thn 1
mscve 12
symantec 13
cisa_kev 1
zdt 2
zdi 1
nessus
nessus
KB4520008: Windows 10 Version 1803 October 2019 Security Update
2019-10-08 00:00:00
KB4519338: Windows 10 Version 1809 and Windows Server 2019 October 2019 Security Update
2019-10-08 00:00:00
KB4520010: Windows 10 Version 1703 October 2019 Security Update
2019-10-08 00:00:00
kaspersky
kaspersky
KLA11574 Multiple vulnerabilities in Microsoft Windows
2019-10-08 00:00:00
KLA11872 Multiple vulnerabilities in Microsoft Products (ESU)
2019-10-08 00:00:00
KLA11578 Multiple vulnerabilities in Microsoft Browsers
2019-10-08 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4517389)
2019-10-09 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4519338)
2019-10-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4520008)
2019-10-09 00:00:00
mskb
mskb
October 8, 2019—KB4519338 (OS Build 17763.805)
2019-11-12 08:00:00
October 8, 2019—KB4517389 (OS Build 18362.418)
2019-11-12 08:00:00
October 8, 2019—KB4520003 (Security-only update)
2019-11-12 08:00:00
threatpost
threatpost
Critical Microsoft Remote Desktop Flaw Fixed in Security Update
2019-10-08 19:55:56
prion
prion
Remote code execution
2019-10-10 14:15:00
Remote code execution
2019-10-10 14:15:00
Remote code execution
2019-10-10 14:15:00
veracode
veracode
Remote Code Execution (RCE)
2019-10-11 05:12:43
Remote Code Execution
2019-10-11 01:58:13
Remote Code Execution (RCE)
2019-10-11 03:12:05
cve
cve
CVE-2019-1335
2019-10-10 14:15:00
CVE-2019-1308
2019-10-10 14:15:00
CVE-2019-1366
2019-10-10 14:15:00
osv
osv
Out-of-bounds write
2021-03-29 20:55:40
Out-of-bounds write
2021-03-29 20:55:52
Out-of-bounds write
2021-03-29 20:55:46
github
github
Out-of-bounds write
2021-03-29 20:55:36
Out-of-bounds write
2021-03-29 20:55:52
Out-of-bounds write
2021-03-29 20:55:46
attackerkb
attackerkb
CVE-2019-1320
2019-10-10 00:00:00
CVE-2019-1340
2019-10-10 00:00:00
CVE-2019-1322
2019-10-10 00:00:00
qualysblog
qualysblog
October 2019 Patch Tuesday – 59 vulns, 9 Critical, Azure App Service, Remote Desktop Client, PoC for Windows Error Reporting
2019-10-08 18:18:26
thn
thn
Microsoft Releases October 2019 Patch Tuesday Updates
2019-10-08 18:12:00
mscve
mscve
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
2019-10-08 07:00:00
Windows 10 Mobile Security Feature Bypass Vulnerability
2019-10-08 07:00:00
VBScript Remote Code Execution Vulnerability
2019-10-08 07:00:00
symantec
symantec
Microsoft Windows CVE-2019-1347 Denial of Service Vulnerability
2019-10-08 00:00:00
Microsoft Windows 10 Mobile CVE-2019-1314 Local Security Bypass Vulnerability
2019-10-08 00:00:00
Microsoft Excel CVE-2019-1327 Remote Code Execution Vulnerability
2019-10-08 00:00:00
cisa_kev
cisa_kev
Microsoft Windows Privilege Escalation Vulnerability
2022-03-15 00:00:00
zdt
zdt
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
2019-10-10 00:00:00
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File Exploit
2019-10-10 00:00:00
zdi
zdi
Microsoft Windows user32 Cursor Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2019-10-10 00:00:00
JSON
Related for TALOSBLOG:3052A7B74E1E13F630CF51AB1B1A36D6
nessus18kaspersky7openvas18mskb26threatpost1prion40veracode4cve38osv7github4attackerkb5qualysblog1thn1mscve12symantec13cisa_kev1zdt2zdi1