September Patch Tuesday Bears More Remote Desktop Vulnerability Fixes and Two Zero-Days

Microsoft’s September Patch Tuesday covered and also included patches for Chakra Scripting motor Azure DevOps Server, and Microsoft SharePoint. Sixty-two were labeled as important and included patches for Microsoft Edge Microsoft Excel, along with Microsoft Exchange. Only one was rated as moderate.

Remote desktop vulnerabilities

Continuing the trend from last month, many of the critical spots were for Remote Desktop Clients and therefore are CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, and CVE-2019-1291 — each of Remote Code Execution (RCE) vulnerabilities. These follow up the previous weeks’ fixes for BlueKeep and DejaBlue. These previous flaws can enable an individual to execute a code onto a system level via a crafted pre-authentication RDP packet delivered to an affected Remote Desktop Services (RDS) server. However, in such recent disclosures, the consumer would need to utilize some amount of social engineering to convince users to join to their own server that is controlled.

Zero days

Microsoft additionally suppressed two zero-days, namely CVE-2019-1214 along with CVE-2019-1215, which can be both altitude of privilege vulnerabilities. CVE-2019-1215 is present in the manner Winsock would allow individuals to execute code with elevated privileges and manages objects in memory. CVE-2019-1214 exists in how Windows Common Log File System (CLFS) manages objects in memory and also could permit a user to conduct procedures in an elevated circumstance.

Browser components

Browser elements were also patched by microsoft , specifically for the Chakra Scripting Engine along with VBScript. For VBScript, these RCE vulnerabilities are branded CVE-2019-1208 along with CVE-2019-1236. To get Chakra Scripting Engine, these are CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, and CVE-2019-1300. Microsoft Edge is affected by the vulnerabilities that are stated, and could gain rights as the original user. The patch changes how Chakra handles objects in memory, where these vulnerabilities are available.

Other noteworthy patches and upgrades

An LNK vulnerability (designated as CVE-2019-1280) also found a patch within this month’s patch Tuesday. This vulnerability could allow remote code implementation of .LNK files. That is of note since LNK vulnerabilities have been connected into this Stuxnet worm previously. Stuxnet spread through an used for a crafted malicious .LNK file. The patch simplifies the processing of shortcut LNK references.

Patches contained several for Microsoft Office applications , namely Microsoft Excel and Microsoft Exchange. The former was to get a RCE vulnerability (CVE-2019-1297) and the latter was to get a denial of service (DoS) vulnerability (CVE-2019-1233).

NET Framework spots have been published every month this season, and this tendency continues in September. Among the notable disclosures on this month will be that the patch to the .NET Framework DoS vulnerability CVE-2019-1301, that corrects how the .NET Core net application handles web requests.

Of note was that the look of a Kernel Information disclosure vulnerability, designated as CVE-2019-1274. This vulnerability would allow individuals to obtain. The patch must modify in which the vulnerability is different, how Kernel handles items in memory. Additionally, a released patch for Hyper-V Information Disclosure Vulnerability, designated as CVE-2019-1254, that may also allow an attacker access to sensitive data within an affected system.

Also included in this month’s Patch Tuesday has been a safety update to get Adobe Flash Player, following several non-security-related updates from the previous months. It addresses both the vulnerabilities CVE-2019-8070 and CVE-2019-8069.

Users with setups that were affected are recommended to prioritize the upgrades so as to prevent potential system exploitation. The Trend Micro™ Deep Security™ and Vulnerability Protection solutions additionally protect systems and users against threats following the vulnerabilities contained within this month’s Patch Tuesday, upgrading or creating guidelines to cover the specific vulnerabilities found. Protection is provided for CVE-2019-1257, CVE-2019-1295 and CVE-2019-1296 via the following rule:

  • 1009971 – Microsoft SharePoint Multiple Remote Code Execution Vulnerabilities

Trend Micro™ TippingPoint® customers are protected from threats and attacks which may exploit CVE-2019-0787 through the following MainlineDV filter:

  • 36123: RDP: Microsoft Remote Desktop Services Memory Corruption Vulnerability (CVE-2019-0787)

We’re working hard to continue to provide protection where possible. It is possible to track of the newest released rules throughout the following advisory.

The post September Patch Tuesday Bears More Remote Desktop Vulnerability Fixes and Two Zero-Days appeared first on .

Related posts

Leave a Comment