November 2019 Microsoft Patch Tuesday
Microsoft today patched a total of 74 vulnerabilities. This patch Tuesday release also includes two advisories. 15 of the vulnerabilities are rated critical.
Two vulnerabilities had been disclosed prior to today, and one critical scripting engine vulnerability has already been exploited in the wild. The vulnerability, CVE-2019-1429, may lead to remote code execution due to memory corruption in the scripting engine. All current versions of Windows / Internet Explorer are affected. This is probably the most important issue you need to patch. At the recent "Pwn2Own" contest in Tokyo, JavaScript engine issues were used to breach anything from smart TV to smartphones via not-so-smart browsers.
The first publicly disclosed problem, a confidentiality issue with Trusted Platform Module (TPM) chip firmware, is probably not as severe. It only affects the ECDSA algorithm, which isn't used in Windows so far. Patching this issue will be difficult. You will need to update the TPM firmware (and the page Microsoft links to with details from the TPM manufacturer is down right now). Once updated, you need to re-enroll into security services.
The second publicly known vulnerability affects the Microsoft Office Click-to-Run system (C2R). A crafted file could abuse these components to escalate privileges and execute code as System.
Description | |||||||
---|---|---|---|---|---|---|---|
CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
Azure Stack Spoofing Vulnerability | |||||||
CVE-2019-1234 | No | No | - | - | Important | ||
DirectWrite Information Disclosure Vulnerability | |||||||
CVE-2019-1432 | No | No | - | - | Important | 4.4 | 4.0 |
CVE-2019-1411 | No | No | Less Likely | Less Likely | Important | 4.4 | 4.0 |
Hyper-V Remote Code Execution Vulnerability | |||||||
CVE-2019-0719 | No | No | Less Likely | Less Likely | Critical | 8.0 | 7.2 |
CVE-2019-0721 | No | No | Less Likely | Less Likely | Critical | 8.0 | 7.2 |
Jet Database Engine Remote Code Execution Vulnerability | |||||||
CVE-2019-1406 | No | No | Less Likely | Less Likely | Important | 6.7 | 6.0 |
Latest Servicing Stack Updates | |||||||
ADV990001 | No | No | - | - | Critical | ||
Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability | |||||||
CVE-2019-1382 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Microsoft Edge Security Feature Bypass Vulnerability | |||||||
CVE-2019-1413 | No | No | - | - | Important | 4.3 | 3.9 |
Microsoft Excel Information Disclosure Vulnerability | |||||||
CVE-2019-1446 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Excel Remote Code Execution Vulnerability | |||||||
CVE-2019-1448 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Exchange Remote Code Execution Vulnerability | |||||||
CVE-2019-1373 | No | No | Less Likely | Less Likely | Critical | ||
Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM) | |||||||
ADV190024 | Yes | No | - | - | |||
Microsoft Office ClickToRun Security Feature Bypass Vulnerability | |||||||
CVE-2019-1449 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Office Excel Security Feature Bypass | |||||||
CVE-2019-1457 | Yes | No | - | - | Important | ||
Microsoft Office Information Disclosure Vulnerability | |||||||
CVE-2019-1402 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Office Online Spoofing Vulnerability | |||||||
CVE-2019-1445 | No | No | - | - | Important | ||
CVE-2019-1447 | No | No | - | - | Important | ||
Microsoft Office Security Feature Bypass Vulnerability | |||||||
CVE-2019-1442 | No | No | - | - | Important | ||
Microsoft SharePoint Information Disclosure Vulnerability | |||||||
CVE-2019-1443 | No | No | Less Likely | Less Likely | Important | ||
Microsoft Windows Information Disclosure Vulnerability | |||||||
CVE-2019-1381 | No | No | Less Likely | Less Likely | Important | 6.6 | 5.9 |
Microsoft Windows Media Foundation Remote Code Execution Vulnerability | |||||||
CVE-2019-1430 | No | No | - | - | Critical | 7.3 | 6.6 |
Microsoft Windows Security Feature Bypass Vulnerability | |||||||
CVE-2019-1384 | No | No | Less Likely | Less Likely | Important | 8.5 | 7.6 |
Microsoft splwow64 Elevation of Privilege Vulnerability | |||||||
CVE-2019-1380 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
NetLogon Security Feature Bypass Vulnerability | |||||||
CVE-2019-1424 | No | No | Less Likely | Less Likely | Important | 8.1 | 7.3 |
Open Enclave SDK Information Disclosure Vulnerability | |||||||
CVE-2019-1370 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
OpenType Font Driver Information Disclosure Vulnerability | |||||||
CVE-2019-1412 | No | No | - | - | Important | 5.0 | 4.5 |
OpenType Font Parsing Remote Code Execution Vulnerability | |||||||
CVE-2019-1456 | No | No | - | - | Important | 7.8 | 7.0 |
CVE-2019-1419 | No | No | Less Likely | Less Likely | Critical | 7.8 | 7.0 |
Scripting Engine Memory Corruption Vulnerability | |||||||
CVE-2019-1429 | No | Yes | Detected | Detected | Critical | 6.4 | 5.8 |
CVE-2019-1426 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2019-1427 | No | No | - | - | Critical | 4.2 | 3.8 |
CVE-2019-1428 | No | No | - | - | Critical | 4.2 | 3.8 |
VBScript Remote Code Execution Vulnerability | |||||||
CVE-2019-1390 | No | No | More Likely | More Likely | Critical | 6.4 | 5.8 |
Visual Studio Elevation of Privilege Vulnerability | |||||||
CVE-2019-1425 | No | No | - | - | Important | ||
Win32k Elevation of Privilege Vulnerability | |||||||
CVE-2019-1434 | No | No | - | - | Important | 7.0 | 6.3 |
CVE-2019-1393 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
CVE-2019-1394 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
CVE-2019-1395 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
CVE-2019-1396 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
CVE-2019-1408 | No | No | More Likely | More Likely | Important | 7.8 | 7.0 |
Win32k Graphics Remote Code Execution Vulnerability | |||||||
CVE-2019-1441 | No | No | - | - | Critical | 6.7 | 6.0 |
Win32k Information Disclosure Vulnerability | |||||||
CVE-2019-1436 | No | No | More Likely | More Likely | Important | 5.5 | 5.0 |
CVE-2019-1440 | No | No | Less Likely | Less Likely | Important | 5.0 | 4.5 |
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | |||||||
CVE-2019-1385 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Certificate Dialog Elevation of Privilege Vulnerability | |||||||
CVE-2019-1388 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Data Sharing Service Elevation of Privilege Vulnerability | |||||||
CVE-2019-1417 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1379 | No | No | - | - | Important | 7.8 | 7.0 |
CVE-2019-1383 | No | No | - | - | Important | 7.8 | 7.0 |
Windows Denial of Service Vulnerability | |||||||
CVE-2018-12207 | No | No | Less Likely | Less Likely | Important | 4.7 | 4.2 |
CVE-2019-1391 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Elevation of Privilege Vulnerability | |||||||
CVE-2019-1420 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1422 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
CVE-2019-1423 | No | No | - | - | Important | 7.8 | 7.0 |
Windows Error Reporting Information Disclosure Vulnerability | |||||||
CVE-2019-1374 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows GDI Information Disclosure Vulnerability | |||||||
CVE-2019-1439 | No | No | Less Likely | Less Likely | Important | 4.7 | 4.2 |
Windows Graphics Component Elevation of Privilege Vulnerability | |||||||
CVE-2019-1433 | No | No | Less Likely | Less Likely | Important | 7.0 | 6.3 |
CVE-2019-1435 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2019-1437 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2019-1438 | No | No | More Likely | More Likely | Important | 7.0 | 6.3 |
CVE-2019-1407 | No | No | - | - | Important | 7.8 | 7.0 |
Windows Hyper-V Denial of Service Vulnerability | |||||||
CVE-2019-0712 | No | No | Less Likely | Less Likely | Important | 5.8 | 5.2 |
CVE-2019-1309 | No | No | Less Likely | Less Likely | Important | 5.8 | 5.2 |
CVE-2019-1310 | No | No | Less Likely | Less Likely | Important | 5.8 | 5.2 |
CVE-2019-1399 | No | No | Less Likely | Less Likely | Important | 5.4 | 4.9 |
Windows Hyper-V Remote Code Execution Vulnerability | |||||||
CVE-2019-1389 | No | No | - | - | Critical | 7.6 | 6.8 |
CVE-2019-1397 | No | No | Less Likely | Less Likely | Critical | 7.6 | 6.8 |
CVE-2019-1398 | No | No | Less Likely | Less Likely | Critical | 7.6 | 6.8 |
Windows Installer Elevation of Privilege Vulnerability | |||||||
CVE-2019-1415 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows Kernel Elevation of Privilege Vulnerability | |||||||
CVE-2019-1392 | No | No | - | - | Important | 7.0 | 6.3 |
Windows Kernel Information Disclosure Vulnerability | |||||||
CVE-2019-11135 | No | No | Less Likely | Less Likely | Important | 4.7 | 4.2 |
Windows Modules Installer Service Information Disclosure Vulnerability | |||||||
CVE-2019-1418 | No | No | Less Likely | Less Likely | Important | 3.5 | 3.2 |
Windows Remote Procedure Call Information Disclosure Vulnerability | |||||||
CVE-2019-1409 | No | No | Less Likely | Less Likely | Important | 5.5 | 5.0 |
Windows Subsystem for Linux Elevation of Privilege Vulnerability | |||||||
CVE-2019-1416 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
Windows TCP/IP Information Disclosure Vulnerability | |||||||
CVE-2019-1324 | No | No | Less Likely | Less Likely | Important | 5.3 | 4.9 |
Windows UPnP Service Elevation of Privilege Vulnerability | |||||||
CVE-2019-1405 | No | No | Less Likely | Less Likely | Important | 7.8 | 7.0 |
---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|
Comments