Microsoft October 2019 Patch Tuesday

Published: 2019-10-08. Last Updated: 2019-10-08 17:58:14 UTC
by Renato Marinho (Version: 1)

This month we got patches for 59 vulnerabilities total. None of them have been previously disclosed nor are being exploited according to Microsoft.

Amongst 9 critical vulnerabilities, its worth mentioning the remote code execution one which affects Microsoft XML Core Services (CVE-2019-1060). To exploit this vulnerability, an attacker would have to convince a user to access a specially crafted website designed to invoke MSXML through the web browser. When Internet Explorer parses the malicious content, the attacker could run malicious code remotely on users’s system.

There is also a critical remote execution vulnerability Windows Remote Desktop Client (CVE-2019-1333). To exploit this vulnerability, an attacker would have to force the user to connect to a malicious server or compromise a legitimate server to host the malicious code on it, and wait for the users to connect.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE	Disclosed	Exploited	Exploitability (old versions)	current version	Severity	CVSS Base (AVG)	CVSS Temporal (AVG)
Azure App Service Remote Code Execution Vulnerability
CVE-2019-1372	No	No	Less Likely	Less Likely	Critical
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-1307	No	No	-	-	Critical	4.2	3.8
CVE-2019-1308	No	No	-	-	Critical	4.2	3.8
CVE-2019-1335	No	No	-	-	Critical	4.2	3.8
CVE-2019-1366	No	No	-	-	Critical	4.2	3.8
Hyper-V Information Disclosure Vulnerability
CVE-2019-1230	No	No	Less Likely	Less Likely	Important	6.8	6.1
Internet Explorer Memory Corruption Vulnerability
CVE-2019-1371	No	No	Less Likely	Less Likely	Important	6.4	5.8
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1358	No	No	Less Likely	Less Likely	Important	7.8	7.0
CVE-2019-1359	No	No	Less Likely	Less Likely	Important	7.8	7.0
Latest Servicing Stack Updates
ADV990001	No	No	-	-	Critical
MS XML Remote Code Execution Vulnerability
CVE-2019-1060	No	No	Less Likely	Less Likely	Critical	6.4	5.8
Microsoft Browser Spoofing Vulnerability
CVE-2019-0608	No	No	Less Likely	Less Likely	Important	2.4	2.2
CVE-2019-1357	No	No	Less Likely	Less Likely	Important	3.5	3.2
Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability
CVE-2019-1375	No	No	Less Likely	Less Likely	Important
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
CVE-2019-1356	No	No	-	-	Important	4.3	3.9
Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-1327	No	No	Less Likely	Less Likely	Important
CVE-2019-1331	No	No	Less Likely	Less Likely	Important
Microsoft Graphics Components Information Disclosure Vulnerability
CVE-2019-1361	No	No	-	-	Important	5.5	5.0
Microsoft IIS Server Elevation of Privilege Vulnerability
CVE-2019-1365	No	No	Less Likely	Less Likely	Important	7.5	6.7
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-1070	No	No	-	-	Important
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2019-1329	No	No	-	-	Important
CVE-2019-1330	No	No	Less Likely	Less Likely	Important
Microsoft SharePoint Spoofing Vulnerability
CVE-2019-1328	No	No	-	-	Important
Microsoft Windows CloudStore Elevation of Privilege Vulnerability
CVE-2019-1321	No	No	Less Likely	Less Likely	Important	5.8	5.2
Microsoft Windows Denial of Service Vulnerability
CVE-2019-1317	No	No	Less Likely	Less Likely	Important	6.4	5.8
Microsoft Windows Elevation of Privilege Vulnerability
CVE-2019-1320	No	No	Less Likely	Less Likely	Important	7.0	6.3
CVE-2019-1322	No	No	Less Likely	Less Likely	Important	7.0	6.3
CVE-2019-1340	No	No	Less Likely	Less Likely	Important	7.8	7.0
Microsoft Windows Setup Elevation of Privilege Vulnerability
CVE-2019-1316	No	No	Less Likely	Less Likely	Important	7.3	6.6
Microsoft Windows Transport Layer Security Spoofing Vulnerability
CVE-2019-1318	No	No	Less Likely	Less Likely	Important	7.7	6.9
Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVE-2019-1323	No	No	Less Likely	Less Likely	Important	7.0	6.3
CVE-2019-1336	No	No	Less Likely	Less Likely	Important	7.0	6.3
Open Enclave SDK Information Disclosure Vulnerability
CVE-2019-1369	No	No	Less Likely	Less Likely	Important
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2019-1333	No	No	More Likely	More Likely	Critical	7.5	6.7
SQL Server Management Studio Information Disclosure Vulnerability
CVE-2019-1313	No	No	Less Likely	Less Likely	Important
CVE-2019-1376	No	No	Less Likely	Less Likely	Important
VBScript Remote Code Execution Vulnerability
CVE-2019-1238	No	No	Less Likely	Less Likely	Critical	6.4	5.8
CVE-2019-1239	No	No	-	-	Critical	6.4	5.8
Win32k Elevation of Privilege Vulnerability
CVE-2019-1362	No	No	-	-	Important	7.0	6.3
CVE-2019-1364	No	No	-	-	Important	7.0	6.3
Windows 10 Mobile Security Feature Bypass Vulnerability
CVE-2019-1314	No	No	Less Likely	Less Likely	Important
Windows Code Integrity Module Information Disclosure Vulnerability
CVE-2019-1344	No	No	Less Likely	Less Likely	Important	5.5	5.0
Windows Denial of Service Vulnerability
CVE-2019-1343	No	No	Less Likely	Less Likely	Important	6.5	5.9
CVE-2019-1346	No	No	Less Likely	Less Likely	Important	5.7	5.1
CVE-2019-1347	No	No	Less Likely	Less Likely	Important	5.7	5.1
Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2019-1319	No	No	Less Likely	Less Likely	Important	7.0	6.3
Windows Error Reporting Manager Elevation of Privilege Vulnerability
CVE-2019-1342	No	No	Less Likely	Less Likely	Important	7.0	6.3
CVE-2019-1315	No	No	Less Likely	Less Likely	Important	7.8	7.0
CVE-2019-1339	No	No	-	-	Important	7.8	7.0
Windows GDI Information Disclosure Vulnerability
CVE-2019-1363	No	No	-	-	Important	5.5	5.0
Windows Imaging API Remote Code Execution Vulnerability
CVE-2019-1311	No	No	Less Likely	Less Likely	Important	7.8	7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2019-1345	No	No	Less Likely	Less Likely	Important	5.5	5.0
CVE-2019-1334	No	No	Less Likely	Less Likely	Important	4.7	4.2
Windows NTLM Security Feature Bypass Vulnerability
CVE-2019-1338	No	No	-	-	Important	5.3	4.8
Windows NTLM Tampering Vulnerability
CVE-2019-1166	No	No	Less Likely	Less Likely	Important	5.9	5.3
Windows Power Service Elevation of Privilege Vulnerability
CVE-2019-1341	No	No	More Likely	More Likely	Important	7.8	7.0
Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
CVE-2019-1325	No	No	Less Likely	Unlikely	Important	5.5	5.0
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2019-1326	No	No	Less Likely	Less Likely	Important	7.5	6.7
Windows Secure Boot Security Feature Bypass Vulnerability
CVE-2019-1368	No	No	Less Likely	Less Likely	Important	4.9	4.4
Windows Update Client Information Disclosure Vulnerability
CVE-2019-1337	No	No	Less Likely	Less Likely	Important	5.5	5.0

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Keywords:

0 comment(s)

Internet Storm Center

Microsoft October 2019 Patch Tuesday

Comments