Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: November 2019 Microsoft Patch Tuesday SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
November 2019 Microsoft Patch Tuesday

Microsoft today patched a total of 74 vulnerabilities. This patch Tuesday release also includes two advisories. 15 of the vulnerabilities are rated critical.

Two vulnerabilities had been disclosed prior to today, and one critical scripting engine vulnerability has already been exploited in the wild. The vulnerability, CVE-2019-1429, may lead to remote code execution due to memory corruption in the scripting engine. All current versions of Windows / Internet Explorer are affected. This is probably the most important issue you need to patch. At the recent "Pwn2Own" contest in Tokyo, JavaScript engine issues were used to breach anything from smart TV to smartphones via not-so-smart browsers.

The first publicly disclosed problem, a confidentiality issue with Trusted Platform Module (TPM) chip firmware, is probably not as severe. It only affects the ECDSA algorithm, which isn't used in Windows so far. Patching this issue will be difficult. You will need to update the TPM firmware (and the page Microsoft links to with details from the TPM manufacturer is down right now). Once updated, you need to re-enroll into security services. 

The second publicly known vulnerability affects the Microsoft Office Click-to-Run system (C2R). A crafted file could abuse these components to escalate privileges and execute code as System.

 

 

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Azure Stack Spoofing Vulnerability
CVE-2019-1234 No No - - Important    
DirectWrite Information Disclosure Vulnerability
CVE-2019-1432 No No - - Important 4.4 4.0
CVE-2019-1411 No No Less Likely Less Likely Important 4.4 4.0
Hyper-V Remote Code Execution Vulnerability
CVE-2019-0719 No No Less Likely Less Likely Critical 8.0 7.2
CVE-2019-0721 No No Less Likely Less Likely Critical 8.0 7.2
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1406 No No Less Likely Less Likely Important 6.7 6.0
Latest Servicing Stack Updates
ADV990001 No No - - Critical    
Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability
CVE-2019-1382 No No Less Likely Less Likely Important 7.8 7.0
Microsoft Edge Security Feature Bypass Vulnerability
CVE-2019-1413 No No - - Important 4.3 3.9
Microsoft Excel Information Disclosure Vulnerability
CVE-2019-1446 No No Less Likely Less Likely Important    
Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-1448 No No Less Likely Less Likely Important    
Microsoft Exchange Remote Code Execution Vulnerability
CVE-2019-1373 No No Less Likely Less Likely Critical    
Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)
ADV190024 Yes No - -      
Microsoft Office ClickToRun Security Feature Bypass Vulnerability
CVE-2019-1449 No No Less Likely Less Likely Important    
Microsoft Office Excel Security Feature Bypass
CVE-2019-1457 Yes No - - Important    
Microsoft Office Information Disclosure Vulnerability
CVE-2019-1402 No No Less Likely Less Likely Important    
Microsoft Office Online Spoofing Vulnerability
CVE-2019-1445 No No - - Important    
CVE-2019-1447 No No - - Important    
Microsoft Office Security Feature Bypass Vulnerability
CVE-2019-1442 No No - - Important    
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2019-1443 No No Less Likely Less Likely Important    
Microsoft Windows Information Disclosure Vulnerability
CVE-2019-1381 No No Less Likely Less Likely Important 6.6 5.9
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2019-1430 No No - - Critical 7.3 6.6
Microsoft Windows Security Feature Bypass Vulnerability
CVE-2019-1384 No No Less Likely Less Likely Important 8.5 7.6
Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2019-1380 No No Less Likely Less Likely Important 7.8 7.0
NetLogon Security Feature Bypass Vulnerability
CVE-2019-1424 No No Less Likely Less Likely Important 8.1 7.3
Open Enclave SDK Information Disclosure Vulnerability
CVE-2019-1370 No No Less Likely Less Likely Important 7.0 6.3
OpenType Font Driver Information Disclosure Vulnerability
CVE-2019-1412 No No - - Important 5.0 4.5
OpenType Font Parsing Remote Code Execution Vulnerability
CVE-2019-1456 No No - - Important 7.8 7.0
CVE-2019-1419 No No Less Likely Less Likely Critical 7.8 7.0
Scripting Engine Memory Corruption Vulnerability
CVE-2019-1429 No Yes Detected Detected Critical 6.4 5.8
CVE-2019-1426 No No - - Critical 4.2 3.8
CVE-2019-1427 No No - - Critical 4.2 3.8
CVE-2019-1428 No No - - Critical 4.2 3.8
VBScript Remote Code Execution Vulnerability
CVE-2019-1390 No No More Likely More Likely Critical 6.4 5.8
Visual Studio Elevation of Privilege Vulnerability
CVE-2019-1425 No No - - Important    
Win32k Elevation of Privilege Vulnerability
CVE-2019-1434 No No - - Important 7.0 6.3
CVE-2019-1393 No No More Likely More Likely Important 7.8 7.0
CVE-2019-1394 No No More Likely More Likely Important 7.8 7.0
CVE-2019-1395 No No More Likely More Likely Important 7.8 7.0
CVE-2019-1396 No No More Likely More Likely Important 7.8 7.0
CVE-2019-1408 No No More Likely More Likely Important 7.8 7.0
Win32k Graphics Remote Code Execution Vulnerability
CVE-2019-1441 No No - - Critical 6.7 6.0
Win32k Information Disclosure Vulnerability
CVE-2019-1436 No No More Likely More Likely Important 5.5 5.0
CVE-2019-1440 No No Less Likely Less Likely Important 5.0 4.5
Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2019-1385 No No Less Likely Less Likely Important 7.8 7.0
Windows Certificate Dialog Elevation of Privilege Vulnerability
CVE-2019-1388 No No Less Likely Less Likely Important 7.8 7.0
Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2019-1417 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1379 No No - - Important 7.8 7.0
CVE-2019-1383 No No - - Important 7.8 7.0
Windows Denial of Service Vulnerability
CVE-2018-12207 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-1391 No No Less Likely Less Likely Important 5.5 5.0
Windows Elevation of Privilege Vulnerability
CVE-2019-1420 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1422 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1423 No No - - Important 7.8 7.0
Windows Error Reporting Information Disclosure Vulnerability
CVE-2019-1374 No No Less Likely Less Likely Important 5.5 5.0
Windows GDI Information Disclosure Vulnerability
CVE-2019-1439 No No Less Likely Less Likely Important 4.7 4.2
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2019-1433 No No Less Likely Less Likely Important 7.0 6.3
CVE-2019-1435 No No More Likely More Likely Important 7.0 6.3
CVE-2019-1437 No No More Likely More Likely Important 7.0 6.3
CVE-2019-1438 No No More Likely More Likely Important 7.0 6.3
CVE-2019-1407 No No - - Important 7.8 7.0
Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0712 No No Less Likely Less Likely Important 5.8 5.2
CVE-2019-1309 No No Less Likely Less Likely Important 5.8 5.2
CVE-2019-1310 No No Less Likely Less Likely Important 5.8 5.2
CVE-2019-1399 No No Less Likely Less Likely Important 5.4 4.9
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-1389 No No - - Critical 7.6 6.8
CVE-2019-1397 No No Less Likely Less Likely Critical 7.6 6.8
CVE-2019-1398 No No Less Likely Less Likely Critical 7.6 6.8
Windows Installer Elevation of Privilege Vulnerability
CVE-2019-1415 No No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-1392 No No - - Important 7.0 6.3
Windows Kernel Information Disclosure Vulnerability
CVE-2019-11135 No No Less Likely Less Likely Important 4.7 4.2
Windows Modules Installer Service Information Disclosure Vulnerability
CVE-2019-1418 No No Less Likely Less Likely Important 3.5 3.2
Windows Remote Procedure Call Information Disclosure Vulnerability
CVE-2019-1409 No No Less Likely Less Likely Important 5.5 5.0
Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVE-2019-1416 No No Less Likely Less Likely Important 7.8 7.0
Windows TCP/IP Information Disclosure Vulnerability
CVE-2019-1324 No No Less Likely Less Likely Important 5.3 4.9
Windows UPnP Service Elevation of Privilege Vulnerability
CVE-2019-1405 No No Less Likely Less Likely Important 7.8 7.0

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3698 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!