Patch Tuesday: Massive September Updates

Patch Tuesday: Massive September Updates

September Patch Tuesday Release

Microsoft have released 80 patches today covering IE, Edge, ChakraCore, Windows and Office. There are 17 rated Critical and 62 Important with only 1 rated Moderate.

Urgent: Public and Exploited

There are a total of 4 vulnerabilities in this Patch Tuesday which are either publicly disclosed or being actively exploited. These vulnerabilities if exploited could allow easy elevation of privilege allowing the spread of malware or ransomware throughout your environment – these should be considered “Zero Day Vulnerabilities.”

Robert Brown, Director of Services for Verismic said, “We highly recommend these be prioritized for immediate deployment. Having an independent severity is essential along with the vendor severity is critically important for transparent prioritization of your next round of patching.”

Guess who’s back?

CVE-2010-3190 which resolves a vulnerability with MFC Insecure Library Loading Vulnerability with Exchange Server has been re-issued. Any customers who have any supported Exchange Server installed (Microsoft Exchange Server 2010 Service Pack 3, Microsoft Exchange Server 2013 or Microsoft Exchange Server 2016) should reinstall KB2565063. KB2565063 is a really old Visual C++ package linked t MS11-025.

Adobe Updates

Adobe have released 3 updates today resolving vulnerabilities with Flash and Application Manager.

Patch Tuesday Updates

We have made a few recommendations below which you should prioritize this month:

Verismic Recommended CVE Reference Description Severity Publicly Announced Actively Exploited
Yes CVE-2019-1214 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important No Yes
Yes CVE-2019-1215 Windows Elevation of Privilege Vulnerability Important No Yes
Yes CVE-2019-1235 Windows Text Service Framework Elevation of Privilege Vulnerability Important Yes No
Yes CVE-2019-1294 Windows Secure Boot Security Feature Bypass Vulnerability Important Yes No
Yes CVE-2019-0787 Remote Desktop Client Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-0788 Remote Desktop Client Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1138 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1208 VBScript Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1217 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1221 Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1236 VBScript Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1237 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1257 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1280 LNK Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1290 Remote Desktop Client Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1291 Remote Desktop Client Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1295 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1296 Microsoft SharePoint Remote Code Execution Vulnerability Critical No No
Yes CVE-2019-1298 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1300 Chakra Scripting Engine Memory Corruption Vulnerability Critical No No
Yes CVE-2019-1306 Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability Critical No No
CVE-2019-0928 Windows Hyper-V Denial of Service Vulnerability Important No No
CVE-2019-1142 .NET Framework Elevation of Privilege Vulnerability Important No No
CVE-2019-1209 Lync 2013 Information Disclosure Vulnerability Important No No
CVE-2019-1216 DirectX Information Disclosure Vulnerability Important No No
CVE-2019-1219 Windows Transaction Manager Information Disclosure Vulnerability Important No No
CVE-2019-1220 Microsoft Browser Security Feature Bypass Vulnerability Important No No
CVE-2019-1231 Rome SDK Information Disclosure Vulnerability Important No No
CVE-2019-1232 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1233 Microsoft Exchange Denial of Service Vulnerability Important No No
CVE-2019-1240 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1241 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1242 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1243 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1244 DirectWrite Information Disclosure Vulnerability Important No No
CVE-2019-1245 DirectWrite Information Disclosure Vulnerability Important No No
CVE-2019-1246 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1247 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1248 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1249 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1250 Jet Database Engine Remote Code Execution Vulnerability Important No No
CVE-2019-1251 DirectWrite Information Disclosure Vulnerability Important No No
CVE-2019-1252 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1253 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1254 Windows Hyper-V Information Disclosure Vulnerability Important No No
CVE-2019-1256 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-1258 Azure Active Directory Authentication Library Elevation of Privilege Vulnerability Important No No
CVE-2019-1260 Microsoft SharePoint Elevation of Privilege Vulnerability Important No No
CVE-2019-1261 Microsoft SharePoint Spoofing Vulnerability Important No No
CVE-2019-1262 Microsoft Office SharePoint XSS Vulnerability Important No No
CVE-2019-1263 Microsoft Excel Information Disclosure Vulnerability Important No No
CVE-2019-1264 Microsoft Office Security Feature Bypass Vulnerability Important No No
CVE-2019-1265 Microsoft Yammer Security Feature Bypass Vulnerability Important No No
CVE-2019-1266 Microsoft Exchange Spoofing Vulnerability Important No No
CVE-2019-1267 Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability Important No No
CVE-2019-1268 Winlogon Elevation of Privilege Vulnerability Important No No
CVE-2019-1269 Windows ALPC Elevation of Privilege Vulnerability Important No No
CVE-2019-1270 Microsoft Windows Store Installer Elevation of Privilege Vulnerability Important No No
CVE-2019-1271 Windows Media Elevation of Privilege Vulnerability Important No No
CVE-2019-1272 Windows ALPC Elevation of Privilege Vulnerability Important No No
CVE-2019-1273 Active Directory Federation Services XSS Vulnerability Important No No
CVE-2019-1274 Windows Kernel Information Disclosure Vulnerability Important No No
CVE-2019-1277 Windows Audio Service Elevation of Privilege Vulnerability Important No No
CVE-2019-1278 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1282 Windows Common Log File System Driver Information Disclosure Vulnerability Important No No
CVE-2019-1283 Microsoft Graphics Components Information Disclosure Vulnerability Important No No
CVE-2019-1284 DirectX Elevation of Privilege Vulnerability Important No No
CVE-2019-1285 Win32k Elevation of Privilege Vulnerability Important No No
CVE-2019-1286 Windows GDI Information Disclosure Vulnerability Important No No
CVE-2019-1287 Windows Network Connectivity Assistant Elevation of Privilege Vulnerability Important No No
CVE-2019-1289 Windows Update Delivery Optimization Elevation of Privilege Vulnerability Important No No
CVE-2019-1292 Windows Denial of Service Vulnerability Important No No
CVE-2019-1293 Windows SMB Client Driver Information Disclosure Vulnerability Important No No
CVE-2019-1297 Microsoft Excel Remote Code Execution Vulnerability Important No No
CVE-2019-1299 Microsoft Edge based on Edge HTML Information Disclosure Vulnerability Important No No
CVE-2019-1301 .NET Core Denial of Service Vulnerability Important No No
CVE-2019-1302 ASP.NET Core Elevation Of Privilege Vulnerability Important No No
CVE-2019-1303 Windows Elevation of Privilege Vulnerability Important No No
CVE-2019-1305 Team Foundation Server Cross-site Scripting Vulnerability Important No No
CVE-2019-1259 Microsoft SharePoint Spoofing Vulnerability Moderate No No

Related Posts

If Vulnerabilities Can Take Down Even the Most Prepared, What Can You Do?

If Vulnerabilities Can Take Down Even the Most Prepared, What Can You Do?

April 20, 2024
In the News: Brute-force attacks surge worldwide, warns Cisco Talos

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

April 17, 2024
In the News: Why 92% of Security Professionals Worry About Generative AI

In the News: Why 92% of Security Professionals Worry About Generative AI

April 16, 2024
April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 2024 Patch Tuesday: Microsoft releases 147 fixes this month including 3 Critical Threats.

April 9, 2024