Patch Tuesday: Massive September Updates
Patch Tuesday is officially here. Microsoft has published 80 security fixes, but which patches should you prioritize this month?
September Patch Tuesday Release
Microsoft have released 80 patches today covering IE, Edge, ChakraCore, Windows and Office. There are 17 rated Critical and 62 Important with only 1 rated Moderate.
Urgent: Public and Exploited
There are a total of 4 vulnerabilities in this Patch Tuesday which are either publicly disclosed or being actively exploited. These vulnerabilities if exploited could allow easy elevation of privilege allowing the spread of malware or ransomware throughout your environment – these should be considered “Zero Day Vulnerabilities.”
Robert Brown, Director of Services for Verismic said, “We highly recommend these be prioritized for immediate deployment. Having an independent severity is essential along with the vendor severity is critically important for transparent prioritization of your next round of patching.”
Guess who’s back?
CVE-2010-3190 which resolves a vulnerability with MFC Insecure Library Loading Vulnerability with Exchange Server has been re-issued. Any customers who have any supported Exchange Server installed (Microsoft Exchange Server 2010 Service Pack 3, Microsoft Exchange Server 2013 or Microsoft Exchange Server 2016) should reinstall KB2565063. KB2565063 is a really old Visual C++ package linked t MS11-025.
Adobe Updates
Adobe have released 3 updates today resolving vulnerabilities with Flash and Application Manager.
Patch Tuesday Updates
We have made a few recommendations below which you should prioritize this month:
| Verismic Recommended | CVE Reference | Description | Severity | Publicly Announced | Actively Exploited |
| Yes | CVE-2019-1214 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | No | Yes |
| Yes | CVE-2019-1215 | Windows Elevation of Privilege Vulnerability | Important | No | Yes |
| Yes | CVE-2019-1235 | Windows Text Service Framework Elevation of Privilege Vulnerability | Important | Yes | No |
| Yes | CVE-2019-1294 | Windows Secure Boot Security Feature Bypass Vulnerability | Important | Yes | No |
| Yes | CVE-2019-0787 | Remote Desktop Client Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-0788 | Remote Desktop Client Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1138 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1208 | VBScript Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1217 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1221 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1236 | VBScript Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1237 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1257 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1280 | LNK Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1290 | Remote Desktop Client Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1291 | Remote Desktop Client Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1295 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1296 | Microsoft SharePoint Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1298 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1300 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1306 | Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability | Critical | No | No |
| CVE-2019-0928 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-1142 | .NET Framework Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1209 | Lync 2013 Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1216 | DirectX Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1219 | Windows Transaction Manager Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1220 | Microsoft Browser Security Feature Bypass Vulnerability | Important | No | No | |
| CVE-2019-1231 | Rome SDK Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1232 | Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1233 | Microsoft Exchange Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-1240 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1241 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1242 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1243 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1244 | DirectWrite Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1245 | DirectWrite Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1246 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1247 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1248 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1249 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1250 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1251 | DirectWrite Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1252 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1253 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1254 | Windows Hyper-V Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1256 | Win32k Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1258 | Azure Active Directory Authentication Library Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1260 | Microsoft SharePoint Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1261 | Microsoft SharePoint Spoofing Vulnerability | Important | No | No | |
| CVE-2019-1262 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | |
| CVE-2019-1263 | Microsoft Excel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1264 | Microsoft Office Security Feature Bypass Vulnerability | Important | No | No | |
| CVE-2019-1265 | Microsoft Yammer Security Feature Bypass Vulnerability | Important | No | No | |
| CVE-2019-1266 | Microsoft Exchange Spoofing Vulnerability | Important | No | No | |
| CVE-2019-1267 | Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1268 | Winlogon Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1269 | Windows ALPC Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1270 | Microsoft Windows Store Installer Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1271 | Windows Media Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1272 | Windows ALPC Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1273 | Active Directory Federation Services XSS Vulnerability | Important | No | No | |
| CVE-2019-1274 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1277 | Windows Audio Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1278 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1282 | Windows Common Log File System Driver Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1283 | Microsoft Graphics Components Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1284 | DirectX Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1285 | Win32k Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1286 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1287 | Windows Network Connectivity Assistant Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1289 | Windows Update Delivery Optimization Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1292 | Windows Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-1293 | Windows SMB Client Driver Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1297 | Microsoft Excel Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1299 | Microsoft Edge based on Edge HTML Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1301 | .NET Core Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-1302 | ASP.NET Core Elevation Of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1303 | Windows Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1305 | Team Foundation Server Cross-site Scripting Vulnerability | Important | No | No | |
| CVE-2019-1259 | Microsoft SharePoint Spoofing Vulnerability | Moderate | No | No |
Start a Free Trial
Try Syxsense today and start patching your IT environment with a powerful and easy-to-use IT management toolset.
Schedule Your Syxsense Demo
Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.
