Microsoft Patch Tuesday covers 13 critical vulnerabilities
Microsoft today issued updates covering 74 vulnerabilities, 13 critical, as part of its November Patch Tuesday roll out with two flaws, CVE-2019-1429 and CVE-2019-1457, catching the eye of several cybersecurity researchers as particularly important.
roll out with two flaws, CVE-2019-1429 and CVE-2019-1457, catching the eye of several cybersecurity researchers as particularly important.
CVE-2019-1429 is a scripting engine memory corruption vulnerability that has been exploited in the wild as a zero day. When exploited an attacker can gain the same user rights as the target and if that person is logged on with administrative user rights, the attacker could take control of an affected system giving that person the ability to install programs; view, change, or delete data; or create new accounts with full user rights.
Satnam
Narang, senior research engineer at Tenable, noted an attacker would have to do
some extra work to utilize this vulnerability.
“An attacker
would need to convince a user to visit a website containing the exploit code
using Internet Explorer in order to exploit the flaw,” he said.
CVE-2019-1457
is a Microsoft Office Excel Security Feature Bypass that was first disclosed in
October, but has not been exploited. To take advantage of the flaw an attacker
would have to convince a user to open a specially crafted file with an affected
version of Microsoft Office software, which would allow the attacker to write
arbitrary code.
Even though this
vulnerability has not been exploited, Chris Goettl, director of product
management, Security, Ivanti, noted that now that the issue is known malicious
actors can attempt an exploit so implementing the patch is crucial.
“Whatever is
executed in the macro that was triggered by bypassing the security settings of
Excel would be the real risk of this vulnerability. This vulnerability is not
currently being exploited in the wild, but since it has been publicly disclosed
threat actors have had a jump start on being able to develop an exploit to take
advantage of the CVE. This puts it at higher risk of exploitation,” he said.
Qualys’ Director of Product Management Jimmy Graham pointed
out several other vulnerabilities that he believes deserve special attention
this month. CVE-2019-1373 should be prioritized for a remote code execution
vulnerability exists in Microsoft Exchange through the deserialization of
metadata via PowerShell.
Additionally, in Hyper V and Hyper V Network Switch the remote code
execution vulnerabilities CVE-2019-1389, CVE-2019-1397, CVE-2019-1398 and
CVE-2019-0721 were patched. If left unpatched it would be possible for an
authenticated user on a guest system to run arbitrary code on the host system.
Microsoft did note tha exploitation of these vulnerabilities is less likely,
but these patches should still be prioritized for all Hyper-V systems, Graham
said.
Gloss