Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Microsoft September 2019 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft September 2019 Patch Tuesday

This month we got patches for 79 vulnerabilities total. Two of them (CVE-2019-1214 and CVE-2019-1215) are being exploited, and three were previously disclosed (CVE-2019-1253, CVE-2019-1235, and CVE-2019-1294). 

The exploited vulnerabilities (CVE-2019-1214 and CVE-2019-1215) affects Windows Common Log File System (CLFS) driver and ws2ifsl.sys (Winsock), respectively. Both are privilege escalation vulnerabilities and may allow a local attacker to run processes in elevated privileges.

Amongst critical vulnerabilities, it's worth mentioning the LNK Remote Code Execution Vulnerability (CVE-2019-1280). It could allow remote code execution if an .LNK file is processed. An attacker may exploit this vulnerability by presenting the user a removable drive or a remote share containing a malicious.LNK file associated with a malicious binary. Once the user opens the drive (removable or shared), the malicious binary will execute on the user's system. Notice that the user doesn't need to execute the LNK file. It is enough to have the malicious .LNK parsed by Windows Explorer or any other application that parses .LNK files.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Core Denial of Service Vulnerability
CVE-2019-1301 No No Less Likely Less Likely Important    
.NET Framework Elevation of Privilege Vulnerability
CVE-2019-1142 No No Less Likely Less Likely Important    
ASP.NET Core Elevation Of Privilege Vulnerability
CVE-2019-1302 No No Less Likely Less Likely Important    
Active Directory Federation Services XSS Vulnerability
CVE-2019-1273 No No Less Likely Less Likely Important 8.2 7.4
Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability
CVE-2019-1306 No No Less Likely Less Likely Critical    
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-1138 No No - - Critical 4.2 3.8
CVE-2019-1217 No No - - Critical 4.2 3.8
CVE-2019-1237 No No Less Likely Less Likely Critical 4.2 3.8
CVE-2019-1298 No No - - Critical 4.2 3.8
CVE-2019-1300 No No - - Critical 4.2 3.8
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
CVE-2019-1232 No No Less Likely Less Likely Important 7.8 7.0
DirectWrite Information Disclosure Vulnerability
CVE-2019-1244 No No Less Likely Less Likely Important 6.5 5.9
CVE-2019-1245 No No Less Likely Less Likely Important 6.5 5.9
CVE-2019-1251 No No Less Likely Less Likely Important 5.5 5.0
DirectX Elevation of Privilege Vulnerability
CVE-2019-1284 No No - - Important 7.8 7.0
DirectX Information Disclosure Vulnerability
CVE-2019-1216 No No - - Important 5.5 5.1
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1240 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1241 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1242 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1243 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1246 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1247 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1248 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1249 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1250 No No Less Likely Less Likely Important 7.8 7.0
LNK Remote Code Execution Vulnerability
CVE-2019-1280 No No Less Likely Less Likely Critical 7.3 6.6
Latest Servicing Stack Updates
ADV990001 No No - - Critical    
Lync 2013 Information Disclosure Vulnerability
CVE-2019-1209 No No - - Important    
Microsoft Browser Security Feature Bypass Vulnerability
CVE-2019-1220 No No Less Likely Less Likely Important 2.4 2.2
Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability
CVE-2019-1267 No No Less Likely Less Likely Important 7.3 6.6
Microsoft Edge based on Edge HTML Information Disclosure Vulnerability
CVE-2019-1299 No No - - Important 4.3 3.9
Microsoft Excel Information Disclosure Vulnerability
CVE-2019-1263 No No Less Likely Less Likely Important    
Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-1297 No No Less Likely Less Likely Important    
Microsoft Exchange Denial of Service Vulnerability
CVE-2019-1233 No No Less Likely Less Likely Important    
Microsoft Exchange Spoofing Vulnerability
CVE-2019-1266 No No Less Likely Less Likely Important    
Microsoft Graphics Components Information Disclosure Vulnerability
CVE-2019-1283 No No - - Important 5.5 5.0
Microsoft Office Security Feature Bypass Vulnerability
CVE-2019-1264 No No - - Important    
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-1262 No No - - Important    
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2019-1260 No No Less Likely Less Likely Important    
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2019-1257 No No More Likely More Likely Critical    
CVE-2019-1295 No No More Likely More Likely Critical    
CVE-2019-1296 No No More Likely More Likely Critical    
Microsoft SharePoint Spoofing Vulnerability
CVE-2019-1259 No No - - Moderate    
CVE-2019-1261 No No Less Likely Less Likely Important    
Microsoft Windows Store Installer Elevation of Privilege Vulnerability
CVE-2019-1270 No No Less Likely Less Likely Important 6.3 5.7
Microsoft Yammer Security Feature Bypass Vulnerability
CVE-2019-1265 No No Less Likely Less Likely Important    
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2019-0787 No No More Likely More Likely Critical 7.5 6.7
CVE-2019-0788 No No More Likely More Likely Critical 7.5 6.7
CVE-2019-1290 No No More Likely More Likely Critical 7.5 6.7
CVE-2019-1291 No No More Likely More Likely Critical 7.5 6.7
Rome SDK Information Disclosure Vulnerability
CVE-2019-1231 No No Less Likely Less Likely Important    
Scripting Engine Memory Corruption Vulnerability
CVE-2019-1221 No No - - Critical 6.4 5.8
September 2019 Adobe Flash Security Update
ADV190022 No No Less Likely Less Likely Critical    
Team Foundation Server Cross-site Scripting Vulnerability
CVE-2019-1305 No No Less Likely Less Likely Important    
VBScript Remote Code Execution Vulnerability
CVE-2019-1208 No No Less Likely Less Likely Critical 6.4 5.8
CVE-2019-1236 No No Less Likely Less Likely Critical 6.4 5.8
Win32k Elevation of Privilege Vulnerability
CVE-2019-1256 No No More Likely Unlikely Important 7.8 7.0
CVE-2019-1285 No No More Likely More Likely Important 7.8 7.0
Windows ALPC Elevation of Privilege Vulnerability
CVE-2019-1269 No No Less Likely Less Likely Important 6.3 5.7
CVE-2019-1272 No No Less Likely Less Likely Important 6.3 5.7
Windows Audio Service Elevation of Privilege Vulnerability
CVE-2019-1277 No No Less Likely Less Likely Important 7.8 7.0
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2019-1214 No Yes More Likely Unlikely Important 7.8 7.0
Windows Common Log File System Driver Information Disclosure Vulnerability
CVE-2019-1282 No No Less Likely Less Likely Important 5.5 5.0
Windows Denial of Service Vulnerability
CVE-2019-1292 No No Less Likely Less Likely Important 5.8 5.2
Windows Elevation of Privilege Vulnerability
CVE-2019-1215 No Yes More Likely More Likely Important 7.8 7.0
CVE-2019-1253 Yes No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1278 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1303 No No Less Likely Less Likely Important    
Windows GDI Information Disclosure Vulnerability
CVE-2019-1252 No No Less Likely Less Likely Important 5.5 5.0
CVE-2019-1286 No No Less Likely Less Likely Important 5.5 5.0
Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0928 No No - - Important 5.4 4.9
Windows Hyper-V Information Disclosure Vulnerability
CVE-2019-1254 No No Less Likely Less Likely Important 5.5 5.0
Windows Kernel Information Disclosure Vulnerability
CVE-2019-1274 No No Less Likely Less Likely Important 6.3 5.7
Windows Media Elevation of Privilege Vulnerability
CVE-2019-1271 No No Less Likely Less Likely Important 7.0 6.3
Windows Network Connectivity Assistant Elevation of Privilege Vulnerability
CVE-2019-1287 No No Less Likely Less Likely Important 7.8 7.0
Windows SMB Client Driver Information Disclosure Vulnerability
CVE-2019-1293 No No Less Likely Less Likely Important 5.5 5.0
Windows Secure Boot Security Feature Bypass Vulnerability
CVE-2019-1294 Yes No Less Likely Less Likely Important 5.3 4.8
Windows Text Service Framework Elevation of Privilege Vulnerability
CVE-2019-1235 Yes No Less Likely Less Likely Important 7.8 7.0
Windows Transaction Manager Information Disclosure Vulnerability
CVE-2019-1219 No No More Likely More Likely Important 5.5 5.0
Windows Update Delivery Optimization Elevation of Privilege Vulnerability
CVE-2019-1289 No No Less Likely Less Likely Important 7.0 6.3
Winlogon Elevation of Privilege Vulnerability
CVE-2019-1268 No No Less Likely Less Likely Important 6.5 5.9

Total Vulnerabilities: 79

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

Renato

64 Posts
ISC Handler
Sep 10th 2019
Thread locked Subscribe Sep 10th 2019
1 year ago
That LNK vuln sounds a lot like the old one that Stuxnet used. I wonder if it became unpatched or if it is new...
 John

3 Posts
Quote Sep 10th 2019
1 year ago
Microsoft has removed the "Exploited" designation from both CVE-2019-1214 and CVE-2019-1215.
 WoodyLeonhard

9 Posts
Quote Sep 12th 2019
1 year ago

Sign Up for Free or Log In to start participating in the conversation!