Microsoft has released today the November 2019 Patch Tuesday security updates. This month’s updates include a patch for a vulnerability in the Internet Explorer scripting engine that hackers have been seen exploiting in the wild.
Tracked as CVE-2019-1429, Microsoft says the IE bug can allow remote code execution due to “the way that the scripting engine handles objects in memory in Internet Explorer.”
Furthermore, because the bug is in IE’s scripting engine, this impacts more than just the Internet Explorer browser.
IE’s scripting engine is also used inside Office Suite apps to display web content inside embeddable iframes. This means attackers can craft malicious Office documents and execute malicious code on a user’s system if the user allows the display of rich content, such as web-based iframes.
The IE zero-day was spotted in active attacks by three different organizations: iDefense Labs, Resecurity, and Google (through its Project Zero and Threat Analysis Group) — suggesting this is a pretty noisy attack, whatever the attack was.
The three entities who reported the bug have not yet disclosed any public details about the attacks where this zero-day was discovered.
Most Windows zero-days are usually discovered and weaponized by government-based hacking groups, but they eventually slowly make their way down the totem pole to financial crime-focused groups, then mundane spam operations, and later, automated exploit kits.
Users have between a few weeks and a few months to patch this IE zero-day until the bug is commoditized by the criminal underground and attacks spread and become more common.
Other fixes
But while the IE zero-day is the most urgent bug to fix, there is more to this month’s Microsoft security updates. In total, this month’s Patch Tuesday came with fixes for 74 bugs across nine Microsoft products/platforms.
Other notable fixes include a patch for Excel for Mac. This patch fixes an issue reported earlier this month, namely that Excel for Mac ignored the “Disable all macros” setting and still executed XLM-based macros scripts when users opened an Excel spreadsheet, opening users to a dangerous attack vector.
In addition, Microsoft also issued a special advisory for dealing with a mysterious vulnerability that exists in certain Trusted Platform Module (TPM) chipsets.
Tracked as CVE-2019-16863, details about this vulnerability are still secret, at the time of writing. We’ll update this article once we learn more, but this looks like a serious issue that could be used to compromise TPMs — dedicated microcontrollers (chips, cryptoprocessors) used to ensure hardware authenticity during a computer’s boot-up process.
Additional useful Patch Tuesday information is below:
Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.ZDNet also put together this page listing all security updates on one single page, in one place.Additional analysis of today’s Patch Tuesday is also available from Cisco Talos, SANS ISC, Tenable, and Trend Micro.This month’s Adobe security updates are detailed here.SAP security updates are detailed here.Intel security updates are also available. Plenty of important stuff fixed this month [1, 2, 3].The Android Security Bulletin for November 2019 is detailed here. Patches started rolling out to users’ phones last week.
| Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates |
| Chipsets | ADV190024 | Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM) |
| Azure Stack | CVE-2019-1234 | Azure Stack Spoofing Vulnerability |
| Graphic Fonts | CVE-2019-1456 | OpenType Font Parsing Remote Code Execution Vulnerability |
| Microsoft Edge | CVE-2019-1413 | Microsoft Edge Security Feature Bypass Vulnerability |
| Microsoft Exchange Server | CVE-2019-1373 | Microsoft Exchange Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2019-1408 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-1439 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1438 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-1407 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-1394 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-1393 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-1396 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-1395 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-1437 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-1432 | DirectWrite Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1411 | DirectWrite Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1440 | Win32k Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2019-1433 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-1436 | Win32k Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1412 | OpenType Font Driver Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2019-1434 | Win32k Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2019-1435 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft JET Database Engine | CVE-2019-1406 | Jet Database Engine Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-1445 | Microsoft Office Online Spoofing Vulnerability |
| Microsoft Office | CVE-2019-1449 | Microsoft Office ClickToRun Security Feature Bypass Vulnerability |
| Microsoft Office | CVE-2019-1446 | Microsoft Excel Information Disclosure Vulnerability |
| Microsoft Office | CVE-2019-1447 | Microsoft Office Online Spoofing Vulnerability |
| Microsoft Office | CVE-2019-1402 | Microsoft Office Information Disclosure Vulnerability |
| Microsoft Office | CVE-2019-1448 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2019-1457 | Microsoft Office Excel Security Feature Bypass |
| Microsoft Office SharePoint | CVE-2019-1443 | Microsoft SharePoint Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2019-1442 | Microsoft Office Security Feature Bypass Vulnerability |
| Microsoft RPC | CVE-2019-1409 | Windows Remote Procedure Call Information Disclosure Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1426 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1429 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1427 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1428 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Scripting Engine | CVE-2019-1390 | VBScript Remote Code Execution Vulnerability |
| Microsoft Windows | CVE-2019-1383 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1418 | Windows Modules Installer Service Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2018-12207 | Windows Denial of Service Vulnerability |
| Microsoft Windows | CVE-2019-1420 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1417 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1415 | Windows Installer Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1374 | Windows Error Reporting Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-1422 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1423 | Windows Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1424 | NetLogon Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2019-1382 | Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1385 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1380 | Microsoft splwow64 Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1388 | Windows Certificate Dialog Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1391 | Windows Denial of Service Vulnerability |
| Microsoft Windows | CVE-2019-1384 | Microsoft Windows Security Feature Bypass Vulnerability |
| Microsoft Windows | CVE-2019-1405 | Windows UPnP Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1381 | Microsoft Windows Information Disclosure Vulnerability |
| Microsoft Windows | CVE-2019-1379 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
| Microsoft Windows | CVE-2019-1324 | Windows TCP/IP Information Disclosure Vulnerability |
| Open Source Software | CVE-2019-1370 | Open Enclave SDK Information Disclosure Vulnerability |
| Visual Studio | CVE-2019-1425 | Visual Studio Elevation of Privilege Vulnerability |
| Windows Hyper-V | CVE-2019-1398 | Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2019-1310 | Windows Hyper-V Denial of Service Vulnerability |
| Windows Hyper-V | CVE-2019-0719 | Hyper-V Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2019-1399 | Windows Hyper-V Denial of Service Vulnerability |
| Windows Hyper-V | CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2019-0712 | Windows Hyper-V Denial of Service Vulnerability |
| Windows Hyper-V | CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability |
| Windows Hyper-V | CVE-2019-1309 | Windows Hyper-V Denial of Service Vulnerability |
| Windows Kernel | CVE-2019-1392 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2019-11135 | Windows Kernel Information Disclosure Vulnerability |
| Windows Media Player | CVE-2019-1430 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| Windows Subsystem for Linux | CVE-2019-1416 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
Security
BlueKeep exploit to get a fix for its BSOD problem
Major ASP.NET hosting provider infected by ransomware
Apple Mail on macOS leaves parts of encrypted emails in plaintext
Fixing data leaks in Jira (ZDNet YouTube)
Best home security of 2019: Professional monitoring and DIY (CNET)
How to control location tracking on your iPhone in iOS 13 (TechRepublic)
Related Topics:
Microsoft
Security TV
Data Management
CXO
Data Centers