Terça-feira de patches da Microsoft em outubro de 2019: Síntese da Tenable
Administrators rejoice: only nine of the 59 vulnerabilities in Microsoft's October 2019 Security Update are rated critical.
Microsoft’s October 2019 Patch Tuesday contains updates for 59 CVEs, nine of which are rated critical. Administrators may rejoice this month with a smaller than usual Patch Tuesday. The following is a breakdown of the most important CVEs from this month’s release.
CVE-2019-1333 | Remote Desktop Client Remote Code Execution Vulnerability
CVE-2019-1333 is a remote code execution vulnerability in the Windows Remote Desktop Client. In order to exploit the vulnerability, an attacker would need to entice a user to connect to an attacker-controlled server. While an attacker cannot influence a user to connect to their malicious server, common techniques such as social engineering, DNS poisoning, or Man in the Middle (MiTM) techniques may be used.
CVE-2019-1372 | Azure Stack Remote Code Execution Vulnerability
CVE-2019-1372 is a remote code execution vulnerability in Azure Stack. This is due to not checking the length of a buffer prior to copying the buffer into memory. An attacker could exploit this vulnerability to allow an unprivileged function to execute code outside the sandbox with NT AUTHORITY\system privileges. The security update addresses this flaw by adding additional sanitization to user-supplied inputs.
CVE-2019-1060 | MS XML Remote Code Execution Vulnerability
CVE-2019-1060 is a remote code execution vulnerability in MS XML. The flaw exists when the Microsoft XML Core Services MSXML parser improperly processes user-supplied input. A remote attacker could exploit the vulnerability by enticing a user to browse to a crafted webpage, designed to invoke MSXML in order to run malicious code and take control of the user’s system.
CVE-2019-1238 & CVE-2019-1239 | VBScript Remote Code Execution Vulnerability
CVE-2019-1238 and CVE-2019-1239 are both remote code execution vulnerabilities in the way the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In order to exploit the issue, an attacker would need to entice a user to visit a specially crafted website in Internet Explorer. The attacker could also host the content on an already compromised website, including websites that host user-provided advertisements. Alternatively, an attacker could embed an ActiveX control in an Office document in order to attempt to exploit these vulnerabilities. While Microsoft says exploitation is less likely, both flaws are rated critical.
Windows 10 1703 End of Life
This month marks the end of life for Windows 10, version 1703 for Enterprise and Education editions. Microsoft’s Windows Lifecycle Fact Sheet notes that support for Home, Pro and Pro for Workstations support ended a year ago on October 9, 2018. However Enterprise and Education editions are now marked as end of service as of today. Plugin ID 118716 can be used to identify the unsupported operating system in your environment.
Soluções da Tenable
Users can create scans that focus specifically on our Patch Tuesday plugins. From a new advanced scan, in the plugins tab, set an advanced filter for Plugin Name Contains October 2019.
With that filter set, click on the plugin families to the left, and enable each plugin that appears on the right side. Note that if your families on the left say Enabled then that means all of the plugins in that family are set. Disable the whole family before selecting the individual plugins for this scan. Here’s an example from Tenable.io:
A list of all of the plugins released for Tenable’s October 2019 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems that are yet to be patched.
As a reminder, Windows 7 support will be discontinued on January 14, 2020, so we strongly recommend reviewing what hosts remain and any action plans for migration. Plugin ID 11936 (OS Identification) can be useful for identifying hosts that are still running on Windows 7.
Obtenha mais informações
- Microsoft’s October 2019 Security Updates
- Tenable plugins for Microsoft October 2019 Patch Tuesday Security Updates
Junte-se à equipe de resposta de segurança da Tenable na Tenable.
Saiba mais sobre a Tenable, a primeira plataforma de Cyber Exposure para o gerenciamento holístico da sua superfície de ataque moderna.
Get a free 60-day trial of Tenable.io Vulnerability Management.
Artigos relacionados
How to Discover, Analyze and Respond to Threats Faster with Generative AI
June 17, 2024Generative AI (GenAI) is being hailed as the most transformative innovation since the rise of the internet. For security, GenAI can revolutionize the field if applied correctly, especially when it comes to threat detection and response. It enhances efficiency and productivity by swiftly processing and delivering critical information when it matters most.
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required)
June 3, 2024Azure customers whose firewall rules rely on Azure Service Tags, pay attention: You could be at risk due to a vulnerability detected by Tenable Research. Here’s what you need to know to determine if you’re affected, and if so, what you should do right away to protect your Azure environment from attackers.
Cybersecurity Snapshot: EPA Urges Water Plants To Boost Cybersecurity, as OpenSSF Launches Threat Intel Platform for Open Source Software
May 24, 2024Check out the EPA’s call for water plants to beef up their cyber defenses. Plus, open source developers have a new platform to share threat intelligence. Moreover, business email compromise attacks prompt alert from U.K.’s cyber agency. And CISA tackles DNS encryption best practices. And much more!
CVE-2024-28995: SolarWinds Serv-U Path/Directory Traversal Vulnerability Exploited in the Wild
June 21, 2024Following the publication of proof-of-concept exploit details for a high-severity flaw in SolarWinds Serv-U, researchers have observed both automated and manual in-the-wild exploitation attempts; patching is strongly advised.
Cybersecurity Snapshot: FTC Believes TikTok Broke U.S. Law, Asks Justice Dept. To Intervene, while French Cyber Agency Warns About Nobelium / Midnight Blizzard
June 21, 2024TikTok’s legal troubles in the U.S. could get thornier after the FTC refers complaint to the DOJ. Meanwhile, France says Russia-backed Nobelium / Midnight Blizzard is a major cyber espionage threat to European governments. Plus, check out a Tenable poll about dealing with vulnerabilities without patches. And did LockBit 3.0 make a comeback in May? Maybe – or maybe not. And much more!
How to Discover, Analyze and Respond to Threats Faster with Generative AI
June 17, 2024Generative AI (GenAI) is being hailed as the most transformative innovation since the rise of the internet. For security, GenAI can revolutionize the field if applied correctly, especially when it comes to threat detection and response. It enhances efficiency and productivity by swiftly processing and delivering critical information when it matters most.
- Threat Intelligence
- Threat Management
- Vulnerability Management
- Vulnerability Scanning