Microsoft denounces two defects zero in the latest version of Patch Tuesday

MICROSOFT is plastered two zero-day vulnerabilities in its latest set of Patch Tuesday bug fixes.

The hotfix update on Tuesday, September 2019 corrects a total of 80 vulnerabilities; 17 are considered "critical" – requiring an urgent fix, while 62 are simply classified as "important".

According to Microsoft, these vulnerabilities affect various software products, including Windows (of course), Microsoft's Web Browser Edge, Internet Explorer, ChakraCore, Skype for Business, Microsoft Lync, the .NET Framework, Visual Studio, Exchange Server, Team Foundation. Server, Microsoft Yammer and Microsoft Office Services and Web Apps.

Two vulnerabilities fixed are zero-days – vulnerabilities that were already exploited in the wild by attackers. These vulnerabilities, listed under the names CVE-2019-1214 and CVE-2019-1215, are privilege elevation (EoP) vulnerabilities, which could allow an attacker to obtain the status of an attacker. administrator on infected hosts, and then run malicious code on the system.

CVE-2019-1214 affects the Windows Common Log File System driver. It was discovered by a security researcher from the Qihoo 360 Vulcan team, according to Microsoft, while CVE-2019-1215 exists in the ws2ifsl.sys service (Winsock IFS driver).

The September update of Tuesday's hotfix also fixes four critical vulnerabilities in the Microsoft Remote Desktop client. Indexed as CVE-2019-1290, CVE-2019-1291, CVE-2019-0787 and CVE-2019-0788, the bugs were discovered by Microsoft's internal team and follow the disclosure of the BlueKeep vermifuge bug and "DejaBlue" faults. which also affect the Remote Desktop Client.

In order to exploit Remote Desktop Client bugs, a threatening actor should firstly entice a user to connect to a hacked or malicious RDP server. Microsoft has not revealed whether these bugs could be used by attackers to create self-propagating exploits.

The September Microsoft security update also fixes a critical vulnerability related to the way the Windows operating system handles link files (.lnk). Attackers can use these files to launch malicious programs on a vulnerable computer when a user accesses a shared folder or opens a removable drive that contains a trapped .lnk file.

Of the 17 critical vulnerabilities corrected in the latest update, nine can be exploited in browser attacks by readers, Microsoft warned.

A vulnerability, affecting Team Foundation Server (TFS) and Azure DevOps (ADO) servers, indexed as CVE-2019-1306, could allow the actors of the threat to execute code on the server in the context of the account. ADO or TFS service. μ

Further reading