Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2019-3648 – McAfee Patches Privilege Escalation Flaw in Antivirus Software
November 13, 2019
Rewterz
Rewterz Threat Alert – RevengeRAT Being Distributed via Malspam Campaigns
November 13, 2019

Rewterz Threat Advisory – Update fixes IE 0-day RCE vulnerability and 74 other flaws in Microsoft Products

Severity

High

Analysis Summary

Microsoft has released November updates to fix 75 security flaws in multiple products.

CVE-2019-1429 – Scripting Engine Memory Corruption Vulnerability could allow an attacker to conduct a web-based attack via specially crafted web pages that exploits the vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Microsoft also fixed a publicly disclosed vulnerability in Microsoft Office for Mac titled “CVE-2019-1457 | Microsoft Office Excel Security Feature Bypass” that allows attackers to bypass security restrictions. If the Microsoft Excel for Mac option “Disable all macros without notification” is enabled, XLM macros in SYLK files are executed without prompting the user. “If Office for the Mac has been configured to use the “Disable all macros without notification” feature, XLM macros in SYLK files are executed without prompting the user. This behavior is consistent even with fully-patched Office 2016 and Office 2019 for Mac systems, says Will Dormann of the CERT/CC.

Below are other vulnerabilities that are fixed in this November update:

CVE-2019-1234Azure Stack Spoofing Vulnerability
ADV190024Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)
CVE-2019-1456OpenType Font Parsing Remote Code Execution Vulnerability
CVE-2019-1413Microsoft Edge Security Feature Bypass Vulnerability
CVE-2019-1373Microsoft Exchange Remote Code Execution Vulnerability
CVE-2019-1441Win32k Graphics Remote Code Execution Vulnerability
CVE-2019-1408Win32k Elevation of Privilege Vulnerability
CVE-2019-1439Windows GDI Information Disclosure Vulnerability
CVE-2019-1438Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2019-1407Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2019-1394Win32k Elevation of Privilege Vulnerability
CVE-2019-1393Win32k Elevation of Privilege Vulnerability
CVE-2019-1396Win32k Elevation of Privilege Vulnerability
CVE-2019-1395Win32k Elevation of Privilege Vulnerability
CVE-2019-1437Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2019-1432DirectWrite Information Disclosure Vulnerability
CVE-2019-1411DirectWrite Information Disclosure Vulnerability
CVE-2019-1440Win32k Information Disclosure Vulnerability
CVE-2019-1419OpenType Font Parsing Remote Code Execution Vulnerability
CVE-2019-1433Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2019-1436Win32k Information Disclosure Vulnerability
CVE-2019-1412OpenType Font Driver Information Disclosure Vulnerability
CVE-2019-1434Win32k Elevation of Privilege Vulnerability
CVE-2019-1435Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2019-1406Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-1445Microsoft Office Online Spoofing Vulnerability
CVE-2019-1449Microsoft Office ClickToRun Security Feature Bypass Vulnerability
CVE-2019-1446Microsoft Excel Information Disclosure Vulnerability
CVE-2019-1447Microsoft Office Online Spoofing Vulnerability
CVE-2019-1402Microsoft Office Information Disclosure Vulnerability
CVE-2019-1448Microsoft Excel Remote Code Execution Vulnerability
CVE-2019-1457Microsoft Office Excel Security Feature Bypass
CVE-2019-1443Microsoft SharePoint Information Disclosure Vulnerability
CVE-2019-1442Microsoft Office Security Feature Bypass Vulnerability
CVE-2019-1409Windows Remote Procedure Call Information Disclosure Vulnerability
CVE-2019-1426Scripting Engine Memory Corruption Vulnerability
CVE-2019-1429Scripting Engine Memory Corruption Vulnerability
CVE-2019-1427Scripting Engine Memory Corruption Vulnerability
CVE-2019-1428Scripting Engine Memory Corruption Vulnerability
CVE-2019-1390VBScript Remote Code Execution Vulnerability
CVE-2019-1383Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2019-1418Windows Modules Installer Service Information Disclosure Vulnerability
CVE-2018-12207Windows Denial of Service Vulnerability
CVE-2019-1420Windows Elevation of Privilege Vulnerability
CVE-2019-1417Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2019-1415Windows Installer Elevation of Privilege Vulnerability
CVE-2019-1374Windows Error Reporting Information Disclosure Vulnerability
CVE-2019-1422Windows Elevation of Privilege Vulnerability
CVE-2019-1423Windows Elevation of Privilege Vulnerability
CVE-2019-1424NetLogon Security Feature Bypass Vulnerability
CVE-2019-1382Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability
CVE-2019-1385Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVE-2019-1380Microsoft splwow64 Elevation of Privilege Vulnerability
CVE-2019-1388Windows Certificate Dialog Elevation of Privilege Vulnerability
CVE-2019-1391Windows Denial of Service Vulnerability
CVE-2019-1384Microsoft Windows Security Feature Bypass Vulnerability
CVE-2019-1405Windows UPnP Service Elevation of Privilege Vulnerability
CVE-2019-1381Microsoft Windows Information Disclosure Vulnerability
CVE-2019-1379Windows Data Sharing Service Elevation of Privilege Vulnerability
CVE-2019-1324Windows TCP/IP Information Disclosure Vulnerability
CVE-2019-1370Open Enclave SDK Information Disclosure Vulnerability
ADV990001Latest Servicing Stack Updates
CVE-2019-1425Visual Studio Elevation of Privilege Vulnerability
CVE-2019-1398Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-1310Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0719Hyper-V Remote Code Execution Vulnerability
CVE-2019-1399Windows Hyper-V Denial of Service Vulnerability
CVE-2019-1397Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-0712Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0721Hyper-V Remote Code Execution Vulnerability
CVE-2019-1389Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-1309Windows Hyper-V Denial of Service Vulnerability
CVE-2019-1392Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-11135Windows Kernel Information Disclosure Vulnerability
CVE-2019-1430Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2019-1416Windows Subsystem for Linux Elevation of Privilege Vulnerability

Impact

  • Memory Corruption
  • Remote Code Execution
  • System Takeover
  • Security Bypass
  • Privilege Escalation
  • Information Disclosure
  • Denial of Service
  • Impersonation

Affected Vendors

Microsoft

Affected Products

  • Microsoft Edge
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft JET Database Engine
  • Microsoft Office
  • Microsoft Office SharePoint
  • Microsoft RPC
  • Microsoft Windows
  • Visual Studio
  • Windows Hyper-V
  • Windows Kernel
  • Windows Media Player
  • Windows Subsystem for Linux

Remediation

Install updates as soon as possible.

https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/Nov-2019.html