Microsoft Released October Patches to Fix 61 Security Vulnerabilities

October 26, 2019 | Adeline Zhang

Overview

Microsoft released the October security update patch on Tuesday, fixing 61 security issues ranging from simple spoofing attacks to remote code execution. Products include Azure, Internet Explorer, Microsoft Browsers, Microsoft Devices, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component. , Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Open Source Software, Secure Boot, Servicing Stack Updates, SQL Server, Windows Hyper-V, Windows IIS, Windows Installer, Windows Kernel, Windows NTLM , Windows RDP and Windows Update Stack.

Details can be found in the following table

Product	CVE ID	CVE Title	Severity Level
Azure	CVE-2019-1372	Azure App Service Remote Code Execution Vulnerability	Critical
Internet Explorer	CVE-2019-1371	Internet Explorer Memory Corruption Vulnerability	Important
Microsoft Browsers	CVE-2019-0608	Microsoft Browser Spoofing Vulnerability	Important
Microsoft Browsers	CVE-2019-1357	Microsoft Browser Spoofing Vulnerability	Important
Microsoft Devices	CVE-2019-1314	Windows 10 Mobile Security Feature Bypass Vulnerability	Important
Microsoft Dynamics	CVE-2019-1375	Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability	Important
Microsoft Edge	CVE-2019-1356	Microsoft Edge based on Edge HTML Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1361	Microsoft Graphics Components Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1362	Win32k Privilege Escalation Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1363	Windows GDI Information Disclosure Vulnerability	Important
Microsoft Graphics Component	CVE-2019-1364	Win32k Privilege Escalation Vulnerability	Important
Microsoft JET Database Engine	CVE-2019-1358	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft JET Database Engine	CVE-2019-1359	Jet Database Engine Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-1327	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office	CVE-2019-1331	Microsoft Excel Remote Code Execution Vulnerability	Important
Microsoft Office SharePoint	CVE-2019-1070	Microsoft Office SharePoint XSS Vulnerability	Important
Microsoft Office SharePoint	CVE-2019-1328	Microsoft SharePoint Spoofing Vulnerability	Important
Microsoft Office SharePoint	CVE-2019-1329	Microsoft SharePoint privilege elevation vulnerability	Important
Microsoft Office SharePoint	CVE-2019-1330	Microsoft SharePoint privilege elevation vulnerability	Important
Microsoft Scripting Engine	CVE-2019-1060	MS XML Remote Code Execution Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-1307	Chakra Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-1308	Chakra Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-1238	VBScript Remote Code Execution Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-1239	VBScript Remote Code Execution Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-1335	Chakra Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Scripting Engine	CVE-2019-1366	Chakra Scripting Engine Memory Corruption Vulnerability	Critical
Microsoft Windows	CVE-2019-1341	Windows Power Service Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-1342	Windows Error Reporting Manager Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-1344	Windows Code Integrity Module Information Disclosure Vulnerability	Important
Microsoft Windows	CVE-2019-1346	Windows Denial of Service Vulnerability	Important
Microsoft Windows	CVE-2019-1347	Windows Denial of Service Vulnerability	Important
Microsoft Windows	CVE-2019-1311	Windows Imaging API Remote Code Execution Vulnerability	Important
Microsoft Windows	CVE-2019-1315	Windows Error Reporting Manager Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-1316	Microsoft Windows Setup Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-1317	Microsoft Windows Denial of Service Vulnerability	Important
Microsoft Windows	CVE-2019-1318	Microsoft Windows Transport Layer Security Spoofing Vulnerability	Important
Microsoft Windows	CVE-2019-1319	Windows Error Reporting Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-1320	Microsoft Windows Elevation of Privilege	Important
Microsoft Windows	CVE-2019-1321	Microsoft Windows CloudStore Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-1322	Microsoft Windows Elevation of Privilege	Important
Microsoft Windows	CVE-2019-1325	Windows Redirected Drive Buffering System Privilege Escalation Vulnerability	Moderate
Microsoft Windows	CVE-2019-1338	Windows NTLM Security Feature Bypass Vulnerability	Important
Microsoft Windows	CVE-2019-1339	Windows Error Reporting Manager Privilege Escalation Vulnerability	Important
Microsoft Windows	CVE-2019-1340	Microsoft Windows Elevation of Privilege	Important
Open Source Software	CVE-2019-1369	Open Enclave SDK Information Disclosure Vulnerability	Important
Secure Boot	CVE-2019-1368	Windows Secure Boot Security Feature Bypass Vulnerability	Important
Servicing Stack Updates	ADV990001	Latest Servicing Stack Updates	Critical
SQL Server	CVE-2019-1313	SQL Server Management Studio Information Disclosure Vulnerability	Important
SQL Server	CVE-2019-1376	SQL Server Management Studio Information Disclosure Vulnerability	Important
Windows Hyper-V	CVE-2019-1230	Hyper-V Information Disclosure Vulnerability	Important
Windows IIS	CVE-2019-1365	Microsoft IIS Server Privilege Escalation Vulnerability	Important
Windows Installer	CVE-2019-1378	Windows 10 Update Assistant Privilege Escalation Vulnerability	Important
Windows Kernel	CVE-2019-1343	Windows Denial of Service Vulnerability	Important
Windows Kernel	CVE-2019-1345	Windows Kernel Information Disclosure Vulnerability	Important
Windows Kernel	CVE-2019-1334	Windows Kernel Information Disclosure Vulnerability	Important
Windows NTLM	CVE-2019-1166	Windows NTLM Tampering Vulnerability	Important
Windows RDP	CVE-2019-1326	Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability	Important
Windows RDP	CVE-2019-1333	Remote Desktop Client Remote Code Execution Vulnerability	Critical
Windows Update Stack	CVE-2019-1323	Microsoft Windows Update Client Privilege Escalation Vulnerability	Important
Windows Update Stack	CVE-2019-1336	Microsoft Windows Update Client Privilege Escalation Vulnerability	Important
Windows Update Stack	CVE-2019-1337	Windows Update Client Information Disclosure Vulnerability	Important

Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1378
Product	KB Article	Severity	Impact	Supersedence	CVSS Score Set	Restart Required
Windows Update Assistant	Update pending	Important	Elevation of Privilege		Base: N/A Temporal: N/A Vector: N/A	Maybe

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.

Download: Microsoft Released October Patches to Fix 61 Security Vulnerabilities