Microsoft Released October Patches to Fix 61 Security Vulnerabilities

Microsoft Released October Patches to Fix 61 Security Vulnerabilities

October 26, 2019 | Adeline Zhang

Overview

Microsoft released the October security update patch on Tuesday, fixing 61 security issues ranging from simple spoofing attacks to remote code execution. Products include Azure, Internet Explorer, Microsoft Browsers, Microsoft Devices, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component. , Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Open Source Software, Secure Boot, Servicing Stack Updates, SQL Server, Windows Hyper-V, Windows IIS, Windows Installer, Windows Kernel, Windows NTLM , Windows RDP and Windows Update Stack.

Details can be found in the following table

Product CVE ID CVE Title Severity Level
Azure CVE-2019-1372 Azure App Service Remote Code Execution Vulnerability Critical
Internet Explorer CVE-2019-1371 Internet Explorer Memory Corruption Vulnerability Important
Microsoft Browsers CVE-2019-0608 Microsoft Browser Spoofing Vulnerability Important
Microsoft Browsers CVE-2019-1357 Microsoft Browser Spoofing Vulnerability Important
Microsoft Devices CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability Important
Microsoft Dynamics CVE-2019-1375 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important
Microsoft Edge CVE-2019-1356 Microsoft Edge based on Edge HTML Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1361 Microsoft Graphics Components Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1362 Win32k Privilege Escalation Vulnerability Important
Microsoft Graphics Component CVE-2019-1363 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1364 Win32k Privilege Escalation Vulnerability Important
Microsoft JET Database Engine CVE-2019-1358 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1359 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-1327 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-1331 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2019-1070 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-1328 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2019-1329 Microsoft SharePoint privilege elevation vulnerability Important
Microsoft Office SharePoint CVE-2019-1330 Microsoft SharePoint privilege elevation vulnerability Important
Microsoft Scripting Engine CVE-2019-1060 MS XML Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1307 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1308 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1238 VBScript Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1239 VBScript Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1335 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1366 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2019-1341 Windows Power Service Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1342 Windows Error Reporting Manager Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1344 Windows Code Integrity Module Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-1346 Windows Denial of Service Vulnerability Important
Microsoft Windows CVE-2019-1347 Windows Denial of Service Vulnerability Important
Microsoft Windows CVE-2019-1311 Windows Imaging API Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2019-1315 Windows Error Reporting Manager Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1316 Microsoft Windows Setup Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1317 Microsoft Windows Denial of Service Vulnerability Important
Microsoft Windows CVE-2019-1318 Microsoft Windows Transport Layer Security Spoofing Vulnerability Important
Microsoft Windows CVE-2019-1319 Windows Error Reporting Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1320 Microsoft Windows Elevation of Privilege Important
Microsoft Windows CVE-2019-1321 Microsoft Windows CloudStore Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1322 Microsoft Windows Elevation of Privilege Important
Microsoft Windows CVE-2019-1325 Windows Redirected Drive Buffering System Privilege Escalation Vulnerability Moderate
Microsoft Windows CVE-2019-1338 Windows NTLM Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-1339 Windows Error Reporting Manager Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1340 Microsoft Windows Elevation of Privilege Important
Open Source Software CVE-2019-1369 Open Enclave SDK Information Disclosure Vulnerability Important
Secure Boot CVE-2019-1368 Windows Secure Boot Security Feature Bypass Vulnerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
SQL Server CVE-2019-1313 SQL Server Management Studio Information Disclosure Vulnerability Important
SQL Server CVE-2019-1376 SQL Server Management Studio Information Disclosure Vulnerability Important
Windows Hyper-V CVE-2019-1230 Hyper-V Information Disclosure Vulnerability Important
Windows IIS CVE-2019-1365 Microsoft IIS Server Privilege Escalation Vulnerability Important
Windows Installer CVE-2019-1378 Windows 10 Update Assistant Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-1343 Windows Denial of Service Vulnerability Important
Windows Kernel CVE-2019-1345 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1334 Windows Kernel Information Disclosure Vulnerability Important
Windows NTLM CVE-2019-1166 Windows NTLM Tampering Vulnerability Important
Windows RDP CVE-2019-1326 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important
Windows RDP CVE-2019-1333 Remote Desktop Client Remote Code Execution Vulnerability Critical
Windows Update Stack CVE-2019-1323 Microsoft Windows Update Client Privilege Escalation Vulnerability Important
Windows Update Stack CVE-2019-1336 Microsoft Windows Update Client Privilege Escalation Vulnerability Important
Windows Update Stack CVE-2019-1337 Windows Update Client Information Disclosure Vulnerability Important

 Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2019-1378
Product KB Article Severity Impact Supersedence CVSS Score Set Restart Required
Windows Update Assistant Update pending Important Elevation of Privilege Base: N/A
Temporal: N/A
Vector: N/A
Maybe

 

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.

Download: Microsoft Released October Patches to Fix 61 Security Vulnerabilities