Microsoft Released November 2019 Security Patches to Fix 13 Critical Vulnerabilities

Microsoft Released November 2019 Security Patches to Fix 13 Critical Vulnerabilities

novembro 29, 2019 | Adeline Zhang

Overview

Among the vulnerabilities that Microsoft has updated in this month, there are 13 critical ones which exist in products like Hyper-V, VBScript, Exchange, and Scripting Engine.

Overview of Critical Vulnerabilities

Microsoft Hyper-V

The update fixes five key security vulnerabilities in Hyper-V.

The vulnerabilities are summarized as follows:

CVE ID Impact Vulnerability Description
CVE-2019-0719 Remote code execution This issue exists when the Windows Hyper-V network switch on the host does not properly validate input from an authenticated user on a guest operating system.

To exploit this vulnerability, an attacker could run a specially crafted application on a guest operating system, causing arbitrary code execution on the Hyper-V host operating system.

CVE-2019-0721 Remote code execution Same as CVE-2019-0719
CVE-2019-1389 Remote code execution This issue exists when the Windows Hyper-V on the host does not properly validate input from an authenticated user on a guest operating system.

To exploit this vulnerability, an attacker could run a specially crafted application on a guest operating system, causing arbitrary code execution on the Hyper-V host operating system.

CVE-2019-1397 Remote code execution Same as CVE-2019-1389
CVE-2019-1398 Remote code execution Same as CVE-2019-1389

For more details and updates on the vulnerability, please refer to the official Microsoft Security Notice:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0719

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0721

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1389

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1397

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1398

Microsoft VBScript

A critical security vulnerability in VBScript was fixed in the update.

The vulnerabilities are summarized as follows:

CVE ID Impact Vulnerability Description
CVE-2019-1390 Remote code execution A remote code execution vulnerability exists in the VBScript engine’s handling of in-memory objects.

An attacker who successfully exploits the vulnerability could gain the same permissions as the current user. If the current user logs in with administrative rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system and then install programs, view data, modify or delete data, or create accounts with full user rights.

In order to trigger this vulnerability, an attacker could induce a user to use an Internet Explorer browser to access a malicious website created by an attacker, or to open an Office document or application that contains an ActiveX control labeled “safe initialization.”

For more details and updates on the vulnerability, please refer to the official Microsoft Security Notice:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1390

Microsoft Scripting Engine

The update fixes three key security vulnerabilities in the Scripting Engine.

The vulnerabilities are summarized as follows:

CVE ID Impact Vulnerability Description
CVE-2019-1429

Already found to use

Remote code executionA remote code execution vulnerability exists in the Scripting Engine’s handling of memory objects in Internet Explorer. The vulnerability could cause memory corruption, and an attacker who successfully exploits the vulnerability might gain the same privileges as the current user. If the current user logs in with administrative rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system and then install programs, view data, modify or delete data, or create accounts with full user rights.

An attacker could trigger this vulnerability by inducing a user to use an Internet Explorer browser to access a malicious website created by an attacker or to open a malicious office document.

CVE-2019-1427 Remote code executionA remote code execution vulnerability exists in the Scripting Engine’s handling of memory objects in Microsoft Edge. The vulnerability could cause memory corruption, and an attacker who successfully exploits the vulnerability might gain the same privileges as the current user. If the current user logs in with administrative rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system and then install programs, view data, modify or delete data, or create accounts with full user rights.

An attacker could trigger a vulnerability by inducing a user to use a Microsoft Edge browser to access a malicious website created by an attacker.

CVE-2019-1428 Remote code execution Same as CVE-2019-1427

For more details and updates on the vulnerability, please refer to the official Microsoft Security Notice:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1428

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1427

Microsoft Exchange

The update fixes a key security vulnerability in Exchange.

The vulnerabilities are summarized as follows:

CVE ID Impact Vulnerability Description
CVE-2019-1373 Remote code executionA remote code execution vulnerability exists in the way Microsoft Exchange desterilizes metadata through PowerShell. An attacker who successfully exploits this vulnerability could run arbitrary code in the context of the login user.

Exploitation of this vulnerability requires users to run cmdlets through PowerShell.

For more details and updates on the vulnerability, please refer to the official Microsoft Security Notice:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1373

OpenType Font Parsing

The update fixes a key security vulnerability in OpenType font parsing.

The vulnerabilities are summarized as follows:

CVE ID Impact Vulnerability Description
CVE-2019-1419 Remote code execution A remote code execution vulnerability exists in the way the Windows Adobe Type Manager library does not properly handle specially crafted OpenType fonts.

For all systems except Windows 10, an attacker who successfully exploits this vulnerability could remotely execute code. For Windows 10 systems, an attacker who successfully exploits this vulnerability could execute code in the AppContainer sandbox context with limited privileges and functionality.

An attacker could exploit this vulnerability in a number of ways, such as convincing a user to open a specially crafted document or convincing a user to access a web page that contains a specially crafted embedded OpenType font.

For more details and updates on the vulnerability, please refer to the official Microsoft Security Notice:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1419

Microsoft Windows Media Foundation

A critical security vulnerability in Microsoft Windows Media Foundation was fixed in the update.

The vulnerabilities are summarized as follows:

CVE ID Impact Vulnerability Description
CVE-2019-1430 Remote code execution A remote code execution vulnerability exists when Windows Media Foundation cannot properly parse a specially crafted QuickTime media file.

An attacker who successfully exploits this vulnerability could gain the same user rights as a local user.

To exploit this vulnerability, an attacker would have to send a specially crafted QuickTime file to the user and convince them to open it. When opened, a malicious QuickTime file will execute code on the target system.

For more details and updates on the vulnerability, please refer to the official Microsoft Security Notice:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1430

Win32k Graphics

The update fixes a key security vulnerability in Win32k Graphics.

The vulnerabilities are summarized as follows:

CVE ID Impact Vulnerability Description
CVE-2019-1441 Remote code execution A remote code execution vulnerability exists in the Windows font library when it improperly handles specially crafted embedded fonts.

An attacker who successfully exploits this vulnerability could control the affected system. An attacker could install a program; view, change, or delete data; or create a new account with full user rights.

An attacker could exploit this vulnerability in a number of ways.

(1) In a web-based attack scenario, a user may be tempted to access a malicious website created by an attacker. A common method is to let the user click a link in an email or Instant Messenger message, or open an attachment sent via email.

(2) In a file sharing attack scenario, an attacker may provide a specially crafted document file and convince the user to open it.

For more details and updates on the vulnerability, please refer to the official Microsoft Security Notice:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1441

Solution

Microsoft officially has released an update patch, please update the patch in time.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.