November 2019 Threat Intelligence (CRITICAL ALERT)
This month, Microsoft has patched 74 vulnerabilities, 9 of which are critical. But this month’s Patch Tuesday arrives with a patch for a vulnerability in the Internet Explorer engine that hackers have previously exploited in the wild.
All users are advised to install these security updates as soon as possible to ensure they’re protected from these security risks in Windows.
Internet Explorer’s Scripting Engine
Known as CVE-2019-1429, Microsoft claims the IE bug can allow remote code execution due to “the way that the scripting engine handles objects in memory in Internet Explorer.”
This bug is found in the scripting engine, so it affects more than just the IE browser. It is also used inside Office Suite apps to display web content inside embeddable iframes, meaning attackers can craft malicious Office documents and exploit malicious code on a user’s system if the user allows the display of rich content.
The three individuals who reported the bug have not yet released any details about the attacks and where this zero-day was discovered.
Government-based hacking groups usually discover most Windows zero-days, but they slowly make their way to financial crime-focused groups, then mundane spam operations, and later, automated exploit kits.
Other Interesting Vulnerabilities
Although the IE zero-day is the most important bug to patch, this month’s Patch Tuesday includes more security updates, with fixes for 74 bugs across 9 Microsoft platforms.
- There is a notable patch for Excel for Mac. An issue reported earlier this month was that Excel ignored the “Disable all macros” setting and still executed XLM-based macros scripts when users opened an Excel spreadsheet, opening users to a dangerous attack vector.
- Microsoft issued a particular fix for a strange vulnerability that appears in certain Trusted Platform Module (TPM) chipsets, known as CVE-2019-16863.
Two Advisories Released
- ADV190024 - Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)
- ADV990001 - Latest Servicing Stack Updates
Patching Is Important...
Security vulnerabilities are the ‘low-hanging fruit’ for hackers. Patching is essential to keep your information safe. It is also good practice to back up your system or data before applying any updates.
Customers Are Advised to Follow These Security Tips:
- Install vendor patches immediately when available.
- Run all software with the least privileges while still maintaining functionality.
- Do not handle files from questionable sources.
- Avoid visiting sites with unknown integrity.
- Block external access at the network perimeter to all key systems unless access is necessary.
Related Articles:
- Real-life cybercrime video - Phishing affects healthcare providers
- [THREAT INTEL] NSA issues rare warning to patch against BlueKeep vulnerability
- Know your enemy: What motivates a cyber criminal?
- A buyer’s guide to patch management software. Whatt are thetypess ofpenetration testss? What’s the difference?
- Pros and cons of outsourcing your cyber security: In-house or Managed SOC?