Threat Intelligence October 2019: 59 Vulnerabilities Including 9 Critical

October 2019 Threat Intelligence (CRITICAL ALERT)

Microsoft has patched 59 vulnerabilities this month, only 9 of which are critical, making this month’s Patch Tuesday the lightest we’ve had in a long time.

For over a year, Microsoft has been actively patching exploited zero-days and more than 80/90 vulnerabilities each month. But this month, there were no zero-days and just 9 bugs that received a critical rating.

Bulky updates in the past often led to patching, messing up Windows features and user systems, so this should reduce the chances of that happening.

Two NTLM Authentication vulnerabilities FIXED

The security firm Preempt discovered two NTLM authentication vulnerabilities. Today, they were fixed, bypassing protections put in place by Microsoft to prevent NTLM relay attacks.

These vulnerabilities, assigned CVE IDs 2019-1166 and CVE-2019-133, allow attackers to bypass the MIC (Message Integrity Code) protection on NTLM authentication. CVE-2019-1338 also enables attackers to bypass other NTLM relay mitigations.

Preempt has stated that these are extremely serious vulnerabilities as they could allow attackers to compromise an entire domain through relay attacks.

Other Intriguing Vulnerabilities

• Two remote code execution bugs were found in the VBScript engine and one in the RDC (Remote Desktop Client).
• The VBScript vulnerabilities (CVE-2019-1238 and CVE-2019-1239) could be used in malicious office documents sent as attachments to trigger vulnerabilities in Internet Explorer.
• The Remote Desktop client RCE is assigned ID CVE-2019-1333 and allows malicious servers to execute commands on clients when they connect via RDP.

Patching is Important...

Security vulnerabilities are hackers’ low-hanging fruit. Patching is essential to keeping your information safe. It is also good practice to back up your system or data before applying any updates.

Customers Are Advised to Follow These Security Tips:

• Install vendor patches immediately when available.
• Run all software with least privileges while still maintaining functionality.
• Do not handle files from questionable sources.
• Avoid visiting sites with unknown integrity.
• Block external access at the network perimeter to all key systems unless access is necessary.

Related Articles:

• Real-Life Cyber Crime Video - Phishing Affects Healthcare Providers
• [THREAT INTEL] NSA Issues Rare Warning to Patch Against BlueKeep Vulnerability
• Cyber Security Risks: What Comes First?
• A Buyer’s Guide to Patch Management Software
• Types of Penetration Test - What’s the Difference?
• Pros and Cons of Outsourcing Your Cyber Security: In-House or Managed SOC?