December 9, 2019
September 2019 Threat Intelligence (CRITICAL ALERT)
This month, Microsoft have patched 79 vulnerabilities; 17 of which are ranked critical and 61 marked as important. Additionally, Microsoft have released 2 advisories and updates for the 79 vulnerabilities, so we recommend all users install these security updates to protect from further security risks. Full information on this months patches can be found here: https://portal.msrc.microsoft.com/en-us/security-guidance
Important fixes
In the August security release, a Google researcher discovered multiple Windows CTF vulnerabilities that would allow hackers with low access to launch programs with elevated privileges. During August Patch Tuesday, Microsoft also fixed a related vulnerability (CVE-2019-1162), but indicated that other vulnerabilities will be fixed in later updates. As part of September’s security updates, Microsoft has released another fix for these flaws titled “CVE-2019-1235 – Windows Text Service Framework Elevation of Privilege Vulnerability”.
“An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This only affects systems that have installed an IME. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.”
Let’s not forget the Remote Desktop vulnerabilities
Patch Tuesday would not be complete without Remote Desktop vulnerabilities. Microsoft has fixed 4 vulnerabilities with IDs:
These can allow remote code execution if connecting to a malicious server.
An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The publicly released vulnerabilities
- CVE-2019-1235 – Windows Text Service Framework Elevation of Privilege Vulnerability
- CVE-2019-1253 – Windows Elevation of Privilege Vulnerability
- CVE-2019-1294 – Windows Secure Boot Security Feature Bypass Vulnerability
Two advisories have been released
As well as the security updates, Microsoft released two advisories that eliminate two critical vulnerabilities in Adobe Flash and a new updates for Windows 10.
Patching is important…
Security vulnerabilities are the ‘low hanging fruit’ for hackers. Patching is essential to keep your information safe. It is also good practice to back up your system or at least your data before you apply any updates.
Customers are advised to follow these security tips:
- Install vendor patches immediately when available.
- Run all software with least privileges while still maintaining functionality.
- Do not handle files from questionable sources.
- Avoid visiting sites with unknown integrity.
- Block external access at the network perimeter to all key systems unless access is necessary.
Related articles:
- Real life cyber crime video – The ransomware heist
- [THREAT INTEL] NSA issues rare warning to patch against BlueKeep vulnerability
- Is ransomware the biggest threat to your IT security?
- A buyers guide to patch management software
- Types of penetration test – what’s the difference?
- Pros and cons of outsourcing your cyber security: In-house or Managed SOC?
About CyberOne
CyberOne is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC). Located at the heart of a high security, controlled-access Tier 3 data centre,CyberOne’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.