Home Security Microsoft October Patch Tuesday Rolls Out, This Time With No Zero-Days

Microsoft October Patch Tuesday Rolls Out, This Time With No Zero-Days

by

This Tuesday, Microsoft has released its monthly scheduled updates addressing various security bugs. The October Patch Tuesday, however, relatively differs from Microsoft updates released in previous months, in that it doesn’t contain fixes for any zero-days.

Critical Vulnerabilities Patched This Month

Some of the noteworthy security flaws that received fixes with October updates are 9 critical vulnerabilities. These include 2 vulnerabilities CVE-2019-1238 and CVE-2019-1239 in VBScript allowing remote code execution in the context of the current user, and 4 memory corruption flaws in Chakra Scripting Engine (CVE-2019-1307, CVE-2019-1308, CVE-2019-1335, CVE-2019-1366) leading to remote code execution.

A single RCE vulnerability existed each in Microsoft XML Core Services (CVE-2019-1060) and Remote Desktop Client (CVE-2019-1333).

Moreover, a critical elevation of privilege flaw existed in Azure App Services (CVE-2019-1372), which, upon an exploit, could allow remote code execution.

Other Microsoft October Patch Tuesday Updates

Apart from the critical flaws, Microsoft has released fixes for 49 important severity vulnerabilities affecting various programs. Predominantly, the software receiving fixes with this update bundle include Microsoft Windows, Microsoft Edge, Internet Explorer, Microsoft Dynamics 365, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, SQL Server Management Studio, Windows Update Assistant and Open Source Software.

Among the important vulnerabilities, a notable flaw existed in the Microsoft IIS Server (CVE-2019-1365). Upon an exploit, that could allow elevation of privileges to an attacker, eventually leading to remote code execution.

Microsoft has also patched a single low severity vulnerability CVE-2019-1325 affecting the Windows redirected drive buffering system (rdbss.sys). When triggered, the bug could result in elevation of privilege in Windows 7. Whereas, for other Windows versions, it could lead to denial of service.

The October Patch Tuesday update bundle from Microsoft appears relatively lighter. It does not address any zero-days and brings fixes for only 59 vulnerabilities. Whereas, in September, Microsoft addressed 88 different security vulnerabilities including two zero-days under active exploit.

Interestingly, this month, no Patch Tuesday update has arrived from Adobe.

Take your time to comment on this article.

The following two tabs change content below.

Avatar
Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Source link

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More