Windows Problems and Solutions

November 2019 Patch windows for 74 vulnerabilities

November 2019 Patch Tuesday comes with patches for an IE zero-day exploited by attackers in the wild and four Hyper-V escapes.

Microsoft updates

Microsoft has delivered fixes for 74 vulnerabilities in various products, 13 of which are deemed to be critical. The most notable ones in this batch are:

  • CVE-2019-1429, a scripting engine memory corruption vulnerability that, according to researchers of the Google Threat Analysis Group, is being exploited in attacks in the wild to achieve remote code execution
  • CVE-2019-16863, a flaw effecting STMicroelectronics Trusted Platform Module (TPM) chipsets, which impacts key confidentiality in the Elliptic Curve Digital Signature Algorithm (ECDSA).

The former can be triggered in several ways.

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked ‘safe for initialization’ in an application or Microsoft Office document that hosts the IE rendering engine,” Microsoft explained.

“The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.”

Updating Internet Explorer should therefore be a priority, especially on workstations, as all current IE versions are affected.

CVE-2019-16863 does not affect any of Windows or a specific Microsoft application. The hole can be plugged through a TPM firmware update

“If your system is affected and requires the installation of TPM firmware updates, you might need to re-enroll in security services you are running to remediate those affected services,” Microsoft pointed out.

Other security updates that should be prioritized are those for Hyper-V systems, as they fix four vulnerabilities that would allow a remote, authenticated user on a guest system to run arbitrary code on the host system, and those for Microsoft Exchange.

“Bugs in Exchange Server are always interesting on some level, and [CVE-2019-1373] certainly doesn’t disappoint. The patch corrects a vulnerability in the de serialization of metadata via PowerShell.

To exploit this, an attacker would need to convince a user to run cmdlets via PowerShell. While this may be an unlikely scenario, it only takes one user to compromise the server. If that user has administrative privileges, they could hand over complete control to the attacker,” noted Trend Micro ZDI’s Dustin Childs.

Finally, Microsoft has also finally provided a fix for CVE-2019-1457, a vulnerability that could allow attackers to leverage XLM macros to execute arbitrary code on a vulnerable system.

Mustapha Haouili

Software development engineer - It System Administrator with a successful experience from 14 years. Programming languages: Cobol - C# - Python - Shell Script. There is no problem without a solution

Related Articles

Leave a Reply

Back to top button