Microsoft October 2019 Patch Tuesday addressed a total of 59 vulnerabilities. 9 of which are rated as critical and 49 as important.
The tech giant released its October 2019 Patch Tuesday security updates to address a total of 59 vulnerabilities in Windows operating systems and other software, 9 of which are rated as ‘critical’, 49 are ‘important’, and one ‘moderate’.
None of the vulnerabilities addressed by Microsoft was exploited by attackers in the wild or was publicly known.
Microsoft addressed two critical remote code execution flaws, tracked as CVE-2019-1238 and CVE-2019-1239, in the VBScript engine, both tie the way VBScript handles objects in memory. An attacker could exploit the flaw to cause memory corruption and execute arbitrary code in the context of the current user.
An attacker could trigger the flaws by tricking the victims into visiting a specially crafted website through Internet Explorer.
The attacker could also exploit these flaws using an application or Microsoft Office document that embeds an ActiveX control marked ‘safe for initialization’ that leverages the Internet Explorer rendering engine.
Microsoft addressed three critical memory corruption flaws in the Chakra scripting engine that could lead to remote code execution. The vulnerabilities affect the way Chakra scripting engine handles objects in memory in Microsoft Edge.
Microsoft has addressed a reverse RDP attack, an attacker could exploit the flaw to compromise client computers connecting to a malicious RDP server by exploiting a critical remote code execution issue in Windows built-in Remote Desktop Client application.
The attack scenario sees threat actors tricking victims into connecting to a malicious RDP server.
October 2019 Patch Tuesday security updates also addressed two NTLM authentication vulnerabilities, tracked as CVE 2019-1166 and CVE-2019-1338 that could be exploited by attackers to bypass the MIC (Message Integrity Code) protection on NTLM authentication.
“A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection. An attacker who successfully exploited this vulnerability could gain the ability to downgrade NTLM security features.” reads the security advisory for the CVE 2019-1166.
“To exploit this vulnerability, the attacker would need to tamper with the NTLM exchange. The attacker could then modify flags of the NTLM packet without invalidating the signature.”
To read the original aritcle: