Otto background

Automox Patch Tuesday Breakdown: November 2019

Welcome to November's Automox Patch Tuesday breakdown.

This month, we're looking at 74 vulnerability fixes from Microsoft, over a dozen of which are rated “critical.” This includes resolving a zero-day vulnerability in Internet Explorer that was actively being exploited in the wild, as well as a patch for a publicly disclosed vulnerability.  With patching, time is truly of the essence – but especially when it comes to zero days.

For November, Adobe has also released two critical security updates related to memory corruption vulnerabilities that can lead to remote code execution.

This month's Patch Tuesday is lighter in volume than recent months, but there are several critical vulnerabilities that need to be addressed. After what seemed to be an endless stream of heavy updates, November will hopefully provide a much-needed reprieve for tech professionals. See last month's breakdown for more on October's Patch Tuesday update.

Automox patch management

Critical Updates From Microsoft

Microsoft has released 13 critical security updates for November. Of these, one is a fix for a zero-day vulnerability in Internet Explorer (IE) that has already been exploited by malicious actors in the wild. A remote code execution in the web browser could be exploited through a web-based attack.

Known as CVE-2019-1429, the IE zero-day is what's called a Scripting Engine Memory Corruption Vulnerability. Bad actors can use web-based attacks to exploit this vulnerability, simply by using specially-crafted malicious web pages. If successful, the attackers would then be able to execute arbitrary code within the context of the current user. If the current user has administrative rights, the attacker can then take control of the system – and will have the ability to install programs; view, edit and delete data; and create new user accounts with full administrative access.

The patch from Microsoft fixes this issue by changing how the scripting engine handles objects in memory.

There are also two additional critical updates which resolve scripting engine memory corruption issues which affect Microsoft Edge in a similar manner:

Patches from Microsoft address these issues by altering how the scripting engine handles objects in memory.

With this month's update, Microsoft has also released an important patch for a publicly disclosed vulnerability – CVE-2019-1457. This is a vulnerability that exists in Microsoft Office for Mac, and if exploited, can allow attackers to bypass security features.

While it is not ranked as “critical,” the fact that CVE-2019-1457 is a publicly disclosed vulnerability makes this another important fix to keep an eye on.

Additionally, Microsoft is resolving five critical remote code vulnerabilities with Hyper-V this month. These include:

CVE-2019-0719 and CVE-2019-0721 both affect Windows 10 and involve a vulnerability that exists when Hyper-V Network Switch fails to properly validate input from authenticated users on guest operating systems. Attackers can exploit this by using specially-designed applications on guest operating systems that can cause Hyper-V host operating system to run arbitrary code.

Windows 10 is also affected by CVE-2019-1398,  a vulnerability that exists when Hyper-V on a host server fails to properly validate input from an authenticated user. This is another bug that can be exploited with a specially crafted application on a guest operating system, which can cause the Hyper-V host system to execute arbitrary code.  Successful exploitation would allow malicious actors to run arbitrary code on the victim system.

CVE-2019-1389 and CVE-2019-1397 both affect Windows 7. These vulnerabilities also exist when Hyper-V host fails to properly validate input from authenticated users on guest operating systems, and can be exploited in the same way as CVE-2019-1398.

Microsoft resolves  all of these issues by correcting how Hyper-V validates guest operating system user input.

November's Patch Tuesday also includes several other fixes for remote code execution vulnerabilities. These include:

Microsoft recommends that users patch for critical vulnerabilities as soon as possible.

Other Updates For November

Adobe has also released several critical security updates for November, including fixes for vulnerabilities that could allow attackers to execute remote code, escalate privileges and gain unauthorized access to systems running unpatched versions of Animate CC, Bridge CC, Illustrator and Media Encoder,

There are two vulnerabilities in Illustrator involving critical memory corruption issues that can lead to remote code execution that are getting a lot of  attention:

According to reports, these vulnerabilities pose a particular threat because Illustrator is so widely used and they can be exploited to run arbitrary code on victim machines. Adobe “strongly advises” users to deploy these patches as soon as possible to shut down potential attempts at attack.

November's Patch Tuesday may seem light in terms of volume, but there are several significant bugs getting fixed this month. And with zero-day and publicly disclosed vulnerabilities on the table, there is no time to waste.

About Automox Automated Patch Management Platform

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Dive deeper into this topic