Automox Patch Tuesday Breakdown: September 2019

Welcome to September's Automox Patch Tuesday breakdown.

This month, Microsoft has released 80 updates, 17 of which are rated “Critical.” Three of the vulnerabilities addressed this month are publicly disclosed – and two have known exploits. Microsoft suggests that users apply available updates as soon as possible to safeguard against potential threats.

While a majority of the patches released from Microsoft focused on Windows 10, there are still a few bugs being patched in the Windows 7 ecosystem (CVE-2019-1214). With the end-of-support for this legacy operating system coming on January 14, 2020, this should serve as a reminder for all IT managers to start planning their upgrade strategy while also maintaining their systems.

Security updates from Adobe for Flash Player and Application Manager are also available. Adobe is recommending that users patch Flash Player immediately due to critically rated vulnerabilities. This month may seem quiet compared to the massive security updates that have been rolling out all summer long – but volume does not equal importance.

Patching operating systems in a timely manner is key to good cyber hygiene and is essential for keeping your organization secure. See last month's breakdown for more on August's Patch Tuesday.

Windows Tackles Zero-Day Vulnerabilities

For September, Microsoft has released many security updates – and two of them are “zero days” which are being actively exploited in the wild. Both zero days are privilege escalation vulnerabilities, which means attackers can ultimately use them to run code with elevated privileges. According to reports, all currently supported versions of Windows are affected by these exploits.

The two zero days are:

CVE-2019-1214 is a vulnerability in the Windows Common Log File System when the driver handles objects in memory incorrectly. This could be exploited to allow attackers to run processes with elevated privileges. All a malicious actor has to do is log in and run a specially crafted program to seize control of the targeted system. Microsoft has addressed this issue by correcting how the driver handles objects in memory.

CVE-2019-1215 is a vulnerability related to the way Winsock (ws2ifsl.sys) handles objects in memory. A locally authenticated attacker can exploit this vulnerability by running a specially designed application. If successful, a bad actor can then run code with elevated privileges. This is resolved by correcting the way Winsock handles objects in memory.

More Updates From Microsoft

In addition to these zero-day vulnerabilities, Microsoft has a handful of other critical vulnerabilities to address this month – three of which are publicly disclosed. These include:

CVE-2019-1235 is a privilege escalation vulnerability that occurs when Windows Text Service Framework (TSF) server process fails to validate the commands or inputs it receives. To exploit, an attacker would need to log into the system and run a program designed to target this vulnerability. From there, a malicious actor can insert commands or read input sent through a “weaponized” Input Method Editor.

CVE-2019-1253 is another vulnerability involving escalation of privileges and occurs when Windows AppX Deployment Server improperly handles junctions. To capitalize on this vulnerability, attackers need to first gain execution on the target system. From there, a specially crafted program can be used to escalate privileges. To address this issue, the update fixes how AppX handles junctions.

CVE-2019-1294 is a security feature bypass that occurs when Windows Secure Boot restricts access to debugging functionality incorrectly. To exploit, an attacker would need physical access to the intended victim system before the next system reboot. However, once a bad actor successfully exploits this vulnerability, protected kernel memory can be exposed. Microsoft's update resolves this issue by “preventing access to certain debugging options when Windows Secure Boot is enabled.”

For September, Microsoft has also released four more remote desktop vulnerabilities:

All four are remote code execution (RCE) vulnerabilities and are rated critical. These issues are resolved by fixing how Windows Remote Desktop Client handles connection requests.

All told, there are 17 critical updates coming from Microsoft this month.

Updates from Adobe

In addition to the updates from Microsoft, users can also look forward to updates for Adobe Flash Player and Application Manager this September.

Adobe has released Flash Player security updates for Windows, Linux, Mac OS and Chrome OS. The two vulnerabilities, CVE-2019-8069 and CVE-2019-8070, are critically rated and could lead to arbitrary code execution if exploited.

Affected versions of Flash Player include:

  • Adobe Flash Player for Google Chrome and earlier
  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 and earlier
  • Adobe Flash Player Desktop Runtime and earlier

Adobe is recommending that users deploy patches for Flash Player as soon as possible.

Adobe Application Manager version 10.0 is affected by CVE-2019-8076, which relates to an insecure library loading vulnerability that can lead to arbitrary code execution. Adobe suggests updating to the newest version of Application Manager, which is not affected by this vulnerability.

This month's Patch Tuesday addresses several critical security vulnerabilities for both Microsoft and Adobe. While it may not be the biggest security update we've seen this year, it still packs a punch. Patching is an essential part of cybersecurity for organizations of every size, and with new, automated solutions for patch management, you can streamline patch deployment and ensure every device on your network is covered.

To see a complete list of the September Patch Tuesday release, view our summary: Automox September 2019 Patch Tuesday Index.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.