Microsoft’s September 2019 Patch Tuesday Fixes 79 Vulnerabilities

Patch Tuesday

Today is Microsoft’s September 2019 Patch Tuesday, which means your Windows administrators are going to be up to their elbows in problems. So be nice to them!

With the release of the September 2019 security updates, Microsoft has released 2 advisories and updates for 79 vulnerabilities. Of these vulnerabilities, 17 are classified as Critical. 

All users should install these security updates as soon as possible to protect Windows from security risks.

For information about the non-security Windows updates, you can read about today’s Windows 10 September 2019 Cumulative Updates and September Microsoft Office Updates.

Further fix released for disclosed Windows CTF Flaws

In August 2019, Google Project Zero researcher Tavis Ormandy disclosed various Windows CTF vulnerabilities that could allow attackers with low privileges to launch programs with elevated privileges.

As part of the August Patch Tuesday, Microsoft fixed one of the related vulnerabilities (CVE-2019-1162), but had indicated that other related vulnerabilities would be fixed in later updates.

As part of today’s security updates, Microsoft has released another fix for these flaws titled “CVE-2019-1235 | Windows Text Service Framework Elevation of Privilege Vulnerability”.

“An elevation of privilege vulnerability exists in Windows Text Service Framework (TSF) when the TSF server process does not validate the source of input or commands it receives. An attacker who successfully exploited this vulnerability could inject commands or read input sent through a malicious Input Method Editor (IME). This only affects systems that have installed an IME.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The security update addresses this vulnerability by correcting how the TSF server and client validate input from each other.”

More remote desktop vulnerabilities

It wouldn’t be a Patch Tuesday lately without Remote Desktop vulnerabilities.

With the September updates, Microsoft has fixed 4 vulnerabilities with IDs CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, CVE-2019-1291 that can allow remote code execution if connecting to a malicious server.

“A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would need to have control of a server and then convince a user to connect to it. An attacker would have no way of forcing a user to connect to the malicious server, they would need to trick the user into connecting via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique. An attacker could also compromise a legitimate server, host malicious code on it, and wait for the user to connect.”

3 publicly disclosed vulnerabilities

Microsoft has stated that three of the vulnerabilities have been publicly disclosed and two have known exploits.

The publicly released vulnerabilities are:

  • CVE-2019-1235 – Windows Text Service Framework Elevation of Privilege Vulnerability
  • CVE-2019-1253 – Windows Elevation of Privilege Vulnerability
  • CVE-2019-1294 – Windows Secure Boot Security Feature Bypass Vulnerability

Two advisories released

In addition to the security updates, Microsoft also released two advisories that resolve two Critical code execution vulnerabilities in Adobe Flash and a new Servicing Stack Update for Windows 10.

  • ADV190022 – September 2019 Adobe Flash Security Update

  • ADV990001 – Latest Servicing Stack Updates

Demo of Critical CVE-2019-1208 VBScript vulnerability

One of the Critical vulnerabilities found this month is “CVE-2019-1208 | VBScript Remote Code Execution Vulnerability” is a remote code execution through VBScript.

“A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.’

James Lee who found this vulnerability shared a video demonstration of vulnerability with BleepingComputer that can  be seen below.

Lee also shared a Tweet demonstrating this vulnerability chained with others to achieve remote code execution.

VBScript is alive again in latest Windows 10! pic.twitter.com/qLuTbHc6oa

— James Lee (@Windowsrcer) June 21, 2019

The September 2019 Patch Tuesday Security Updates

Below is the full list of vulnerabilities resolved, and advisories in the September 2019 Patch Tuesday updates.  To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
.NET Core CVE-2019-1301 .NET Core Denial of Service Vulnerability Important
.NET Framework CVE-2019-1142 .NET Framework Elevation of Privilege Vulnerability Important
Active Directory CVE-2019-1273 Active Directory Federation Services XSS Vulnerability Important
Adobe Flash Player ADV190022 September 2019 Adobe Flash Security Update Critical
ASP.NET CVE-2019-1302 ASP.NET Core Elevation Of Privilege Vulnerability Important
Common Log File System Driver CVE-2019-1282 Windows Common Log File System Driver Information Disclosure Vulnerability Important
Common Log File System Driver CVE-2019-1214 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important
Microsoft Browsers CVE-2019-1220 Microsoft Browser Security Feature Bypass Vulnerability Important
Microsoft Edge CVE-2019-1299 Microsoft Edge based on Edge HTML Information Disclosure Vulnerability Important
Microsoft Exchange Server CVE-2019-1233 Microsoft Exchange Denial of Service Vulnerability Important
Microsoft Exchange Server CVE-2019-1266 Microsoft Exchange Spoofing Vulnerability Important
Microsoft Graphics Component CVE-2019-1245 DirectWrite Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1252 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1284 DirectX Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2019-1283 Microsoft Graphics Components Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1216 DirectX Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1286 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1244 DirectWrite Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1251 DirectWrite Information Disclosure Vulnerability Important
Microsoft JET Database Engine CVE-2019-1248 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1246 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1243 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1247 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1241 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1240 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1250 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1249 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1242 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-1264 Microsoft Office Security Feature Bypass Vulnerability Important
Microsoft Office CVE-2019-1263 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office CVE-2019-1297 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2019-1259 Microsoft SharePoint Spoofing Vulnerability Moderate
Microsoft Office SharePoint CVE-2019-1260 Microsoft SharePoint Elevation of Privilege Vulnerability Important
Microsoft Office SharePoint CVE-2019-1295 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2019-1257 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2019-1296 Microsoft SharePoint Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2019-1262 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-1261 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Scripting Engine CVE-2019-1298 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1300 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1217 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1208 VBScript Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1138 Chakra Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-1221 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1237 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1236 VBScript Remote Code Execution Vulnerability Moderate
Microsoft Windows CVE-2019-1219 Windows Transaction Manager Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-1280 LNK Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2019-1277 Windows Audio Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1278 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1215 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1289 Windows Update Delivery Optimization Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1292 Windows Denial of Service Vulnerability Important
Microsoft Windows CVE-2019-1294 Windows Secure Boot Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-1287 Windows Network Connectivity Assistant Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1270 Microsoft Windows Store Installer Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1235 Windows Text Service Framework Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1271 Windows Media Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1303 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1272 Windows ALPC Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1269 Windows ALPC Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1253 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1267 Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1268 Winlogon Elevation of Privilege Vulnerability Important
Microsoft Yammer CVE-2019-1265 Microsoft Yammer Security Feature Bypass Vulnerability Important
Project Rome CVE-2019-1231 Rome SDK Information Disclosure Vulnerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Skype for Business and Microsoft Lync CVE-2019-1209 Lync 2013 Information Disclosure Vulnerability Important
Team Foundation Server CVE-2019-1305 Team Foundation Server Cross-site Scripting Vulnerability Important
Team Foundation Server CVE-2019-1306 Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability Critical
Visual Studio CVE-2019-1232 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability Important
Windows Hyper-V CVE-2019-0928 Windows Hyper-V Denial of Service Vulnerability Important
Windows Hyper-V CVE-2019-1254 Windows Hyper-V Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1274 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1293 Windows SMB Client Driver Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1285 Win32k Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2019-1256 Win32k Elevation of Privilege Vulnerability Important
Windows RDP CVE-2019-1291 Remote Desktop Client Remote Code Execution Vulnerability Critical
Windows RDP CVE-2019-1290 Remote Desktop Client Remote Code Execution Vulnerability Critical
Windows RDP CVE-2019-0788 Remote Desktop Client Remote Code Execution Vulnerability Critical
Windows RDP CVE-2019-0787 Remote Desktop Client Remote Code Execution Vulnerability Critical

Update 9/14/19: Updated the article to remove information about two vulnerabilities that Microsoft erroneously reported as being exploited. Also added information from James Lee about a VBScript exploit that he discovered.

Read More

Leave a Comment