The new ones security updates which was released microsoft for September of 2019, they face 80 vulnerabilities, including two privilege escalation defects that can be exploited by hackers to carry out attacks.
The updates cover Microsoft Windows, Internet Explorer, Microsoft Edge, ChakraCore, Office and Microsoft Office Services and Web Applications, Skype for business and Microsoft Lync, Visual Studio, .NET Framework, Exchange Server, Microsoft Yammer and Team Foundation Server.
Of the vulnerabilities faced by these updates, 17 is classified as critical, 62 is listed as significant, and one is classified as moderate in severity.
The first zero day vulnerability, discovered as CVE-2019-1214, is at Windows Common Log File System (CLFS) and can be used by an experienced attacker to carry out attacks. The vulnerability affects all supported versions of Windows.
"You notice an increase in privilege escalation vulnerabilities when the Windows Common Log File System (CLFS) program does not handle objects in memory correctly. An attacker who successfully exploited this vulnerability could execute more rights-based processes, "Microsoft said in an update.
Microsoft addresses the issue of vulnerability by repairing how CLFS handles objects in memory.
The defect was reported by a Vulcan Qihoo 360 researcher.
The second zero day vulnerability, CVE-2019-1215, affects Winsock (ws2ifsl.sys) and could be exploited by an updated attacker to execute privilege escalation code.
"To exploit vulnerability, one intruder could run a specially designed application. "
Microsoft has addressed the vulnerability by ensuring that ws2ifsl.sys handles objects in memory correctly.
The company has also confirmed that this defect has already been exploited by malware from 2017.
Microsoft also examined two vulnerabilities that were made public before the fixes were made, CVE-2019-1235 and CVE-2019-1294.
The first is a privilege escalation issue in the Windows Text Service Framework, the second is a Windows Secure Boot Boot bypass issue.
How useful was this post?
Average rating / 5. Vote count: