November Patch Tuesday: Microsoft Patches 74 Flaws Including Actively Exploited RCE

By Richard Anderson

November Patch Tuesday has seen Microsoft patch 74 vulnerabilities across all its products, including 13 critical flaws and one remote code execution vulnerability that is being actively exploited in the wild.

The actively exploited flaw – CVE-2019-1429 – is in Internet Explorer and is a Scripting Engine Memory Corruption vulnerability that was identified by Google’s Project Zero team. The flaw can be exploited by convincing a user on a vulnerable device to visit a specially crafted webpage. A user could be directed to a malicious site via an embedded ActiveX control that has been marked safe for initialization in an Office document. If executed, the user could be directed to a malicious website where the flaw is exploited.

The exploit for the flaw corrupts the memory in a way that allows an attacker to execute arbitrary code in the context of the current user. A full device takeover is possible if the logged in user had administrative privileges.

Also of note is CVE-2019-1457. This is a flaw in Microsoft Office that allows Excel security features to be bypassed. This flaw affects Microsoft Office for Mac and concerns improper enforcement of macro settings in Excel spreadsheets. The flaw could be exploited using a specially crafted Excel document that uses the SYLK file format.

If a Microsoft Office for Mac user opens such a file, the attacker would be able to execute arbitrary code on a vulnerable device, even if the “disable all macros without notification” function is turned on. The problem with SYLK files is Microsoft does not open them in Protected View, so an XLM macro incorporated into the SYLK file would run automatically, regardless of the settings applied in Microsoft Office. The vulnerability was discovered and publicly disclosed by Outflank.

A vulnerability has also been identified in the Trusted Platform Module, which is the subject of an advisory – ADV190024. This is not a vulnerability in Windows, rather a third-party chipset. Windows does not use the vulnerable algorithm, but it may be used by other software and services.

Other critical vulnerabilities patched in this month’s updates are listed below:

  • CVE-2019-1373: Microsoft Exchange Server
    • Microsoft Exchange Remote Code Execution Vulnerability
  • CVE-2019-1441: Microsoft Graphics Component
    • Win32k Graphics Remote Code Execution Vulnerability
  • CVE-2019-1419: Microsoft Graphics Component
    • OpenType Font Parsing Remote Code Execution Vulnerability
  • CVE-2019-1426: Microsoft Scripting Engine
    • Scripting Engine Memory Corruption Vulnerability
  • CVE-2019-1427: Microsoft Scripting Engine
    • Scripting Engine Memory Corruption Vulnerability
  • CVE-2019-1398: Windows Hyper-V
    • Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-1397: Windows Hyper-V
    • Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-0719: Windows Hyper-V
    • Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-1389: Windows Hyper-V
    • Windows Hyper-V Remote Code Execution Vulnerability
  • CVE-2019-1430: Windows Media Player
    • Microsoft Windows Media Foundation Remote Code Execution Vulnerability
  • ADV990001: Latest Serving Stack Updates
Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news