Microsoft Fixes Two Zero-Days in September Patch Update

Sep 11, 2019 10:00 am Cyber Security 213

Microsoft Fixes Two Zero-Days in September Patch Update

Microsoft patched 79 unique CVEs in this month’s security update round, including two zero-days and three vulnerabilities in Windows which had been publicly disclosed.



The two zero-day vulnerabilities are both elevation-of-privilege flaws: CVE-2019-1215 is in the Winsock component while CVE-2019-1214 exists in the Windows Log Common File System driver.



Microsoft also fixed a quartet of critical bugs in its Remote Desktop Client: CVE-2019-0787CVE-2019-0788CVE-2019-1290, and CVE-2019-1291. According to Qualys senior director Jimmy Graham, “to exploit these vulnerabilities an attacker would need to get a user to connect to a malicious or compromised RDP server.”



Recorded Future intelligence analyst Allan Liska flagged CVE-2019-1257 for immediate attention. This remote code execution vulnerability affects SharePoint Server 2019, SharePoint Enterprise Server 2016 and SharePoint Foundation 2010 and 2013.



He warned that attackers are often quick to exploit SharePoint bugs.



“SharePoint is a common target for attackers not only because of the sensitivity of the information often contained on SharePoint servers, but because they tend to provide full access to victim networks,” Liska added. “The vulnerability stems ..

Support the originator by clicking the read the rest link below.

microsoft fixes september patch update
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!