Today is the second Tuesday of the month, and Microsoft is right on schedule with 59 security fixes, nine of which are considered Critical in severity.
None of the vulnerablities were previously known or exploited, and 49 are ranked Important and one as Moderate.
The latest release affects Windows, Internet Explorer, Edge, ChakraCore, Microsoft Office and Office Services and Web Apps, Microsoft Dynamics 365, SQL Server Management Studio, Windows Update Assistant, and Open Source Software. It's a smaller-volume roundup compared with many Patch Tuesdays of late: September's fixed 80 bugs and August's patched 93, including a wormable remote code execution (RCE) flaw. In July, Microsoft addressed 77 vulnerabilities.
October continued the trend of patching remote desktop vulnerabilities, which have been common the past four months. CVE-2019-1333 is an RCE flaw that exists in the Remote Desktop Client when a user connects with a malicious server. An attacker who successfully exploited the bug could view, change, or delete data; install programs; or create new accounts with user rights.
To exploit CVE-2019-1333, an attacker would need to control a server and convince a target to connect using a social engineering scam, DNS poisoning, or a man-in-the-middle attack. They could also compromise a legitimate server, host malicious code on it, and wait for someone to connect to it. Today's patch corrects how Remote Desktop Client h ..
Support the originator by clicking the read the rest link below.
