For the September 2019 Patch Tuesday, Microsoft delivered fixes for 80 CVE-numbered security issues (including to actively exploited zero-days), Adobe fixed flaws in Flash Player and Application Manager, and Intel offered solutions and mitigations for two security holes, one of which could allow a side-channel attack aimed at acquiring sensitive data (e.g., keystrokes in a SSH session).
Microsoft’s patches
Let’s start with the zero-days exploited in the wild.
CVE-2019-1214 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) Driver. CVE-2019-1215 is an elevation of privilege vulnerability in the Winsock IFS Driver (ws2ifsl.sys).
“Both flaws exist due to improper handling of objects in memory by the ..
Support the originator by clicking the read the rest link below.
