September 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days - Help Net Security

September 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days - Help Net Security

For the September 2019 Patch Tuesday, Microsoft delivered fixes for 80 CVE-numbered security issues (including to actively exploited zero-days), Adobe fixed flaws in Flash Player and Application Manager, and Intel offered solutions and mitigations for two security holes, one of which could allow a side-channel attack aimed at acquiring sensitive data (e.g., keystrokes in a SSH session).



Microsoft’s patches


Let’s start with the zero-days exploited in the wild.


CVE-2019-1214 is an elevation of privilege vulnerability in the ..