Two zero-day vulnerabilities were fixed in Microsoft’s September 2019 Patch Tuesday – CVE-2019-1214 and CVE-2019-1215. In total, 80 vulnerabilities were fixes of which 17 were listed as critical, and the rest – important.
More about CVE-2019-1214 and CVE-2019-1215
Apparently, both of the flaws have been exploited in actual attacks. Both are elevation of privilege vulnerabilities which could lead to the execution of malicious code on vulnerable systems.
CVE-2019-1214 is described as an elevation of privilege vulnerability that is triggered when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. The issue is also known as ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’.
CVE-2019-1214 was discovered by security researchers from Qihoo 360 Vulcan Team.
CVE-2019-1215 is also an elevation of privilege vulnerability which exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges, Microsoft says. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.
More about the Critical Vulnerabilities Fixed in September 2019 Patch Tuesday
The vulnerabilities fixed in September 2019 Patch Tuesday were located in a number of products, such as Microsoft’s Edge web browser, Internet Explorer, ChakraCore, Skype for Business, Microsoft Lync, the .NET Framework, Visual Studio, Exchange Server, Team Foundation Server, Microsoft Yammer, and Microsoft Office Services and Web Apps.
Four of the critical vulnerabilities were located in Microsoft Remote Desktop Client. Known as CVE-2019-1290, CVE-2019-1291, CVE-2019-0787, and CVE-2019-0788, the vulnerabilities were discovered by Microsoft’s internal team.
Another critical flaw was found in the way that the Windows operating system handles link (.lnk) files. Threat actors can utilize such files to launch malware attacks against vulnerable systems when a user accesses a shared folder or opens a removable drive which contains a booby-trapped .lnk file.
It should also be noted that nine of the critical flaws can be exploited in drive-by browser attacks. Windows users should update their systems as soon as possible to avoid any compromises.