CYBER NEWS

Microsoft Patches CVE-2019-1214, CVE-2019-1215 Zero-Day Flaws


Two zero-day vulnerabilities were fixed in Microsoft’s September 2019 Patch Tuesday – CVE-2019-1214 and CVE-2019-1215. In total, 80 vulnerabilities were fixes of which 17 were listed as critical, and the rest – important.




More about CVE-2019-1214 and CVE-2019-1215

Apparently, both of the flaws have been exploited in actual attacks. Both are elevation of privilege vulnerabilities which could lead to the execution of malicious code on vulnerable systems.

CVE-2019-1214 is described as an elevation of privilege vulnerability that is triggered when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. The issue is also known as ‘Windows Common Log File System Driver Elevation of Privilege Vulnerability’.

CVE-2019-1214 was discovered by security researchers from Qihoo 360 Vulcan Team.

CVE-2019-1215 is also an elevation of privilege vulnerability which exists in the way that ws2ifsl.sys (Winsock) handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated privileges, Microsoft says. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application.

Related: Researchers Disclose Unpatched Android Zero-Day

More about the Critical Vulnerabilities Fixed in September 2019 Patch Tuesday

The vulnerabilities fixed in September 2019 Patch Tuesday were located in a number of products, such as Microsoft’s Edge web browser, Internet Explorer, ChakraCore, Skype for Business, Microsoft Lync, the .NET Framework, Visual Studio, Exchange Server, Team Foundation Server, Microsoft Yammer, and Microsoft Office Services and Web Apps.

Four of the critical vulnerabilities were located in Microsoft Remote Desktop Client. Known as CVE-2019-1290, CVE-2019-1291, CVE-2019-0787, and CVE-2019-0788, the vulnerabilities were discovered by Microsoft’s internal team.

Another critical flaw was found in the way that the Windows operating system handles link (.lnk) files. Threat actors can utilize such files to launch malware attacks against vulnerable systems when a user accesses a shared folder or opens a removable drive which contains a booby-trapped .lnk file.

It should also be noted that nine of the critical flaws can be exploited in drive-by browser attacks. Windows users should update their systems as soon as possible to avoid any compromises.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...