Rewterz Threat Advisory – CVE-2019-3648 – McAfee Patches Privilege Escalation Flaw in Antivirus Software
November 13, 2019Rewterz Threat Alert – RevengeRAT Being Distributed via Malspam Campaigns
November 13, 2019Rewterz Threat Advisory – CVE-2019-3648 – McAfee Patches Privilege Escalation Flaw in Antivirus Software
November 13, 2019Rewterz Threat Alert – RevengeRAT Being Distributed via Malspam Campaigns
November 13, 2019Severity
High
Analysis Summary
Microsoft has released November updates to fix 75 security flaws in multiple products.
CVE-2019-1429 – Scripting Engine Memory Corruption Vulnerability could allow an attacker to conduct a web-based attack via specially crafted web pages that exploits the vulnerability. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
Microsoft also fixed a publicly disclosed vulnerability in Microsoft Office for Mac titled “CVE-2019-1457 | Microsoft Office Excel Security Feature Bypass” that allows attackers to bypass security restrictions. If the Microsoft Excel for Mac option “Disable all macros without notification” is enabled, XLM macros in SYLK files are executed without prompting the user. “If Office for the Mac has been configured to use the “Disable all macros without notification” feature, XLM macros in SYLK files are executed without prompting the user. This behavior is consistent even with fully-patched Office 2016 and Office 2019 for Mac systems, says Will Dormann of the CERT/CC.
Below are other vulnerabilities that are fixed in this November update:
CVE-2019-1234 | Azure Stack Spoofing Vulnerability |
ADV190024 | Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM) |
CVE-2019-1456 | OpenType Font Parsing Remote Code Execution Vulnerability |
CVE-2019-1413 | Microsoft Edge Security Feature Bypass Vulnerability |
CVE-2019-1373 | Microsoft Exchange Remote Code Execution Vulnerability |
CVE-2019-1441 | Win32k Graphics Remote Code Execution Vulnerability |
CVE-2019-1408 | Win32k Elevation of Privilege Vulnerability |
CVE-2019-1439 | Windows GDI Information Disclosure Vulnerability |
CVE-2019-1438 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2019-1407 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2019-1394 | Win32k Elevation of Privilege Vulnerability |
CVE-2019-1393 | Win32k Elevation of Privilege Vulnerability |
CVE-2019-1396 | Win32k Elevation of Privilege Vulnerability |
CVE-2019-1395 | Win32k Elevation of Privilege Vulnerability |
CVE-2019-1437 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2019-1432 | DirectWrite Information Disclosure Vulnerability |
CVE-2019-1411 | DirectWrite Information Disclosure Vulnerability |
CVE-2019-1440 | Win32k Information Disclosure Vulnerability |
CVE-2019-1419 | OpenType Font Parsing Remote Code Execution Vulnerability |
CVE-2019-1433 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2019-1436 | Win32k Information Disclosure Vulnerability |
CVE-2019-1412 | OpenType Font Driver Information Disclosure Vulnerability |
CVE-2019-1434 | Win32k Elevation of Privilege Vulnerability |
CVE-2019-1435 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2019-1406 | Jet Database Engine Remote Code Execution Vulnerability |
CVE-2019-1445 | Microsoft Office Online Spoofing Vulnerability |
CVE-2019-1449 | Microsoft Office ClickToRun Security Feature Bypass Vulnerability |
CVE-2019-1446 | Microsoft Excel Information Disclosure Vulnerability |
CVE-2019-1447 | Microsoft Office Online Spoofing Vulnerability |
CVE-2019-1402 | Microsoft Office Information Disclosure Vulnerability |
CVE-2019-1448 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2019-1457 | Microsoft Office Excel Security Feature Bypass |
CVE-2019-1443 | Microsoft SharePoint Information Disclosure Vulnerability |
CVE-2019-1442 | Microsoft Office Security Feature Bypass Vulnerability |
CVE-2019-1409 | Windows Remote Procedure Call Information Disclosure Vulnerability |
CVE-2019-1426 | Scripting Engine Memory Corruption Vulnerability |
CVE-2019-1429 | Scripting Engine Memory Corruption Vulnerability |
CVE-2019-1427 | Scripting Engine Memory Corruption Vulnerability |
CVE-2019-1428 | Scripting Engine Memory Corruption Vulnerability |
CVE-2019-1390 | VBScript Remote Code Execution Vulnerability |
CVE-2019-1383 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
CVE-2019-1418 | Windows Modules Installer Service Information Disclosure Vulnerability |
CVE-2018-12207 | Windows Denial of Service Vulnerability |
CVE-2019-1420 | Windows Elevation of Privilege Vulnerability |
CVE-2019-1417 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
CVE-2019-1415 | Windows Installer Elevation of Privilege Vulnerability |
CVE-2019-1374 | Windows Error Reporting Information Disclosure Vulnerability |
CVE-2019-1422 | Windows Elevation of Privilege Vulnerability |
CVE-2019-1423 | Windows Elevation of Privilege Vulnerability |
CVE-2019-1424 | NetLogon Security Feature Bypass Vulnerability |
CVE-2019-1382 | Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability |
CVE-2019-1385 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability |
CVE-2019-1380 | Microsoft splwow64 Elevation of Privilege Vulnerability |
CVE-2019-1388 | Windows Certificate Dialog Elevation of Privilege Vulnerability |
CVE-2019-1391 | Windows Denial of Service Vulnerability |
CVE-2019-1384 | Microsoft Windows Security Feature Bypass Vulnerability |
CVE-2019-1405 | Windows UPnP Service Elevation of Privilege Vulnerability |
CVE-2019-1381 | Microsoft Windows Information Disclosure Vulnerability |
CVE-2019-1379 | Windows Data Sharing Service Elevation of Privilege Vulnerability |
CVE-2019-1324 | Windows TCP/IP Information Disclosure Vulnerability |
CVE-2019-1370 | Open Enclave SDK Information Disclosure Vulnerability |
ADV990001 | Latest Servicing Stack Updates |
CVE-2019-1425 | Visual Studio Elevation of Privilege Vulnerability |
CVE-2019-1398 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2019-1310 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2019-0719 | Hyper-V Remote Code Execution Vulnerability |
CVE-2019-1399 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2019-1397 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2019-0712 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2019-0721 | Hyper-V Remote Code Execution Vulnerability |
CVE-2019-1389 | Windows Hyper-V Remote Code Execution Vulnerability |
CVE-2019-1309 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2019-1392 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2019-11135 | Windows Kernel Information Disclosure Vulnerability |
CVE-2019-1430 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
CVE-2019-1416 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
Impact
- Memory Corruption
- Remote Code Execution
- System Takeover
- Security Bypass
- Privilege Escalation
- Information Disclosure
- Denial of Service
- Impersonation
Affected Vendors
Microsoft
Affected Products
- Microsoft Edge
- Microsoft Exchange Server
- Microsoft Graphics Component
- Microsoft JET Database Engine
- Microsoft Office
- Microsoft Office SharePoint
- Microsoft RPC
- Microsoft Windows
- Visual Studio
- Windows Hyper-V
- Windows Kernel
- Windows Media Player
- Windows Subsystem for Linux
Remediation
Install updates as soon as possible.
https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/Nov-2019.html