Microsoft’s September Patch Tuesday offering contained 80 updates with 17 being rated critical including taking care of two zero days actively exploited in the wild.
Overall, 57 CVEs were issued for Windows 10 and 29 CVEs for the older Microsoft operating systems and Office and SharePoint also received some updates.
CVE-2019-1214 and CVE-2019-1215 are zero days, but despite initially being reported by Microsoft as under attack, are not being exploited in the wild. The former is a vulnerability in the Common Log File System (CLFS) driver and the fix addresses the vulnerability by correcting how CLFS handles objects in memory. The latter applies to the Winsock driver and the update addresses the vulnerability by ensuring that ws2ifsl.sys properly handles objects in memory. Microsoft noted that to exploit these vulnerabilities an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.