Microsoft’s September Patch Tuesday offering contained 80 updates with 17 being rated critical including taking care of two zero days actively exploited in the wild.

Overall, 57 CVEs were issued for Windows 10 and 29 CVEs for the older Microsoft operating systems and Office and SharePoint also received some updates.

CVE-2019-1214 and CVE-2019-1215 are zero days, but despite initially being reported by Microsoft as under attack, are not being exploited in the wild. The former is a vulnerability in the Common Log File System (CLFS) driver and the fix addresses the vulnerability by correcting how CLFS handles objects in memory. The latter applies to the Winsock driver and the update addresses the vulnerability by ensuring that ws2ifsl.sys properly handles objects in memory. Microsoft noted that to exploit these vulnerabilities an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.