Microsoft’s October 2019 Patch Tuesday Fixes 59 Vulnerabilities

Patch Tuesday

Today is Microsoft’s October 2019 Patch Tuesday, which means your Windows admins are not having a good day. So be particularly nice to them!

With the release of the October 2019 security updates, Microsoft has released 1 advisory (Windows 10 Servicing Stack Update) and updates for 59 vulnerabilities. Of these vulnerabilities, 8 are classified as Critical. 

All users should install these security updates as soon as possible in order to protect Windows from known security risks.

We will add links to our coverage of the non-security Windows updates when they become available.

Two NTLM Authentication vulnerabilities fixed

Two NTLM authentication vulnerabilities discovered by security firm Preempt were fixed today that bypass protections put in place by Microsoft to prevent NTLM relay attacks.

These vulnerabilities were assigned CVE IDs CVE 2019-1166 and CVE-2019-1338 and allow attackers to bypass the MIC (Message Integrity Code) protection on NTLM authentication. CVE-2019-1338 also enables attackers to bypass other NTLM relay mitigations such as “Enhanced Protection for Authentication (EPA) and target SPN validation for certain old NTLM clients that are sending LMv2 challenge responses”.

Preempt states that these vulnerabilities are serious as they could allow an attacker to compromise an entire domain through NTML relay attacks.

“The impact of these vulnerabilities is far-reaching and, in some cases, cause full domain compromise of a network. For example – by performing NTLM relay to a sensitive server which does not enforce SMB signing, or by performing NTLM relay to LDAP on a Domain Controller in order to modify sensitive AD objects (LDAP signing will be enforced by default only from January 2020). All Active Directory (AD) customers with default configurations are vulnerable to this Message Integrity Code bypass that allows for an NTLM relay attack.”

Other interesting vulnerabilities

Other interesting vulnerabilities found in the October 2019 Patch Tuesday are two remote code execution bugs in the VBScript engine and one in the Remote Desktop client.

The VBScript vulnerabilities (CVE-2019-1238 and CVE-2019-1239) could be used in Malicious Office documents sent as an attachment or via specially crafted web sites that trigger the vulnerability in Internet Explorer

The Remote Desktop client RCE is assigned ID CVE-2019-1333 and allows a malicious server to execute commands on a client when they connect via RDP.

The October 2019 Patch Tuesday Security Updates

Below is the full list of vulnerabilities resolved, and advisories in the October 2019 Patch Tuesday updates.  To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Tag CVE ID CVE Title Severity
Azure CVE-2019-1372 Azure App Service Remote Code Execution Vulnerability Critical
Internet Explorer CVE-2019-1371 Internet Explorer Memory Corruption Vulnerability Important
Microsoft Browsers CVE-2019-0608 Microsoft Browser Spoofing Vulnerability Important
Microsoft Browsers CVE-2019-1357 Microsoft Browser Spoofing Vulnerability Important
Microsoft Devices CVE-2019-1314 Windows 10 Mobile Security Feature Bypass Vulnerability Important
Microsoft Dynamics CVE-2019-1375 Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability Important
Microsoft Edge CVE-2019-1356 Microsoft Edge based on Edge HTML Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1361 Microsoft Graphics Components Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1362 Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2019-1364 Win32k Elevation of Privilege Vulnerability Important
Microsoft Graphics Component CVE-2019-1363 Windows GDI Information Disclosure Vulnerability Important
Microsoft JET Database Engine CVE-2019-1358 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-1359 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-1331 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-1327 Microsoft Excel Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2019-1330 Microsoft SharePoint Elevation of Privilege Vulnerability Important
Microsoft Office SharePoint CVE-2019-1329 Microsoft SharePoint Elevation of Privilege Vulnerability Important
Microsoft Office SharePoint CVE-2019-1328 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2019-1070 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Scripting Engine CVE-2019-1366 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1060 MS XML Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1307 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1308 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1335 Chakra Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-1239 VBScript Remote Code Execution Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1238 VBScript Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2019-1325 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability Moderate
Microsoft Windows CVE-2019-1340 Microsoft Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1338 Windows NTLM Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-1339 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1316 Microsoft Windows Setup Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1342 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1311 Windows Imaging API Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2019-1344 Windows Code Integrity Module Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-1347 Windows Denial of Service Vulnerability Important
Microsoft Windows CVE-2019-1315 Windows Error Reporting Manager Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1346 Windows Denial of Service Vulnerability Important
Microsoft Windows CVE-2019-1317 Microsoft Windows Denial of Service Vulnerability Important
Microsoft Windows CVE-2019-1321 Microsoft Windows CloudStore Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1322 Microsoft Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1341 Windows Power Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1319 Windows Error Reporting Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1318 Microsoft Windows Transport Layer Security Spoofing Vulnerability Important
Microsoft Windows CVE-2019-1320 Microsoft Windows Elevation of Privilege Vulnerability Important
Open Source Software CVE-2019-1369 Open Enclave SDK Information Disclosure Vulnerability Important
Secure Boot CVE-2019-1368 Windows Secure Boot Security Feature Bypass Vulnerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
SQL Server CVE-2019-1376 SQL Server Management Studio Information Disclosure Vulnerability Important
SQL Server CVE-2019-1313 SQL Server Management Studio Information Disclosure Vulnerability Important
Windows Hyper-V CVE-2019-1230 Hyper-V Information Disclosure Vulnerability Important
Windows IIS CVE-2019-1365 Microsoft IIS Server Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2019-1343 Windows Denial of Service Vulnerability Important
Windows Kernel CVE-2019-1334 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1345 Windows Kernel Information Disclosure Vulnerability Important
Windows NTLM CVE-2019-1166 Windows NTLM Tampering Vulnerability Important
Windows RDP CVE-2019-1326 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important
Windows RDP CVE-2019-1333 Remote Desktop Client Remote Code Execution Vulnerability Critical
Windows Update Stack CVE-2019-1323 Microsoft Windows Update Client Elevation of Privilege Vulnerability Important
Windows Update Stack CVE-2019-1337 Windows Update Client Information Disclosure Vulnerability Important
Windows Update Stack CVE-2019-1336 Microsoft Windows Update Client Elevation of Privilege Vulnerability Important

Update 9/14/19: Updated the article to remove information about two vulnerabilities that Microsoft erroneously reported as being exploited. Also added information from James Lee about a VBScript exploit that he discovered.