November 13, 2019
November 2019 Threat Intelligence (CRITICAL ALERT)
This month, Microsoft have patched 74 vulnerabilities; with 9 ranked critical. But this month’s Patch Tuesday arrives with a patch for a vulnerability in the Internet Explorer engine that hackers have previously exploited in the wild
All users are advised to to install these security updates as soon as possible to ensure you’re protected from Windows from these security risks.
Full information on this months patches can be found here:
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/164aa83e-499c-e911-a994-000d3a33c573
Internet Explorer’s scripting engine
Known as CVE-2019-1429, Microsoft claims the IE bug can allow remote code execution due to “the way that the scripting engine handles objects in memory in Internet Explorer.”
As this bug is found in the scripting engine, it affects more than just the IE browser. It is also used inside Office Suite apps to display web content inside embeddable iframes, meaning attackers can craft malicious Office documents and exploit malicious code on a user’s system if the user allows the display of rich content.
The three individuals who reported the bug have not yet released any details about the attacks and where this zero-day was discovered.
Most Windows zero-days are usually discovered by government-based hacking groups, but they slowly make their way to financial crime-focused groups, then mundane spam operations, and later, automated exploit kits.
Other interesting vulnerabilities
Although the IE zero-day is the most important bug to patch, there are more security updates in this month’s Patch Tuesday with fixes for 74 bugs across 9 Microsoft platforms.
- There is a notable patch for Excel for Mac. There was an issue reported earlier this month that Excel ignored the “Disable all macros” setting and still executed XLM-based macros scripts when users opened an Excel spreadsheet, opening users to a dangerous attack vector.
- Microsoft issued a particular for dealing with a strange vulnerability that appears in certain Trusted Platform Module (TPM) chipsets. Known as CVE-2019-16863.
Two advisories released
- ADV190024 – Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)
- ADV990001 – Latest Servicing Stack Updates
Patching is important…
Security vulnerabilities are the ‘low hanging fruit’ for hackers. Patching is essential to keep your information safe. It is also good practice to back up your system or at least your data before you apply any updates.
Customers are advised to follow these security tips:
- Install vendor patches immediately when available.
- Run all software with least privileges while still maintaining functionality.
- Do not handle files from questionable sources.
- Avoid visiting sites with unknown integrity.
- Block external access at the network perimeter to all key systems unless access is necessary.
Related articles:
- Real life cyber crime video – Phishing affects healthcare provider
- [THREAT INTEL] NSA issues rare warning to patch against BlueKeep vulnerability
- Know your enemy: What motivates a cyber criminal?
- A buyers guide to patch management software
- Types of penetration test – what’s the difference?
- Pros and cons of outsourcing your cyber security: In-house or Managed SOC?
About Comtact Ltd.
Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).
Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.