Welcome back to this month’s Patch Tuesday. Microsoft has patched 76 vulnerabilities this month, including four that had details disclosed prior to patching. One “zero-day” vulnerability in Internet Explorer that was actively being exploited was also patched. The bulk of the patched vulnerabilities this month focus on web browsers.
Internet Explorer and Edge
Microsoft’s browsers received a host of fixes this month. One particularly notable vulnerability was the “zero-day” vulnerability in Internet Explorer that was actively being exploited. Google is credited for discovering that attackers were using the exploit to check for the existence of certain files on victims’ hard drives. This leak of information could further be used to compromise affected systems.
Windows DHCP Server
One of the vulnerabilities patched this month was for the Windows DHCP Server. The vulnerability would allow a remote attacker to execute code with elevated privileges against the vulnerable system. All an attacker would have to do to exploit this vulnerability is to send a maliciously crafted packet to the Windows DHCP Server over the network. Microsoft rates this vulnerability as Critical.
Office
While Office was host to its usual round of fixes, none of its vulnerabilities were rated as Critical this month. However, attackers would be able to bypass security features, gain access to sensitive information, and execute code remotely by convincing users to open maliciously crafted files. As usual, the remote code execution would have privileges equal to the security context of the vulnerable application, encouraging users to exercise the principal of least privilege.
Adobe Flash Player
Adobe released a patch for Flash Player that, in typical fashion, Microsoft also distributes to all Windows users. Microsoft and Adobe disagree on the severity of a vulnerability this month, with Microsoft rating the vulnerability as Critical, while Adobe rates it as Important. The vulnerability would allow cyber attackers to read memory that is out of bounds.
Exchange
Exchange was targeted by a previously disclosed vulnerability with proof of concept code released to the public. The flaw, CVE-2019-0686, could allow the attacker on the network of the Exchange server to access the inbox of other users. Microsoft claims that exploitation has not yet happened in the wild, but that it is likely that exploits will happen very soon. Microsoft rates this vulnerability as Critical.
Research Team, BeyondTrust
Identity security threats are escalating at an alarming rate. Driven by the rapid evolution of technology, the increasing sophistication of malicious actors, and an ever-expanding attack surface, it is more important than ever that organizations adopt robust identity security measures that are capable of keeping pace ever-evolving attacks.
The BeyondTrust research and detection engineering teams believe the best way to fully understand cybersecurity threats is to work closely with our customers and partners, conducting real world research into the attacks that matter most to them. By dissecting emerging attack methods and exploitation techniques of threat actors as well as conducting novel research the teams mission is to help organizations defend against identity threats.