. home.aspx



Microsoft Fixes Two Zero-Days in September Patch Update

September 11, 2019 / Phil Muncaster U

Microsoft patched 79 unique CVEs in this month’s security update round, including two zero-days and three vulnerabilities in Windows which had been publicly disclosed. The two zero-day vulnerabilities are both elevation-of-privilege flaws: CVE-2019-1215 is in the Winsock component while CVE-2019-1214 exists in the Windows Log Common File System driver. Microsoft also fixed a quartet of critical bugs in its Remote Desktop Client: CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, and CVE-2019-1291. According to Qualys senior director Jimmy Graham, “to exploit these vulnerabilities an attacker would need to get a user to connect to a malicious or compromised RDP server.” Recorded Future intelligence analyst Allan Liska flagged CVE-2019-1257 for immediate attention. This remote code execution vulnerability affects SharePoint Server 2019, SharePoint Enterprise Server 2016 and SharePoint Foundation 2010 and 2013.