1 Remote Desktop Flaws2 Non-Microsoft Patches
According to the company, 17 of those fixes solve critical issues. Indeed, two of the vulnerabilities dealt with this Patch Tuesday are zero-day bugs. These are essentially flaws that are already exploited in the wild. First up out of those zero-day vulnerabilities is CVE-2019-1214. This is an escalation of privilege (EoP) bug located in the Windows Common Log File System (CLFS) driver. CVE-2019-1215 is also an EoP exploit that has been troubling ws2ifsl.sys (Winsock) service. Microsoft has not explained how the two bugs were exploited. However, the company credited a security researcher from Qihoo 360 Vulcan Team for disclosing the bug.
Remote Desktop Flaws
In recent months, we have become used to vulnerabilities in the Remote Desktop protocol. Microsoft has been patching issues for some time. For September Patch Tuesday, the company has shored up two vulnerabilities, CVE-2019-1290 and CVE-2019-1291. Both of these issues were found by internal engineers. As Microsoft has not issued a warning, we guess these flaws are not wormable or remotely executed, like the worrying BlueKeep vulnerability. Speaking of BlueKeep, yesterday a working exploit for the flaw was released as open source.
Non-Microsoft Patches
Of course, vendors who use Microsoft platforms have embraced the Patch Tuesday idea. For example, Adobe and SAP have both released patches for their services this week. As for Microsoft’s patches, you can find all details and fixes on Microsoft’s official Security Update Guide portal.