This Tuesday, Microsoft has released its monthly scheduled updates addressing various security bugs. The October Patch Tuesday, however, relatively differs from Microsoft updates released in previous months, in that it doesn’t contain fixes for any zero-days.
Critical Vulnerabilities Patched This Month
Some of the noteworthy security flaws that received fixes with October updates are 9 critical vulnerabilities. These include 2 vulnerabilities CVE-2019-1238 and CVE-2019-1239 in VBScript allowing remote code execution in the context of the current user, and 4 memory corruption flaws in Chakra Scripting Engine (CVE-2019-1307, CVE-2019-1308, CVE-2019-1335, CVE-2019-1366) leading to remote code execution.
A single RCE vulnerability existed each in Microsoft XML Core Services (CVE-2019-1060) and Remote Desktop Client (CVE-2019-1333).
Moreover, a critical elevation of privilege flaw existed in Azure App Services (CVE-2019-1372), which, upon an exploit, could allow remote code execution.
Other Microsoft October Patch Tuesday Updates
Apart from the critical flaws, Microsoft has released fixes for 49 important severity vulnerabilities affecting various programs. Predominantly, the software receiving fixes with this update bundle include Microsoft Windows, Microsoft Edge, Internet Explorer, Microsoft Dynamics 365, Microsoft Office and Microsoft Office Services and Web Apps, ChakraCore, SQL Server Management Studio, Windows Update Assistant and Open Source Software.
Among the important vulnerabilities, a notable flaw existed in the Microsoft IIS Server (CVE-2019-1365). Upon an exploit, that could allow elevation of privileges to an attacker, eventually leading to remote code execution.
Microsoft has also patched a single low severity vulnerability CVE-2019-1325 affecting the Windows redirected drive buffering system (rdbss.sys). When triggered, the bug could result in elevation of privilege in Windows 7. Whereas, for other Windows versions, it could lead to denial of service.
The October Patch Tuesday update bundle from Microsoft appears relatively lighter. It does not address any zero-days and brings fixes for only 59 vulnerabilities. Whereas, in September, Microsoft addressed 88 different security vulnerabilities including two zero-days under active exploit.
Interestingly, this month, no Patch Tuesday update has arrived from Adobe.
Take your time to comment on this article.