Friday, November 1, 2024
HomeMicrosoftMicrosoft Fixed 74 Bugs Including IE Zero-day That Allow Hackers to Execute...

Microsoft Fixed 74 Bugs Including IE Zero-day That Allow Hackers to Execute Arbitrary Code Remotely in Windows PC

Published on

Malware protection

Microsoft released a security update for November 2019 under patch Tuesday and fixed 74 security vulnerabilities that affected various Microsoft products.

Out of 74 vulnerabilities, 13 are marked as “Critical” severity, 61 vulnerabilities categorized as “Important” severity.

The November security release consists of security updates for the following software:

- Advertisement - SIEM as a Service
  • Microsoft Windows
  • Internet Explorer
  • Microsoft Edge (EdgeHTML-based)
  • ChakraCore
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Open Source Software
  • Microsoft Exchange Server
  • Visual Studio
  • Azure Stack

Internet Explorer Zero-day Under Active Attack

Microsoft fixed an IE Zero-day remote code execution vulnerability (CVE-2019-1429) that resides in the scripting engine handles objects in memory in Internet Explorer and the vulnerability actively exploiting in wide.

If the attackers successfully exploit the vulnerability, They could corrupt the memory and execute arbitrary code in the context of the current user.

If the users logged in the system as admin, an attacker who successfully exploited the vulnerability could take complete control of an affected system.

Once the attacker gains access, He/she could then install programs; view, change or delete data even create a new account with the complete user rights.

The IE zero-day vulnerability discovered and reported by Google Project Zero, and the vulnerability is still actively exploited in wide.

Microsoft Exchange and Edge RCE

Microsoft also fixed several critical remote code execution vulnerability (CVE-2019-1373) in Microsoft Exchange An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the logged-in user.

Another remote code execution vulnerability (CVE-2019-1426) has been fixed that exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Security Update – Critical Vulnerabilities list

Microsoft Exchange ServerCVE-2019-1373Microsoft Exchange Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2019-1419Win32k Graphics Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2019-1419OpenType Font Parsing Remote Code Execution VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1426Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1429Scripting Engine Memory Corruption VulnerabilityCritical
Microsoft Scripting EngineCVE-2019-1427Scripting Engine Memory Corruption VulnerabilityCritical
Servicing Stack UpdatesADV990001Latest Servicing Stack UpdatesCritical
Windows Hyper-VCVE-2019-1398Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-0719Hyper-V Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-1397Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-0721Hyper-V Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-1389Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows Media PlayerCVE-2019-1430Microsoft Windows Media Foundation Remote Code Execution VulnerabilityCritical

Since the zero-day under active attack, Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the November 2019 Patch here.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Microsoft Customers Facing 600 Million Cyber Attack Launched Every Day

Microsoft's customers are under constant cyber assault, facing millions of attacks daily from various...

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...