Tuesday, May 13, 2025
HomeComputer SecurityMicrosoft Security Update Fixed 59 Vulnerabilities Including Multiple Critical Severity Bugs -...

Microsoft Security Update Fixed 59 Vulnerabilities Including Multiple Critical Severity Bugs – Update Now!!

Published on

SIEM as a Service

Follow Us on Google News

Microsoft released a security update under patch Tuesday for October and fixed 59 vulnerabilities that affected various Microsoft products.

Out of 59 vulnerabilities, 9 marked as “Critical” severity mainly affected the MS office and rest of the vulnerabilities categorized under “Important” and “Moderate” severity.

In the “important” severity category, Microsoft patched 20 vulnerabilities that allow attackers to perform elevation of privileges on vulnerable Microsoft products.

- Advertisement - Google News

This October security update covers nine Microsoft products of the following:

  • Microsoft Windows
  • Internet Explorer
  • Microsoft Edge (EdgeHTML-based)
  • ChakraCore
  • Microsoft Office and Microsoft Office Services and Web Apps
  • SQL Server Management Studio
  • Open Source Software
  • Microsoft Dynamics 365
  • Windows Update Assistant

Remote Code Execution – Remote Desktop Client

In “critical” severity categories, Microsoft fixed a Remote Desktop Client Remote Code Execution Vulnerability (CVE-2019-1333) that affected hundreds of millions of Windows computers the same as Bluekeep vulnerability that we have reported in July. unlike infamous Bluekeep, it requires user interaction to exploit the bug.

An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client.

Remote Code Execution – Chakra Scripting Engine

4 critical memory corruption remote code execution vulnerabilities ( CVE-2019-1307, CVE-2019-1308, CVE-2019-1335, and CVE-2019-1366) are patched in the Chakra Scripting Engine, a JavaScript engine developed by Microsoft for its Microsoft Edge web browser.

The vulnerability corrupts the memory in the script engine in such a way that an attacker could execute arbitrary code in the context of the current user.

If the user logged the system as an administrator, The attacker who successfully exploited the vulnerability could take control of an affected system.

Remote Code Execution – Microsoft Excel

In this Microsoft Patch Tuesday update, Another 2 ( CVE-2019-1327CVE-2019-1331) Critical remote code execution vulnerabilities are fixed that affected Microsoft Excel, which allows an attacker to execute the arbitrary code in the context of the current user to perform a denial of service.

The vulnerability existing the Microsoft Excel software due to improperly handle objects in memory and the successful exploit allows an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.

It could be achieved by attackers through trick user open a specially crafted file with an affected version of Microsoft Excel.

Remote Code Execution – Azure App Service

Another remote code execution vulnerability(CVE-2019-1372) affected Microsoft Azure App service, let an attacker exploit the vulnerability, and execute code in the context of NT AUTHORITY\system, thereby escaping the Sandbox an unprivileged function.

The RCE vulnerability affected the Azure App service because Azure Stack fails to check the length of a buffer prior to copying memory to it.

No Zero-day

Unlike previous Patch Tuesday update that released in September and August, There is no zero-day vulnerability fixed, and no active exploit have seen in the wide in this October Tuesday update.

Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the August 2019 Patch here.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Metasploit Update Adds Erlang/OTP SSH Exploit and OPNSense Scanner

The open-source penetration testing toolkit Metasploit has unveiled a major update, introducing four new...

Hackers Exploit Legacy Protocols in Microsoft Entra ID to Bypass MFA and Conditional Access

A sophisticated and highly coordinated cyberattack campaign came to light, as tracked by Guardz...

Microsoft Teams to Safeguard Meetings by Blocking Screen Snaps

Microsoft has announced the upcoming release of a groundbreaking "Prevent Screen Capture" feature for...