Microsoft Patch Tuesday for October addresses 59 vulnerabilities with nine rated "Critical" and 50 "Important". Of the nine "Critical" flaws, seven are related to Microsoft browsers and scripting engines while the remaining two are for Azure App Service (CVE-2019-1372) and Remote Desktop Client (CVE-2019-1333). CVE-2019-1333 is a remote code execution vulnerability in Remote Desktop Services (RDS) that occurs when a user visits an attacker-controlled server.
An attacker who successfully lures a user to a malicious server can gain the ability to remotely execute code on the victim machine that is connected to the attacker's server. For the "Important" vulnerabilities, most of the flaws can lead to privilege elevation, remote code execution and information disclosure. Of note, two vulnerabilities (CVE-2019-1166 and CVE-2019-1338) in Microsoft's NTLM authentication protocol allow attackers to bypass the MIC (Message Integrity Code) protection and downgrade NTLM security features leading to full domain compromise. System administrators are advised to apply the latest security update to mitigate against attacks targeting Windows systems.
References:Security Advisory: Active Directory Open to More NTLM Attacks
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services