Weekly Comments

8 - 15 October 2019

Microsoft Patch Tuesday for October has addressed 59 vulnerabilities.

Microsoft Patch Tuesday for October addresses 59 vulnerabilities with nine rated "Critical" and 50 "Important". Of the nine "Critical" flaws, seven are related to Microsoft browsers and scripting engines while the remaining two are for Azure App Service (CVE-2019-1372) and Remote Desktop Client (CVE-2019-1333). CVE-2019-1333 is a remote code execution vulnerability in Remote Desktop Services (RDS) that occurs when a user visits an attacker-controlled server.

An attacker who successfully lures a user to a malicious server can gain the ability to remotely execute code on the victim machine that is connected to the attacker's server. For the "Important" vulnerabilities, most of the flaws can lead to privilege elevation, remote code execution and information disclosure. Of note, two vulnerabilities (CVE-2019-1166 and CVE-2019-1338) in Microsoft's NTLM authentication protocol allow attackers to bypass the MIC (Message Integrity Code) protection and downgrade NTLM security features leading to full domain compromise. System administrators are advised to apply the latest security update to mitigate against attacks targeting Windows systems.

References:

October 2019 Security Updates

Microsoft Security Update Guide

Security Advisory: Active Directory Open to More NTLM Attacks

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence