Free Privileged Account Discovery Tool: Identify & secure credentials to stop lateral movement. Download Free

BeyondTrust
  • Products
    Privileged Password Management
    Discover, manage, audit, and monitor privileged accounts
    Password Safe DevOps Secrets Safe
    Endpoint Privilege Management
    Manage privileges on Windows, Mac, Linux, and Unix endpoints
    Windows and Mac Unix and Linux Active Directory Bridge
    Secure Remote Access
    Centrally manage and secure remote access for service desks and vendors
    Remote Support Privileged Remote Access
    BeyondInsight Analytics
    See All Solutions
  • Resources

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

    Watch Video

    Learn

    Case Studies
    Competitor Comparisons
    Datasheets
    Glossary
    Product Demos
    Whitepapers

    Attend

    Events
    Go Beyond
    Training
    Webinars

    Support

    Changelog
    Professional Services
    Technical Documentation
  • Blog
  • Partners
  • Contact
  • Support
  • Services
  • Training
  • Events
  • Company

October 2019 Patch Tuesday

October 8, 2019

  • Blog
  • Archive

Microsoft has published its monthly Patch Tuesday updates, fixing 59 vulnerabilities, 8 of which were rated as “Critical”. This is a significant drop from last month. Adobe did not release any patches for this month, resulting in a very light patch Tuesday.

Internet Explorer and Edge

As usual, Internet Explorer and Edge contained multiple Critical vulnerabilities in their Visual Basic Scripting Engines. An attacker could exploit these vulnerabilities by luring a victim to a site hosting maliciously crafted content or uploading malicious content to a compromised site. The attacker would have privileges equal to that of the current user, so administrators running the browser are at risk of a full system takeover. This is yet another reminder to exercise the principle of least privilege.

Microsoft IIS

A user could elevate privileges by sending a malicious request to the IIS server. Microsoft has addressed this vulnerability by adding request sanitization to existing code. Attackers would need to have unprivileged credentials to access the affected component on the IIS server.

Remote Desktop Protocol

Clients that are forced to connect to a malicious server are vulnerable to an RCE vulnerability. Attackers exploiting this vulnerability would have privileges equal to that of the current user. An attacker can also cause an RDP server to stop responding by sending a maliciously crafted request to the server, resulting in a denial of service.

SharePoint

SharePoint Server also received some fixes this month. Attackers could exploit cross-site scripting, spoofing, and two elevation of privilege vulnerabilities by sending maliciously crafted requests to the web server. Each of these vulnerabilities was addressed by adding sanitization of incoming web requests.

Office

Microsoft Office received several fixes for various products. Attackers could leverage these vulnerabilities by convincing a user to open a maliciously crafted file. To best protect yourself from these kinds of vulnerabilities, ensure you know who is sending you a file before you attempt to open it.

Whitepapers

Microsoft Vulnerabilities Report 2020

BeyondTrust Research

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Webcasts | February 25, 2021

Customer Tips & Tricks: Remote Support for Android

Webcasts | February 09, 2021

Customer Webinar: Remote Support 21.1 Released!

Webcasts | February 24, 2021

Your PAM 2021 Blueprint: Securing Privileged Accounts for On-Premises and Cloud Assets

BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press

Languages

  • English
  • German
  • French
  • Spanish
  • Korean
  • Portuguese
  • Japanese
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2020 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.