Service Notices
September 2019 Microsoft Security Update
Sep 23, 2019 GMT+08:00
I. Overview
Recently, Microsoft released its monthly set of security updates for September, addressing 79 vulnerabilities, among which 17 are rated "critical". Attackers can exploit vulnerabilities to execute remote code, escalate privileges, and obtain sensitive information. The following applications are affected: Microsoft Windows, Internet Explorer, Microsoft Edge, VBScript, and SharePoint.
The following vulnerabilities are prominent:
· Four remote code execution vulnerabilities (CVE-2019-0787, CVE-2019-0788, CVE-2019-1290, and CVE-2019-1291) in the Windows built-in remote desktop client.
· SharePoint remote code execution vulnerabilities (CVE-2019-1257, CVE-2019-1295, and CVE-2019-1296)
· LNK remote code execution vulnerability (CVE-2019-1280)
Microsoft release notes:
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Internet Explorer, Microsoft Edge, .NET Framework, Microsoft Office, and Windows Server
IV. Vulnerability Details
CVE ID |
Vulnerability Name |
Severity |
Vulnerability Description |
CVE-2019-0787 CVE-2019-0788 CVE-2019-1290 CVE-2019-1291 |
RDP Client Remote Code Execution Vulnerability |
Important |
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited the vulnerability could run arbitrary code on the client machine. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
CVE-2019-1257 CVE-2019-1295 CVE-2019-1296 |
Microsoft SharePoint Code Execution Vulnerability |
Important |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account. |
CVE-2019-1280 |
LNK Remote Code Execution Vulnerability |
Important |
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user to run malicious code. |
CVE-2019-1208 CVE-2019-1236 |
VBScript Remote Code Execution Vulnerability |
Important |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
CVE-2019-1306 |
Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability |
Important |
A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly. An attacker who successfully exploited this vulnerability could execute code on the server in the context of the TFS or ADO service account. |
CVE-2019-1221 |
Scripting Engine Memory Corruption Vulnerability |
Important |
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
CVE-2019-1138 CVE-2019-1217 CVE-2019-1237 CVE-2019-1298 CVE-2019-1300 |
Chakra Scripting Engine Memory Corruption Vulnerability |
Important |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. Unauthorized attackers can use this vulnerability to obtain privileges as authorized users. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://portal.msrc.microsoft.com/en-us/security-guidance
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.