Microsoft Security Update Fixed 36 Bugs Including Win32k Zero-day That Allow Hackers to Run Arbitrary Code Remotely

Microsoft Security Update Fixed 36 Bugs Including Win32k Zero-day That Allow Hackers to Run Arbitrary Code Remotely

Microsoft security updates
Microsoft security updates
Microsoft released a security update under patch Tuesday for various Microsoft products and fixed more than 30 vulnerabilities including severe Windows Win32k zero-day.
Out of 36 vulnerabilities, 7 rated as Critical, 27 rated as Important, 1 fixed as Moderate, and one as Low.
The December patch Tuesday security release consists of security updates for the following software:
  • Microsoft Windows
  • Internet Explorer
  • Microsoft Office and Microsoft Office Services and Web Apps
  • SQL Server
  • Visual Studio
  • Skype for Business

Win32k Zero-day

Microsoft fixed a severe elevation privilege vulnerability that uncovered in Windows, and the vulnerability can be triggered when the Win32k component fails to properly handle objects in memory.
In order to exploit the vulnerability (CVE-2019-1458), an attacker needs to gain the system access and run the specially crafted application and take over the vulnerable system.
Hackers exploiting the Windows EoP 0-day exploit CVE-2019-1458 used in Operation called WizardOpium.
Once the attacker gains the successful access, the vulnerability could allow him to run an arbitrary code in kernel mode which enables an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
Last month GBHackers reported that another vulnerability that was previously used to exploit the chrome browser, and it was actively exploited under the same WizardOpiu operation. 

Microsoft Security Update

TagCVE IDCVE TitleSeverity
 ADV190026Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for BusinessUnknown
End of Life SoftwareCVE-2019-1489Remote Desktop Protocol Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1465Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1468Win32k Graphics Remote Code Execution VulnerabilityCritical
Microsoft Graphics ComponentCVE-2019-1466Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2019-1467Windows GDI Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1400Microsoft Access Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1464Microsoft Excel Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2019-1461Microsoft Word Denial of Service VulnerabilityImportant
Microsoft OfficeCVE-2019-1462Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
Microsoft OfficeCVE-2019-1463Microsoft Access Information Disclosure VulnerabilityImportant
Microsoft Scripting EngineCVE-2019-1485VBScript Remote Code Execution VulnerabilityLow
Microsoft WindowsCVE-2019-1453Windows Remote Desktop Protocol (RDP) Denial of Service VulnerabilityImportant
Microsoft WindowsCVE-2019-1476Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1477Windows Printer Service Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1474Windows Kernel Information Disclosure VulnerabilityImportant
Microsoft WindowsCVE-2019-1478Windows COM Server Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1483Windows Elevation of Privilege VulnerabilityImportant
Microsoft WindowsCVE-2019-1488Microsoft Defender Security Feature Bypass VulnerabilityImportant
Open Source SoftwareCVE-2019-1487Microsoft Authentication Library for Android Information Disclosure VulnerabilityImportant
Servicing Stack UpdatesADV990001Latest Servicing Stack UpdatesCritical
Skype for BusinessCVE-2019-1490Skype for Business Server Spoofing VulnerabilityImportant
SQL ServerCVE-2019-1332Microsoft SQL Server Reporting Services XSS VulnerabilityImportant
Visual StudioCVE-2019-1350Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2019-1349Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2019-1486Visual Studio Live Share Spoofing VulnerabilityImportant
Visual StudioCVE-2019-1387Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2019-1354Git for Visual Studio Remote Code Execution VulnerabilityCritical
Visual StudioCVE-2019-1351Git for Visual Studio Tampering VulnerabilityModerate
Visual StudioCVE-2019-1352Git for Visual Studio Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-1471Windows Hyper-V Remote Code Execution VulnerabilityCritical
Windows Hyper-VCVE-2019-1470Windows Hyper-V Information Disclosure VulnerabilityImportant
Windows KernelCVE-2019-1472Windows Kernel Information Disclosure VulnerabilityImportant
Windows KernelCVE-2019-1458Win32k Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2019-1469Win32k Information Disclosure VulnerabilityImportant
Windows Media PlayerCVE-2019-1480Windows Media Player Information Disclosure VulnerabilityImportant
Windows Media PlayerCVE-2019-1481Windows Media Player Information Disclosure VulnerabilityImportant
Windows OLECVE-2019-1484Windows OLE Remote Code Execution VulnerabilityImportant
Since the zero-day under active attack, Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.
You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the November 2019 Patch here.
You can follow us on LinkedinInstagramFacebook for daily Cyber-security and hacking news updates
Thank's and Regards,
Shubham Yadav
( Cyber Security Expert )

2 comments:

  1. How to use hydra when what you want to attack is a host given by hostname and not by Ip?
    By Ip is very rare since most servers have many virtual hosts running, in this case your hydra command won’t work.

    ReplyDelete

Search Here

Advertisement