Microsoft Security Update Fixed 36 Bugs Including Win32k Zero-day That Allow Hackers to Run Arbitrary Code Remotely
Microsoft released a security update under patch Tuesday for various Microsoft products and fixed more than 30 vulnerabilities including severe Windows Win32k zero-day.
Out of 36 vulnerabilities, 7 rated as Critical, 27 rated as Important, 1 fixed as Moderate, and one as Low.
The December patch Tuesday security release consists of security updates for the following software:
- Microsoft Windows
- Internet Explorer
- Microsoft Office and Microsoft Office Services and Web Apps
- SQL Server
- Visual Studio
- Skype for Business
Win32k Zero-day
Microsoft fixed a severe elevation privilege vulnerability that uncovered in Windows, and the vulnerability can be triggered when the Win32k component fails to properly handle objects in memory.
In order to exploit the vulnerability (CVE-2019-1458), an attacker needs to gain the system access and run the specially crafted application and take over the vulnerable system.
Hackers exploiting the Windows EoP 0-day exploit CVE-2019-1458 used in Operation called WizardOpium.
Once the attacker gains the successful access, the vulnerability could allow him to run an arbitrary code in kernel mode which enables an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
Last month GBHackers reported that another vulnerability that was previously used to exploit the chrome browser, and it was actively exploited under the same WizardOpiu operation.
Microsoft Security Update
Tag | CVE ID | CVE Title | Severity |
ADV190026 | Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business | Unknown | |
End of Life Software | CVE-2019-1489 | Remote Desktop Protocol Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1465 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1468 | Win32k Graphics Remote Code Execution Vulnerability | Critical |
Microsoft Graphics Component | CVE-2019-1466 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1467 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Office | CVE-2019-1400 | Microsoft Access Information Disclosure Vulnerability | Important |
Microsoft Office | CVE-2019-1464 | Microsoft Excel Information Disclosure Vulnerability | Important |
Microsoft Office | CVE-2019-1461 | Microsoft Word Denial of Service Vulnerability | Important |
Microsoft Office | CVE-2019-1462 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-1463 | Microsoft Access Information Disclosure Vulnerability | Important |
Microsoft Scripting Engine | CVE-2019-1485 | VBScript Remote Code Execution Vulnerability | Low |
Microsoft Windows | CVE-2019-1453 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important |
Microsoft Windows | CVE-2019-1476 | Windows Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1477 | Windows Printer Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1474 | Windows Kernel Information Disclosure Vulnerability | Important |
Microsoft Windows | CVE-2019-1478 | Windows COM Server Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1483 | Windows Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1488 | Microsoft Defender Security Feature Bypass Vulnerability | Important |
Open Source Software | CVE-2019-1487 | Microsoft Authentication Library for Android Information Disclosure Vulnerability | Important |
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
Skype for Business | CVE-2019-1490 | Skype for Business Server Spoofing Vulnerability | Important |
SQL Server | CVE-2019-1332 | Microsoft SQL Server Reporting Services XSS Vulnerability | Important |
Visual Studio | CVE-2019-1350 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
Visual Studio | CVE-2019-1349 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
Visual Studio | CVE-2019-1486 | Visual Studio Live Share Spoofing Vulnerability | Important |
Visual Studio | CVE-2019-1387 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
Visual Studio | CVE-2019-1354 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
Visual Studio | CVE-2019-1351 | Git for Visual Studio Tampering Vulnerability | Moderate |
Visual Studio | CVE-2019-1352 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
Windows Hyper-V | CVE-2019-1471 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
Windows Hyper-V | CVE-2019-1470 | Windows Hyper-V Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2019-1472 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Kernel | CVE-2019-1458 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2019-1469 | Win32k Information Disclosure Vulnerability | Important |
Windows Media Player | CVE-2019-1480 | Windows Media Player Information Disclosure Vulnerability | Important |
Windows Media Player | CVE-2019-1481 | Windows Media Player Information Disclosure Vulnerability | Important |
Windows OLE | CVE-2019-1484 | Windows OLE Remote Code Execution Vulnerability | Important |
Since the zero-day under active attack, Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.
You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the November 2019 Patch here.
Thank's and Regards,
Shubham Yadav
( Cyber Security Expert )
Great as always
ReplyDeleteHow to use hydra when what you want to attack is a host given by hostname and not by Ip?
ReplyDeleteBy Ip is very rare since most servers have many virtual hosts running, in this case your hydra command won’t work.