Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client
September 10, 2019Mohit Kumar
Get your update caps on.
Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software, of which 17 are rated critical, 61 as important, and one moderate in severity.
Two of the security vulnerabilities patched by the tech giant this month are listed as "publicly known" at the time of release, one of which is an elevation of privilege vulnerability (CVE-2019-1235) in Windows Text Service Framework (TSF), more likely related to a 20-year-old flaw Google security researcher disclosed last month.
Two other vulnerabilities patched this month are reported as being actively exploited in the wild by hackers, both are privilege elevation flaws—one resides in the Windows operating system and the other in Windows Common Log File System Driver.
Besides these, Microsoft has released patches for four critical RCE vulnerabilities in Windows built-in Remote Desktop Client application that could enable a malicious RDP server to compromise the client's computer, reversely, just like researchers demonstrated similar attackers against 3rd-party RDP clients earlier this year.
- CVE-2019-0787
- CVE-2019-0788
- CVE-2019-1290
- CVE-2019-1291
Unlike the wormable BlueKeep bug, the newly-patched RDP vulnerabilities are all client-side which require an attacker to trick victims into connecting to a malicious RDP server via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique.
The latest Microsoft Windows update also addresses a remote code execution vulnerability (CVE-2019-1280) in the way Windows operating system processes .LNK shortcut files, allowing attackers to compromise targeted systems.
"The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer or any other application that parses the .LNK file, the malicious binary will execute code of the attacker's choice, on the target system," Microsoft advisory says.
Malicious .LNK files have recently been found using by Astaroth fileless malware as part of its initial attack vector i.e., as an attachment with spear-phishing emails, according to cybersecurity researchers at Microsoft.
Microsoft also released updates to patch 12 more critical vulnerabilities, and as expected, all of them lead to remote code execution attacks and reside in various Microsoft products including Chakra Scripting Engine, VBScript, SharePoint server, Scripting Engine, and Azure DevOps and Team Foundation Server.
Some important-rated vulnerabilities also lead to remote code execution attacks, while others allow elevation of privilege, information disclosure, cross-site scripting (XSS), security feature bypass, and denial of service attacks.
Besides this, if you have an Android app for Yammer, Microsoft's enterprise social network, installed on your smartphone, you should separately update it from Google Play Store to patch a security bypass vulnerability.
Users and system administrators are highly recommended to apply the latest Windows security patches from Microsoft as soon as possible to keep cybercriminals and hackers away from taking control of their computers.
For installing the latest security updates, you can head on to Settings → Update & Security → Windows Update → Check for updates on your computer, or you can install the updates manually.
Adobe also rolled out security updates today to fix a total of 3 security vulnerabilities in Adobe Flash Player and Adobe Application Manager (AAM). Users of the affected Adobe software for Windows, macOS, Linux, and Chrome OS are advised to update their software packages to the latest versions.
RDP = Remote Desktop Protocol
o 업데이트 내용
| 제품군 | 중요도 | 영향 | KB번호 |
| Windows 10, Server 2019, Server 2016, Edge | 긴급 | 원격코드실행 | 4516044 등 8개 |
| Windows 8.1, Server 2012 R2 | 긴급 | 원격코드실행 | 4516067 등 2개 |
| Windows Server 2012 | 긴급 | 원격코드실행 | 4516055 등 2개 |
| Windows RT 8.1 | 긴급 | 원격코드실행 | 4516067 |
| Windows 7, Server 2008 R2 | 긴급 | 원격코드실행 | 4516065 등 2개 |
| Windows Server 2008 | 긴급 | 원격코드실행 | 4516026 등 2개 |
| Internet Explorer | 긴급 | 원격코드실행 | 4516065 등 15개 |
| ChakraCore | 긴급 | 원격코드실행 | - |
| Office | 중요 | 원격코드실행 | 4475574 등 6개 |
| Visual Studio | 중요 | 권한상승 | 4513696 |
| SharePoint Server, SharePoint Enterprise Server | 긴급 | 원격코드실행 | 4484098 등 10개 |
| Lync | 중요 | 정보노출 | 4515509 |
| Exchange Server | 중요 | 서비스거부 | 4515832 |
| .NET Core | 중요 | 권한상승 | 4514604 등 15개 |
| Adobe Flash Player | 긴급 | 원격코드실행 | 4516115 |
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573
portal.msrc.microsoft.com
https://portal.msrc.microsoft.com/ko-kr/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573
portal.msrc.microsoft.com
https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35137
KISA 인터넷 보호나라&KrCERT
KISA 인터넷 보호나라&KrCERT
www.boho.or.kr
Source for https://thehackernews.com/2019/09/microsoft-windows-update.html
Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client
Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software.
thehackernews.com
'1Day 1News' 카테고리의 다른 글
| US Sanctions 3 North Korean Hacking Groups Accused for Global Cyber Attacks (0) | 2019.09.15 |
|---|---|
| GDPR 주요내용 (0) | 2019.09.12 |
| 고작 2만불 벌금인데 파장 커지고 있는 스웨덴의 GDPR 판결 (0) | 2019.09.12 |
| MS 9월 보안 위협에 따른 정기 보안 업데이트 권고 (0) | 2019.09.11 |
| Multiple Code Execution Flaws Found In PHP Programming Language (0) | 2019.09.10 |
