본문 바로가기

1Day 1News

Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client

Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client

 

September 10, 2019Mohit Kumar

Get your update caps on.

Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software, of which 17 are rated critical, 61 as important, and one moderate in severity.

Two of the security vulnerabilities patched by the tech giant this month are listed as "publicly known" at the time of release, one of which is an elevation of privilege vulnerability (CVE-2019-1235) in Windows Text Service Framework (TSF), more likely related to a 20-year-old flaw Google security researcher disclosed last month.

Two other vulnerabilities patched this month are reported as being actively exploited in the wild by hackers, both are privilege elevation flaws—one resides in the Windows operating system and the other in Windows Common Log File System Driver.

 


Besides these, Microsoft has released patches for four critical RCE vulnerabilities in Windows built-in Remote Desktop Client application that could enable a malicious RDP server to compromise the client's computer, reversely, just like researchers demonstrated similar attackers against 3rd-party RDP clients earlier this year.


  • CVE-2019-0787
  • CVE-2019-0788
  • CVE-2019-1290
  • CVE-2019-1291



Unlike the wormable BlueKeep bug, the newly-patched RDP vulnerabilities are all client-side which require an attacker to trick victims into connecting to a malicious RDP server via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique.

The latest Microsoft Windows update also addresses a remote code execution vulnerability (CVE-2019-1280) in the way Windows operating system processes .LNK shortcut files, allowing attackers to compromise targeted systems.

"The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer or any other application that parses the .LNK file, the malicious binary will execute code of the attacker's choice, on the target system," Microsoft advisory says.


Malicious .LNK files have recently been found using by Astaroth fileless malware as part of its initial attack vector i.e., as an attachment with spear-phishing emails, according to cybersecurity researchers at Microsoft.

 


Microsoft also released updates to patch 12 more critical vulnerabilities, and as expected, all of them lead to remote code execution attacks and reside in various Microsoft products including Chakra Scripting Engine, VBScript, SharePoint server, Scripting Engine, and Azure DevOps and Team Foundation Server.

Some important-rated vulnerabilities also lead to remote code execution attacks, while others allow elevation of privilege, information disclosure, cross-site scripting (XSS), security feature bypass, and denial of service attacks.

Besides this, if you have an Android app for Yammer, Microsoft's enterprise social network, installed on your smartphone, you should separately update it from Google Play Store to patch a security bypass vulnerability.

Users and system administrators are highly recommended to apply the latest Windows security patches from Microsoft as soon as possible to keep cybercriminals and hackers away from taking control of their computers.

For installing the latest security updates, you can head on to Settings → Update & Security → Windows Update → Check for updates on your computer, or you can install the updates manually.

Adobe also rolled out security updates today to fix a total of 3 security vulnerabilities in Adobe Flash Player and Adobe Application Manager (AAM). Users of the affected Adobe software for Windows, macOS, Linux, and Chrome OS are advised to update their software packages to the latest versions.

 

RDP = Remote Desktop Protocol

 

o 업데이트 내용

제품군 중요도 영향 KB번호
Windows 10, Server 2019, Server 2016, Edge 긴급 원격코드실행 4516044 등 8개
Windows 8.1, Server 2012 R2 긴급 원격코드실행 4516067 등 2개
Windows Server 2012 긴급 원격코드실행 4516055 등 2개
Windows RT 8.1 긴급 원격코드실행 4516067
Windows 7, Server 2008 R2 긴급 원격코드실행 4516065 등 2개
Windows Server 2008 긴급 원격코드실행 4516026 등 2개
Internet Explorer 긴급 원격코드실행 4516065 등 15개
ChakraCore 긴급 원격코드실행 -
Office 중요 원격코드실행 4475574 등 6개
Visual Studio 중요 권한상승 4513696
SharePoint Server, SharePoint Enterprise Server 긴급 원격코드실행 4484098 등 10개
Lync 중요 정보노출 4515509
Exchange Server 중요 서비스거부 4515832
.NET Core 중요 권한상승 4514604 등 15개
Adobe Flash Player 긴급 원격코드실행 4516115

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573

 

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573

 

portal.msrc.microsoft.com

https://portal.msrc.microsoft.com/ko-kr/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573

 

https://portal.msrc.microsoft.com/ko-kr/security-guidance/releasenotedetail/24f46f0a-489c-e911-a994-000d3a33c573

 

portal.msrc.microsoft.com

https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=35137

 

KISA 인터넷 보호나라&KrCERT

KISA 인터넷 보호나라&KrCERT

www.boho.or.kr

Source for https://thehackernews.com/2019/09/microsoft-windows-update.html

 

Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client

Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software.

thehackernews.com