The September 2019 Patch Tuesday brings security patches from Microsoft for 79 vulnerabilities that span across 15 products.
Security patches available for two zero-day exploits
Two zero-day exploits, CVE-2019-1214 and CVE-2019-1215, were patched this month. Both of them are Elevation of Privilege (EoP) vulnerabilities.
“Both flaws exist due to improper handling of objects in memory by the respective drivers. Elevation-of-privilege vulnerabilities are utilized by attackers post-compromise, once they’ve managed to gain access to a system in order to execute code on their target systems with elevated privileges,” said Satnam Narang, a senior research engineer at Tenable.
Critical bugs in RDP fixed
Four critical flaws —CVE-2019-1291, CVE-2019-1290, CVE-2019-0788, CVE-2019-0787—in Microsoft’s Remote Desktop Protocol (RDP) feature have been fixed. These vulnerabilities, when exploited, allow remote code execution by malicious servers.
Microsoft has released two advisories in September’s Patch Tuesday.
What to look out for
Other organizations such as Adobe and SAP also publish security updates on the day of Microsoft’s Patch Tuesday.