Expert On Microsoft’s November 2019 Patch Tuesday Fixes IE Zero-day, 74 Flaws

By   ISBuzz Team
Writer , Information Security Buzz | Nov 14, 2019 11:31 am PST

With the release of the November 2019 security updates, Microsoft has released 2 advisories and updates for 74 vulnerabilities. Of these vulnerabilities, 13 are classified as Critical. The November 2019 Patch Tuesday also fixes a critical remote code execution vulnerability in Internet Explorer that was being actively exploited in the wild.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Satnam Narang
Satnam Narang , Senior Research Engineer
November 14, 2019 7:34 pm

This month’s Patch Tuesday release contains updates for nearly 75 CVEs. One of the vulnerabilities, CVE-2019-1429, was first exploited in the wild as a zero day and could enable an attacker to execute arbitrary code under the same privileges of the current user. If the user has administrative rights, an attacker would be able to perform a variety of actions, such as creating a new account with full user rights, installing programs, and viewing, changing or deleting data. An attacker would need to convince a user to visit a website containing the exploit code using Internet Explorer in order to exploit the flaw.

CVE-2019-1457, which was publicly disclosed at the end of October, is a security feature bypass in Microsoft Office for Mac due to improper enforcement of macro settings in Excel documents. An attacker would need to create a specially crafted Excel document using the SYLK (SYmbolic LinK) file format and convince a user to open such a file using a vulnerable version of Microsoft Office for Mac. Successful exploitation would allow an attacker to execute arbitrary code on the victim’s system.

Last edited 4 years ago by Satnam Narang

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x