Patch Tuesday Roundup

It’s monthly Microsoft patching time, with the software giant releasing updates to fix 79 vulnerabilities across their product range, with 17 critical and 61 important.

A couple of these were to fix vulnerabilities with a public exploit. One of these is probably CVE-2019-1235, the privilege escalation in Windows Text Service Framework (TSF), which was disclosed by Google.

Another two fixed vulnerabilities reported as actively exploited in the wild, which are both privilege escalations problems.

They also fixed four remote code execution bugs in the RDP client built-in to Windows (CVE-2019-0787 / CVE-2019-0788 / CVE-2019-1290 / CVE-2019-1291).

Other notable critical patches were for:

  • CVE-2019-1280 – RCE in processing .LNK files;
  • Chakra
  • VBScript (is that still going?)
  • Sharepoint server;
  • Scripting engine;
  • Azure DevOps; and
  • Team Foundation Server.

Another busy month for the MS team, and another busy month for operational teams deploying the fixes.

Good luck!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s