It’s monthly Microsoft patching time, with the software giant releasing updates to fix 79 vulnerabilities across their product range, with 17 critical and 61 important.
A couple of these were to fix vulnerabilities with a public exploit. One of these is probably CVE-2019-1235, the privilege escalation in Windows Text Service Framework (TSF), which was disclosed by Google.
Another two fixed vulnerabilities reported as actively exploited in the wild, which are both privilege escalations problems.
They also fixed four remote code execution bugs in the RDP client built-in to Windows (CVE-2019-0787 / CVE-2019-0788 / CVE-2019-1290 / CVE-2019-1291).
Other notable critical patches were for:
- CVE-2019-1280 – RCE in processing .LNK files;
- VBScript (is that still going?)
- Sharepoint server;
- Scripting engine;
- Azure DevOps; and
- Team Foundation Server.
Another busy month for the MS team, and another busy month for operational teams deploying the fixes.