Thu. Dec 12th, 2019

Scripting Engine/Hyper-V/Exchange Remote Code Execution Vulnerability Alert

3 min read

On November 12, 2019, Microsoft routinely released a security update for November. The security update covers the Windows operating system, IE/Edge browser, scripting engine/ChakraCore, Office suite, Exchange services, and Visual Studio. A total of 74 CVEs, 13 high-risk vulnerabilities, and 61 intermediate-risk vulnerabilities.

Windows zero day flaws

Vulnerability Details

Scripting Engine Remote Code Execution Vulnerability

CVE-2019-1429 According to the report of the Google Threat Analysis Team, there is a vulnerability in the way the IE scripting engine handles objects in memory. An attacker can implement remote code execution if the affected browser accesses a malicious web page or opens a specially crafted Office document. At the same time, the report indicates that this patch is required even if you are not using IE. Microsoft did not provide a determination as to the nature of the vulnerability, which could be limited by other security measures.

Exchange Server Remote Code Execution Vulnerability

CVE-2019-1373 This vulnerability is an issue with Exchange Server when using PowerShell to deserialize metadata. To exploit this vulnerability, an attacker would need to convince a user to run a cmdlet through PowerShell. This situation is demanding, but if the user does this easily, the server’s full control can be handed over to the attacker.

UAC privilege elevation vulnerability

A vulnerability in the CVE-2019-1388UAC prompt. The vulnerability reported by ZDI requires complex pre-steps in actual use. Allows attacker permissions to be promoted to NT Authority\SYSTEM if the attack is successful.

Font file remote command execution vulnerability

CVE-2019-1441 This vulnerability exists in the Win32k Graphics component, and viewing a specially crafted font by a user may result in remote code execution.

Hyper-v vulnerability

  • CVE-2019-0721 Remote Code Execution Vulnerability
  • CVE-2019-1389 Remote Code Execution Vulnerability
  • CVE-2019-1397 Remote Code Execution Vulnerability
  • CVE-2019-1398 Remote Code Execution Vulnerability
  • CVE-2019-0712 Denial of Service Vulnerability
  • CVE-2019-1309 Denial of Service Vulnerability
  • CVE-2019-1310 Denial of Service Vulnerability
  • CVE-2019-1399 Denial of Service Vulnerability

TPM chipset vulnerability recommendations

ADV190024 Microsoft’s security bulletin for the TPM chipset using the Elliptic Curve Digital Signature Algorithm (ECDSA). Although this algorithm is not used by current Windows systems, other software or services may be used. This error exists in the TPM firmware and does not exist in the operating system itself. There is no corresponding Microsoft patch. So, if your system is affected, you need to contact the corresponding chip manufacturer to get the TPM firmware update.

Multiple information disclosure vulnerabilities

The successful attack allows the attacker to obtain sensitive information or file content on some user PC/server.

  • CVE-2019-1446 Microsoft Excel
  • CVE-2019-1443 Microsoft SharePoint
  • CVE-2019-1440 Win32k
  • CVE-2019-1439 Windows GDI
  • CVE-2019-1436 Win32k
  • CVE-2019-1432 DirectWrite
  • CVE-2019-1418 Windows Modules Installer Service
  • CVE-2019-1412 OpenType Font Driver
  • CVE-2019-1411 DirectWrite
  • CVE-2019-1409 Windows Remote Procedure Call
  • CVE-2019-1402 Microsoft Office
  • CVE-2019-1381 Microsoft Windows
  • CVE-2019-1374 Windows Error Reporting
  • CVE-2019-1370 Open Enclave SDK
  • CVE-2019-1324 Windows TCP/IP
  • CVE-2019-11135 Windows Kernel
  • CVE-2018-12207 Windows Kernel

Microsoft Windows version updates should be made in a timely manner and Windows automatic updates should be maintained.