Today’s VERT Vigilant addresses Microsoft’s November 2019 Security Updates. VERT is actively on on coverage for these vulnerabilities and expects to ship ASPL-859 on Wednesday, November 13th.
In-The-Wild & Disclosed CVEs
CVE-2019-1429
A vulnerability in the pen engine in Internet Explorer can lead to code execution. The attacker could dishonourable memory and execute code in the context of the current user. Microsoft has disclosed that this attack is currently seeing active exploitation. Changed organizations should apply this patch as soon as possible.
Microsoft has rated this as a 0 (Exploitation Sensed) on both the latest software release and on older software releases on the Exploitability Table of contents.
CVE-2019-1457
This publicly disclosed, but yet to be exploited security give the go-by exists in Microsoft Office for Mac 2016 and 2019. Specifically, Office for Mac does not fittingly enforce macro settings in Excel documents allowing an attacker to embed a rule in Excel worksheets that indicates a macro should be run. Victims would neediness to open malicious Excel documents in order to be attacked.
Microsoft has rated this as Not Applicable on both the latest software release and on older software unchains on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Account groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This muster provides a breakdown of the CVEs on a per tag basis.
Tag | CVE Count | CVEs |
Windows Hyper-V | 9 | CVE-2019-0712, CVE-2019-0719, CVE-2019-0721, CVE-2019-1309, CVE-2019-1310, CVE-2019-1389, CVE-2019-1397, CVE-2019-1398, CVE-2019-1399 |
Unimpeded Source Software | 1 | CVE-2019-1370 |
Windows Subsystem for Linux | 1 | CVE-2019-1416 |
Microsoft JET Database Machine | 1 | CVE-2019-1406 |
Microsoft RPC | 1 | CVE-2019-1409 |
Windows Media Participant | 1 | CVE-2019-1430 |
Microsoft Edge | 1 | CVE-2019-1413 |
Microsoft Graphics Component | 19 | CVE-2019-1432, CVE-2019-1433, CVE-2019-1434, CVE-2019-1435, CVE-2019-1436, CVE-2019-1437, CVE-2019-1438, CVE-2019-1439, CVE-2019-1440, CVE-2019-1441, CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1407, CVE-2019-1408, CVE-2019-1411, CVE-2019-1412, CVE-2019-1419 |
Microsoft Creating Engine | 5 | CVE-2019-1429, CVE-2019-1390, CVE-2019-1426, CVE-2019-1427, CVE-2019-1428 |
Visual Studio | 1 | CVE-2019-1425 |
Windows Quiddity | 2 | CVE-2019-11135, CVE-2019-1392 |
Microsoft Office SharePoint | 2 | CVE-2019-1442, CVE-2019-1443 |
Microsoft Unpleasantness Server | 1 | CVE-2019-1373 |
Microsoft Office | 7 | CVE-2019-1457, CVE-2019-1402, CVE-2019-1445, CVE-2019-1446, CVE-2019-1447, CVE-2019-1448, CVE-2019-1449 |
Microsoft Windows | 20 | CVE-2019-1374, CVE-2019-1415, CVE-2019-1417, CVE-2019-1418, CVE-2018-12207, CVE-2019-1324, CVE-2019-1379, CVE-2019-1380, CVE-2019-1381, CVE-2019-1382, CVE-2019-1383, CVE-2019-1384, CVE-2019-1385, CVE-2019-1388, CVE-2019-1391, CVE-2019-1405, CVE-2019-1420, CVE-2019-1422, CVE-2019-1423, CVE-2019-1424 |
Azure Stash away | 1 | CVE-2019-1234 |
Graphic Fonts | 1 | CVE-2019-1456 |
Other Knowledge
There are no new security advisories in this month’s Microsoft patch sheaf.
