CVE-2019-1060
published 2019-10-10CVE-2019-1060: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution…
PriorityP357high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
12.91%
95.8th percentile
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
Affected
54 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1903_for_32-bit_systems | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
MS XML Remote Code Execution Vulnerability
vendor_msrc·2019-10-08·CVSS 6.4
CVE-2019-1060 [HIGH] MS XML Remote Code Execution Vulnerability
MS XML Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system.
To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or instant message that would then take the user to the website. When Internet Explorer parses the XML content, an attacker could run malicious code remotely to take control of the use
GHSA
GHSA-2qj3-rh4c-5vh4: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution
ghsa_unreviewed·2022-05-24
CVE-2019-1060 [HIGH] CWE-611 GHSA-2qj3-rh4c-5vh4: A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution
A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.
No detection rules found.
No public exploits indexed.
Trendmicro
Short October Patch Tuesday: 9 Critical Fixes Featured
blogs_trendmicro·2019-10-09·CVSS 8.8
[HIGH] Short October Patch Tuesday: 9 Critical Fixes Featured
Exploits & Vulnerabilities
# Short October Patch Tuesday: 9 Critical Fixes Featured
This month's update includes only 59 fixes, but addresses significant issues. The nine Critical items were for various IE and Edge flaws, and one for a Remote Desktop Client gap. The rest of the 50 were ranked important, including server concerns.
By: Trend Micro
2019/10/09
Read time: ( words)
Save to Folio
October’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Most of the critical bulletins were for various Internet Explorer and Microsoft Edge vulnerabilities, with one covering a Remote Desktop Client vulnerability
Trendmicro
Short October Patch Tuesday: 9 Critical Fixes Featured
blogs_trendmicro·2019-10-09·CVSS 8.8
[HIGH] Short October Patch Tuesday: 9 Critical Fixes Featured
# Short October Patch Tuesday: 9 Critical Fixes Featured
This month's update includes only 59 fixes, but addresses significant issues. The nine Critical items were for various IE and Edge flaws, and one for a Remote Desktop Client gap. The rest of the 50 were ranked important, including server concerns.
By: Trend Micro
Oct 09, 2019
Read time: ( words)
Save to Folio
October’s Patch Tuesday is relatively modest, with Microsoft releasing a total of 59 patches. However, this shorter list still warrants attention. Nine of the 59 were still identified as Critical, while the remaining 50 were labeled Important. Most of the critical bulletins were for various Internet Explorer and Microsoft Edge vulnerabilities, with one covering a Remote Desktop Client vulnerability. The Important bulletins
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-10-08·CVSS 6.4
[MEDIUM] Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here.
### Critical vulnerabilities Microsoft disclosed nine critical vulnerabilities this month, eight of which we will highlight below.
CVE-2019-1333 is a client-side remote execution vulne
Tenable
Microsoft's October 2019 Patch Tuesday: Tenable Roundup
blogs_tenable·2019-10-08
Microsoft's October 2019 Patch Tuesday: Tenable Roundup
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Fortinet
October Patch Tuesday
blogs_fortinet·2019-10-08·CVSS 8.8
[HIGH] October Patch Tuesday
FORTIGUARD LABS THREAT RESEARCH
October Patch Tuesday
By Jeannette Jarvis | October 08, 2019
October Patch Tuesday brought a myriad of updates from a variety of vendors. Here we highlight the critical vulnerabilities released by Microsoft, but also touch on updates from Apple and Google as well. There were no updates from Adobe at the time of this posting. Get Patching!
Patch Overview
Microsoft
Today, Microsoft released security updates fixing 59 security vulnerabilities. Nine of these patches have a critical severity level, and the rest are rated as important. None of the vulnerabilities patched this month were publicly disclosed before Patch Tuesday, nor are any known to have been publicly exploited at this time. Regardless, users are advised to install these security updates as soon
Talos
Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-10-08·CVSS 6.4
[MEDIUM] Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Oct. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 60 vulnerabilities, nine of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, the Chakra Scripting Engine, the Windows operating system and the SharePoint software.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post here .
## Critical vulnerabilities Microsoft disclosed nine critical vulnerabilities this month, eight of
2019-10-10
Published