CVE-2019-1429
published 2019-11-12CVE-2019-1429: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory…
PriorityP184high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
72.63%
99.4th percentile
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | chakracore | < 1.11.15 | 1.11.15 |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer_10 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
| microsoft | internet_explorer_11 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandJSON.stringify() toJSON callback triggering use-after-free in jscript!GCProtectKeyAndCall / jscript!JSONApplyFilters↗
- →CVE-2019-1429 was actively exploited in the wild at time of patch release (November 2019 Patch Tuesday); treat any unpatched Internet Explorer instances processing jscript content as high-risk. ↗
- →Exploitation is confirmed on both latest and older software releases; detection should cover all supported Windows versions running Internet Explorer with jscript.dll. ↗
- →Attack vector includes web-based delivery via specially crafted websites, ActiveX controls marked 'safe for initialization' embedded in Office documents, and compromised websites hosting user-provided content or advertisements — monitor IE process spawning child processes or making unusual network connections after visiting such content. ↗
- ·The PoC crash requires the entire block of jscript VAR structures to be freed to trigger the access violation; a partial garbage collection may not produce a crash, meaning the vulnerability could be silently exploited without an obvious crash signal. ↗
- ·The vulnerability is in jscript.dll (legacy scripting engine), not jscript9.dll (Chakra); detections scoped only to modern IE/Edge scripting engines may miss this. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck7.5HIGH
cisa7.5HIGH
vendor_msrc6.4MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5m34-66pw-cq8v: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scrip
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2019-1426 [HIGH] GHSA-5m34-66pw-cq8v: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scrip
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1427, CVE-2019-1428, CVE-2019-1429.
GHSA
GHSA-w54g-9jxp-4pf9: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2019-1429 [HIGH] CWE-416 GHSA-w54g-9jxp-4pf9: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engin
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
GHSA
GHSA-xfqp-cp2m-6wxx: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scrip
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2019-1428 [HIGH] GHSA-xfqp-cp2m-6wxx: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scrip
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429.
GHSA
GHSA-gp4h-p634-q92q: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scrip
ghsa_unreviewed·2022-05-24·CVSS 7.5
CVE-2019-1427 [HIGH] GHSA-gp4h-p634-q92q: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scrip
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1428, CVE-2019-1429.
Project0
Déjà vu-lnerability - Project Zero
project_zero·2021-02-01
CVE-2014-9665 Déjà vu-lnerability - Project Zero
A Year in Review of 0-days Exploited In-The-Wild in 2020
Posted by Maddie Stone, Project Zero
2020 was a year full of 0-day exploits. Many of the Internet’s most popular browsers had their moment in the spotlight. Memory corruption is still the name of the game and how the vast majority of detected 0-days are getting in. While we tried new methods of 0-day detection with modest success, 2020 showed us that there is still a long way to go in detecting these 0-day exploits in-the-wild. But what may be the most notable fact is that 25% of the 0-days detected in 2020 are closely related to previously publicly disclosed vulnerabilities. In other words, 1 out of every 4 detected 0-day exploits could potentially have been avoided if a more thorough investigation and patching effort were explor
Project0
Root Cause Analyses for 0-day In-the-Wild Exploits - Project Zero
project_zero·2020-07-01
CVE-2019-1107 Root Cause Analyses for 0-day In-the-Wild Exploits - Project Zero
Posted by Maddie Stone, Project Zero
When a 0-day is exploited in the wild AND it is detected, we need to use that as an opportunity to learn as much as possible about the vulnerability and the exploit if we hope to make 0-day hard. One of the main methods to do that is to perform a root cause analysis (RCA) on the 0-day.
Our effort on this began in earnest in the last quarter of 2019. Today we are beginning to publish the root cause analyses for 0-days exploited in the wild that we have completed. While we’re publishing some in bulk now to play “catch-up”, in the future we plan to post each one in a timely manner after it’s detected and disclosed. We think publishing technical details in a timely manner is important for transparency and so that the whole of the security community can
Project0
Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero
project_zero·2020-07-01
CVE-2016-5195 Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019 - Project Zero
Posted by Maddie Stone, Project Zero
In May 2019, Project Zero released our tracking spreadsheet for 0-days used “in the wild” and we started a more focused effort on analyzing and learning from these exploits. This is another way Project Zero is trying to make zero-day hard. This blog post synthesizes many of our efforts and what we’ve seen over the last year. We provide a review of what we can learn from 0-day exploits detected as used in the wild in 2019. In conjunction with this blog post, we are also publishing another blog post today about our root cause analysis work that informed the conclusions in this Year in Review. We are also releasing 8 root cause analyses that we have done for in-the-wild 0-days from 2019.
When I had the idea for this “Year in Review” blog post, I immedi
VulnCheck
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
vulncheck·2019·CVSS 7.5
CVE-2019-1429 [HIGH] CWE-416 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Affected: Microsoft Internet Explorer
Required Action: Apply updates per vendor instructions.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2019-Nov; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-03
Project0
Project Zero RCA: CVE-2020-0674: Internet Explorer use-after-free in JScript
project_zero·CVSS 7.5
CVE-2020-0674 [HIGH] Project Zero RCA: CVE-2020-0674: Internet Explorer use-after-free in JScript
# CVE-2020-0674: Internet Explorer use-after-free in JScript
*Maddie Stone, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-08-05)*
## The Basics
**Disclosure or Patch Date:** 11 February 2020
**Product:** Microsoft Internet Explorer
**Advisory:** https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0674
**Affected Versions:** For Windows 10 1903/1909, [KB4528760](https://support.microsoft.com/en-us/help/4528760) and previous
**First Patched Version:** For Windows 10 1903/1909, [KB4532693](https://support.microsoft.com/en-us/help/4532693/windows-10-update-kb4532693)
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Yi Huang([@C0rk1_H](https://twitter.com/C0
Project0
Project Zero RCA: CVE-2020-1380: Internet Explorer JScript9 Use-after-Free
project_zero·CVSS 7.8
CVE-2020-1380 [HIGH] Project Zero RCA: CVE-2020-1380: Internet Explorer JScript9 Use-after-Free
# CVE-2020-1380: Internet Explorer JScript9 Use-after-Free
*Maddie Stone & Samuel Groß, Project Zero (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-08-24)*
## The Basics
**Disclosure or Patch Date:** 11 August 2020
**Product:** Microsoft Internet Explorer
**Advisory:** https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380
**Affected Versions:** For Windows 10 2004, [KB4565503](https://support.microsoft.com/en-us/help/4565503/windows-10-update-kb4565503) and previous
**First Patched Version:** For Windows 10 2004, [KB4566782](https://support.microsoft.com/en-us/help/4566782/windows-10-update-kb4566782)
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Reporter(s):** Boris Larin (
Project0
Project Zero RCA: CVE-2019-1367: Internet Explorer JScript use-after-free
project_zero·CVSS 7.5
CVE-2019-1367 [HIGH] Project Zero RCA: CVE-2019-1367: Internet Explorer JScript use-after-free
# CVE-2019-1367: Internet Explorer JScript use-after-free
*Maddie Stone & Ivan Fratric, Project Zero & Clément Lecigne, Google's Threat Analysis Group (Originally posted on [Project Zero blog](https://googleprojectzero.blogspot.com/p/rca.html) 2020-07-27)*
## The Basics
**Disclosure or Patch Date:** 23 September 2019
**Product:** Microsoft Internet Explorer
**Advisory:** https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367
**Affected Versions:** For Windows 10 1903, [KB4515384](https://support.microsoft.com/en-us/help/4515384) and previous
**First Patched Version:** For Windows 10 1903, [KB4524147](https://support.microsoft.com/en-us/help/4524147/windows-10-update-kb4524147)
**Issue/Bug Report:** N/A
**Patch CL:** N/A
**Bug-Introducing CL:** N/A
**Repo
CISA
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
cisa·2021-11-03·CVSS 7.5
CVE-2019-1429 [HIGH] CWE-416 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Vulnerability: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-1429
Remediation Due Date: 2022-05-03
Microsoft
Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2019-11-12·CVSS 6.4
CVE-2019-1429 [HIGH] Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
In a web-based attack scenario, an attacker could host a specially crafted websi
No detection rules found.
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Securelist
IT threat evolution Q2 2020
blogs_securelist·2020-09-03
IT threat evolution Q2 2020
Table of Contents
Targeted attacks
PhantomLance: hiding in plain sight
Naikon’s Aria
COMpfun authors spoof visa application with HTTP status-based Trojan
Mind the [air] gap
Looking at big threats using code similarity
SixLittleMonkeys
Other malware
Loncom packer: from backdoors to Cobalt Strike
xHelper: the Trojan matryoshka
Spike in RDP brute-force attacks
Gaming during the COVID-19 pandemic
Rovnix bootkit back in business
Web skimming with Google Analytics
The Magnitude Exploit Kit
Authors
David Emm
IT threat evolution Q2 2020. PC statistics
IT threat evolution Q2 2020. Mobile statistics
## Targeted attacks
## PhantomLance: hiding in plain sight
In April, we reported the results of our investigation into a mobile spyware campaign that we call ‘PhantomLance’ . The cam
Securelist
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
blogs_securelist·2020-08-12·CVSS 7.5
[HIGH] Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Authors
- Boris Larin
## Executive summary
In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for Windows. Unlike a previous full chain that we discovered, used in Operation WizardOpium, the new full chain targeted the latest builds of Windows 10, and our tests demonstrated reliable exploitation of Internet Explorer 11 and Windows 10 build 18363 x64.
On June 8, 2020, we reported our discoveries to Microsoft, and the company confirmed the vulnerabilities. At the time of our report, the security team at Mi
Securelist
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
blogs_securelist·2020-08-12·CVSS 7.5
[HIGH] Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Authors
Boris Larin
## Executive summary
In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for Windows. Unlike a previous full chain that we discovered, used in Operation WizardOpium, the new full chain targeted the latest builds of Windows 10, and our tests demonstrated reliable exploitation of Internet Explorer 11 and Windows 10 build 18363 x64.
On June 8, 2020, we reported our discoveries to Microsoft, and the company confirmed the vulnerabilities. At the time of our report, the security team at Micr
Securelist
Magnitude exploit kit – evolution
blogs_securelist·2020-06-24·CVSS 7.5
[HIGH] Magnitude exploit kit – evolution
Table of Contents
Introduction
Infection vector
Shellcode
Elevation of privilege exploit
Ransomware
Conclusions
Authors
Boris Larin
Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just a plugin for a web browser, meaning that even if the user has an up-to-date browser, there’s a non-zero chance that Adobe Flash may still be vulnerable to 1-day exploits. Now that Adobe Flash is about to reach its end-of-life date at the end of this year, it is disabled by default in all web browser and has pretty much been replaced with o
Securelist
Magnitude exploit kit – evolution
blogs_securelist·2020-06-24·CVSS 7.5
[HIGH] Magnitude exploit kit – evolution
Table of Contents
- Introduction
- Shellcode
- Elevation of privilege exploit
- Ransomware
- Conclusions
Authors
- Boris Larin
Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Flash because it’s just a plugin for a web browser, meaning that even if the user has an up-to-date browser, there’s a non-zero chance that Adobe Flash may still be vulnerable to 1-day exploits. Now that Adobe Flash is about to reach its end-of-life date at the end of this year, it is disabled by default in all web browser and has pretty much been replaced with open stand
Tenable
Microsoft’s February 2020 Patch Tuesday Addresses 99 CVEs Including Internet Explorer Zero-Day (CVE-2020-0674)
blogs_tenable·2020-02-11·CVSS 7.5
[HIGH] Microsoft’s February 2020 Patch Tuesday Addresses 99 CVEs Including Internet Explorer Zero-Day (CVE-2020-0674)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Trendmicro
November Patch Tuesday: 74 Fixes Before Major Update
blogs_trendmicro·2019-11-13·CVSS 9.1
[CRITICAL] November Patch Tuesday: 74 Fixes Before Major Update
Exploits & Vulnerabilities
# November Patch Tuesday: 74 Fixes Before Major Update
November Patch Tuesday holds a total of 74 patches, with 13 classified as Critical for remote code execution (RCE) flaws. The remaining majority were rated as Important and included patches for graphics components and SharePoint, among others.
By: Trend Micro
2019/11/13
Read time: ( words)
Save to Folio
Following the relatively light list from last month, November proved to be a much more eventful month for Microsoft users. The November Patch Tuesday holds more fixes with a total of 74 patches, 13 of which were classified as Critical patches for remote code execution (RCE) vulnerabilities. The remaining majority were rated as Important and included patches for Windows graphics components and Microsoft S
Trendmicro
November Patch Tuesday: 74 Fixes Before Major Update
blogs_trendmicro·2019-11-13·CVSS 9.1
[CRITICAL] November Patch Tuesday: 74 Fixes Before Major Update
# November Patch Tuesday: 74 Fixes Before Major Update
November Patch Tuesday holds a total of 74 patches, with 13 classified as Critical for remote code execution (RCE) flaws. The remaining majority were rated as Important and included patches for graphics components and SharePoint, among others.
By: Trend Micro
Nov 13, 2019
Read time: ( words)
Save to Folio
Following the relatively light list from last month, November proved to be a much more eventful month for Microsoft users. The November Patch Tuesday holds more fixes with a total of 74 patches, 13 of which were classified as Critical patches for remote code execution (RCE) vulnerabilities. The remaining majority were rated as Important and included patches for Windows graphics components and Microsoft SharePoint, among others. T
Qualys
November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe
blogs_qualys·2019-11-12·CVSS 9.1
[CRITICAL] November 2019 Patch Tuesday – 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe
This month’s Microsoft Patch Tuesday addresses 74 vulnerabilities with 13 of them labeled as Critical. Of the 13 Critical vulns, 5 are for browsers and scripting engines. Out of the 8 remaining Critical vulns, 4 are potential hypervisor escapes in Hyper-V, as well as vulnerabilities in Microsoft Exchange, Win32k, Windows Media Foundations, and OpenType. Adobe’s Patch Tuesday was on time this month, and covers 11 vulns spread across Animate, Illustrator, Media Encoder, and Bridge.
UPDATE
There are reports that the CVE-2019-1402 patches are causing issues with all supported versions of Microsoft Access. Microsoft has posted a document on the issue with upcoming fix dates and workarounds.
## Workstation Patches
Scripting Engine, Browser, Win32k, WMF, and OpenType patches should be prioriti
Fortinet
November Patch Tuesday
blogs_fortinet·2019-11-12·CVSS 7.8
[HIGH] November Patch Tuesday
FORTIGUARD LABS THREAT RESEARCH
November Patch Tuesday
By Jeannette Jarvis | November 12, 2019
Vendors unleashed a virtual torrent of patches and updates for November’s Patch Tuesday. We strongly recommend that you take the time to scan the sites of the various vendors and manufacturers you rely on for patches and updates to your business-critical software and systems. Here are a few patches as well as some updates from some of the larger developers:
Microsoft
Microsoft released a wealth of security updates for November's Patch Tuesday. Overall, there were 73 updates and two advisories. Fourteen of the security updates and one of the advisories were rated as critical, and one of those critical vulnerabilities, CVE-2019-1429 – a scripting engine memory corruption vulnerability, is curre
Krebs
Patch Tuesday, November 2019 Edition
blogs_krebs·2019-11-12·CVSS 7.5
[HIGH] Patch Tuesday, November 2019 Edition
Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild, as well as a sneaky bug in certain versions of Office for Mac that bypasses security protections and was detailed publicly prior to today’s patches.
Perhaps the most concerning of those critical holes is a zero-day flaw in Internet Exploder Explorer (CVE-2019-1429) that has already seen active exploitation. Today’s updates also address two other critical vulnerabilities in the same Windows component that handles various scripting languages.
Microsoft also fixed a flaw in Microsoft
Talos
Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-11-12·CVSS 9.1
[CRITICAL] Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 75 vulnerabilities, 13 of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, including the Scripting Engine, the Windows Hyper-V hypervisor, and Win32. Cisco Talos discovered one of these vulnerabilities, CVE-2019-1448 —a remote code execution vulnerability in Microsoft Excel. For more on this bug, read our full Vulnerability Spotlight here. We are also disclosing a remote code execution vulnerability in Microsoft Media Foundation.
Talos also released a new set of SNORTⓇ rules that provide covera
Krebs
Patch Tuesday, November 2019 Edition
blogs_krebs·2019-11-12·CVSS 7.5
[HIGH] Patch Tuesday, November 2019 Edition
Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild, as well as a sneaky bug in certain versions of Office for Mac that bypasses security protections and was detailed publicly prior to today’s patches.
More than a dozen of the flaws tackled in this month’s release are rated “critical,” meaning they involve weaknesses that could be exploited to install malware without any action on the part of the user, except for perhaps browsing to a hacked or malicious Web site or opening a booby-trapped file attachment.
Perhaps the most concerning
Talos
Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-11-12·CVSS 9.1
[CRITICAL] Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 75 vulnerabilities, 13 of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, including the Scripting Engine, the Windows Hyper-V hypervisor, and Win32. Cisco Talos discovered one of these vulnerabilities, CVE-2019-1448 —a remote code execution vulnerability in Microsoft Excel. For more on this bug, read our full Vulnerability Spotlight here . We are also disclosing a remote code execution vulnerability in Microso
Tenable
Microsoft's November 2019 Patch Tuesday: Tenable Roundup
blogs_tenable·2019-11-12
Microsoft's November 2019 Patch Tuesday: Tenable Roundup
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
November 2019 Patch Tuesday - 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe | Qualys
blogs_qualys·2019-11-12·CVSS 9.1
[CRITICAL] November 2019 Patch Tuesday - 74 vulns, 13 Critical, Actively Attacked IE vuln, Hyper-V escapes, Adobe | Qualys
This month’s Microsoft Patch Tuesday addresses 74 vulnerabilities with 13 of them labeled as Critical. Of the 13 Critical vulns, 5 are for browsers and scripting engines. Out of the 8 remaining Critical vulns, 4 are potential hypervisor escapes in Hyper-V, as well as vulnerabilities in Microsoft Exchange, Win32k, Windows Media Foundations, and OpenType. Adobe’s Patch Tuesday was on time this month, and covers 11 vulns spread across Animate, Illustrator, Media Encoder, and Bridge.
UPDATE
There are reports that the CVE-2019-1402 patches are causing issues with all supported versions of Microsoft Access. Microsoft has posted a document on the issue with upcoming fix dates and workarounds.
### Workstation Patches
Scripting Engine, Browser, Win32k, WMF, and OpenType patches should be priori
Zscaler
Zscaler found Multiple Security Vulnerabilities | 13-11-2019
blogs_zscaler·CVSS 7.5
[HIGH] Zscaler found Multiple Security Vulnerabilities | 13-11-2019
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://packetstormsecurity.com/files/155433/Microsoft-Internet-Explorer-Use-After-Free.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429http://packetstormsecurity.com/files/155433/Microsoft-Internet-Explorer-Use-After-Free.htmlhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1429https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-1429
2019-11-12
Published
2021-11-03
Added to CISA KEV
Exploited in the wild