Microsoft has unveiled its monthly Patch Tuesday update for September 2019, addressing 79 security vulnerabilities across various software products. Notably, this release includes 17 critical vulnerabilities, 61 important, and one categorized as moderate. Two of the vulnerabilities are designated as “publicly known” at the time of distribution; one of these is an elevation of privilege flaw (CVE-2019-1235) affecting the Windows Text Service Framework, building on a long-standing issue previously highlighted by a Google security analyst.
Among the critical vulnerabilities, two have been confirmed as actively exploited in the wild, specifically privilege escalation issues, one tied to the Windows operating system and the other to the Windows Common Log File System Driver. This indicates that threat actors may already be leveraging these weaknesses to execute unauthorized actions on target systems.
In this update, Microsoft also addressed four critical remote code execution (RCE) vulnerabilities within the Windows built-in Remote Desktop Client. These flaws could enable a malicious RDP server to compromise client machines, mirroring techniques demonstrated in earlier attacks against third-party RDP clients.
While the infamous wormable BlueKeep vulnerability introduced substantial risks, the patches applied this month are distinct as they pertain to client-side issues. Attackers must employ social engineering, DNS poisoning, or Man-in-the-Middle techniques to mislead victims into connecting to compromised RDP servers.
Additionally, the update remediates a remote code execution vulnerability (CVE-2019-1280) associated with how Windows processes .LNK shortcut files. Attackers can exploit this vulnerability by presenting users with harmful removable drives or remote shares containing malicious .LNK files. Once engaged, these files can execute arbitrary code on the targeted system.
Cybersecurity researchers have identified the use of malicious .LNK files in the initial stages of Astaroth fileless malware attacks, demonstrating the ongoing threat landscape that businesses must navigate. Microsoft also patched 12 additional critical vulnerabilities, all leading to potential remote code execution across several products, including the Chakra Scripting Engine and SharePoint server, among others.
Organizations operating under Microsoft environments are strongly advised to promptly implement these security patches to mitigate the risk of cybercriminal exploitation. Business owners should ensure that their systems are updated via the Settings menu, or manually through the official Microsoft channels.
Lastly, Adobe has issued security updates to address three vulnerabilities in Adobe Flash Player and Adobe Application Manager, reinforcing the necessity for software updates across all operational platforms to uphold cybersecurity integrity.
In summary, the September 2019 Patch Tuesday update marks a significant step in the ongoing effort to fortify Windows systems against a diverse array of vulnerabilities, underscoring the imperative for continuous vigilance in cybersecurity practices among businesses.