October 9, 2019

Client Alert: Microsoft Patch Tuesday

by: Align

07Z

Microsoft Patch Tuesdays: Here's What You Need to Know

Here's the latest updates you need to know, curated by the experts at Align.

Update Overview

On October 8th, 2019, Microsoft has released security updates and one advisory (ADV990001) following its routine monthly patch schedule.

Numerous updates address vulnerabilities that may impact Denial of Service, SharePoint Spoofing, Elevation of Privilege, Remote Code Execution, Memory Corruption, Cross Site Scripting, and Information Disclosure. 

Out of 59 vulnerabilities addressed, eight were classified as Critical. 

Critical Patches 

Following systems have one or more critical patches available:
  • Microsoft Windows
  • Azure
  • Microsoft Scripting Engine
  • Servicing Stack Updates
  • Windows RDP

Two vulnerabilities (CVE 2019-1166 and CVE 2019-1338) patched by Microsoft were discovered by the security firm Preempt

The vulnerabilities could allow bypassing protection on NTLM authentication.

According to Preempt: 

“The impact of these vulnerabilities is far-reaching and, in some cases, can cause full domain compromise of a network. For example – by performing NTLM relay to a sensitive server which does not enforce SMB signing, or by performing NTLM relay to LDAP on a Domain Controller in order to modify sensitive AD objects (LDAP signing will be enforced by default only from January 2020). All Active Directory customers with default configurations are vulnerable to such attacks. Moreover, organizations which do not block LM responses and have clients which still send these default responses are vulnerable to targeted attacks on these clients to bypass additional NTLM protections. Despite Kerberos being the more prevalent authentication protocol in most organizations, NTLM is still enabled and thus abused by attackers to exploit the vulnerabilities that we have described above.” 

A few other vulnerabilities addressed in the October 2019 Patch Tuesday are remote code execution bugs in the VBScript engine (CVE-2019-1238 and CVE-2019-1239) and the Remote Desktop Client Remote Code Execution Vulnerability (CVE-2019-1333).

How to Obtain this Update

For all Align managed clients, these updates will be tested and installed in the next maintenance window.

For all other clients, Align recommends contacting their IT providers to schedule updates of the affected systems as soon as it is practically possible.

For more information, please contact Align Managed Services via email cyber@align.com.

- The Align Managed Services Team
cyber@align.com
www.align.com
www.align.com/support

Continue Reading

Related Articles

★★★★★

“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC