Client Alert: Microsoft Patch Tuesday

October 9, 2019

 hero Image

Microsoft Patch Tuesdays: Here's What You Need to Know

Here's the latest updates you need to know, curated by the experts at Align.

Update Overview

On October 8th, 2019, Microsoft has released security updates and one advisory (ADV990001) following its routine monthly patch schedule.

Numerous updates address vulnerabilities that may impact Denial of Service, SharePoint Spoofing, Elevation of Privilege, Remote Code Execution, Memory Corruption, Cross Site Scripting, and Information Disclosure. 

Out of 59 vulnerabilities addressed, eight were classified as Critical. 

Critical Patches 

Following systems have one or more critical patches available:
  • Microsoft Windows
  • Azure
  • Microsoft Scripting Engine
  • Servicing Stack Updates
  • Windows RDP

Two vulnerabilities (CVE 2019-1166 and CVE 2019-1338) patched by Microsoft were discovered by the security firm Preempt

The vulnerabilities could allow bypassing protection on NTLM authentication.

According to Preempt: 

“The impact of these vulnerabilities is far-reaching and, in some cases, can cause full domain compromise of a network. For example – by performing NTLM relay to a sensitive server which does not enforce SMB signing, or by performing NTLM relay to LDAP on a Domain Controller in order to modify sensitive AD objects (LDAP signing will be enforced by default only from January 2020). All Active Directory customers with default configurations are vulnerable to such attacks. Moreover, organizations which do not block LM responses and have clients which still send these default responses are vulnerable to targeted attacks on these clients to bypass additional NTLM protections. Despite Kerberos being the more prevalent authentication protocol in most organizations, NTLM is still enabled and thus abused by attackers to exploit the vulnerabilities that we have described above.” 

A few other vulnerabilities addressed in the October 2019 Patch Tuesday are remote code execution bugs in the VBScript engine (CVE-2019-1238 and CVE-2019-1239) and the Remote Desktop Client Remote Code Execution Vulnerability (CVE-2019-1333).

How to Obtain this Update

For all Align managed clients, these updates will be tested and installed in the next maintenance window.

For all other clients, Align recommends contacting their IT providers to schedule updates of the affected systems as soon as it is practically possible.

For more information, please contact Align Managed Services via email cyber@align.com.

- The Align Managed Services Team
cyber@align.com
www.align.com
www.align.com/support

Tags: Cybersecurity, Managed Services