Following systems have one or more critical patches available:

• Microsoft Windows
• Azure
• Microsoft Scripting Engine
• Servicing Stack Updates
• Windows RDP

Two vulnerabilities (CVE 2019-1166 and CVE 2019-1338) patched by Microsoft were discovered by the security firm Preempt. 

The vulnerabilities could allow bypassing protection on NTLM authentication.

According to Preempt: 

“The impact of these vulnerabilities is far-reaching and, in some cases, can cause full domain compromise of a network. For example – by performing NTLM relay to a sensitive server which does not enforce SMB signing, or by performing NTLM relay to LDAP on a Domain Controller in order to modify sensitive AD objects (LDAP signing will be enforced by default only from January 2020). All Active Directory customers with default configurations are vulnerable to such attacks. Moreover, organizations which do not block LM responses and have clients which still send these default responses are vulnerable to targeted attacks on these clients to bypass additional NTLM protections. Despite Kerberos being the more prevalent authentication protocol in most organizations, NTLM is still enabled and thus abused by attackers to exploit the vulnerabilities that we have described above.” 

A few other vulnerabilities addressed in the October 2019 Patch Tuesday are remote code execution bugs in the VBScript engine (CVE-2019-1238 and CVE-2019-1239) and the Remote Desktop Client Remote Code Execution Vulnerability (CVE-2019-1333).

How to Obtain this Update