Microsoft patches two zero-days in massive September 2019 Patch Tuesday

by | Jan 2, 2020 | Security/Threats

Microsoft’s September 2019 Patch Tuesday comes with 80 fixes, 17 of which are for critical bugs.

Microsoft has published today 80 security fixes across 15 products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday.

Of the 80 vulnerabilities patched today, two are so-called zero-days — security flaws that had been exploited in the wild before Microsoft released fixes.


The two zero-days are CVE-2019-1214 and CVE-2019-1215. Both are an elevation of privilege (EoP) vulnerabilities. These types of vulnerabilities are usually exploited by malware to gain the ability to run malicious code with administrator privileges on (previously) infected hosts.

The first bug, CVE-2019-1214, is an EoP in the Windows Common Log File System (CLFS) driver. The second, CVE-2019-1215, impacts the ws2ifsl.sys (Winsock) service.

As usual, Microsoft didn’t reveal any details of how the two bugs were being exploited in the wild, only acknowledging a security researcher from Qihoo 360 Vulcan Team with discovering the first.


All in all, this month’s Patch Tuesday is as bulky as all the Patch Tuesday releases have been in recent months, which have regularly ballooned at over 70 fixed bugs on a regular basis.

Also just like in recent months, Microsoft patched remote code execution bugs in the Remote Desktop Protocol. This month, there have been only two — CVE-2019-1290 and CVE-2019-1291.

Both bugs were discovered by Microsoft’s internal team, and unlike the BlueKeep and DejaBlue vulnerabilities disclosed in May and August, Microsoft didn’t say if these two could be abused to create self-spreading wormable malware/exploits.


Since the Microsoft Patch Tuesday is also the day when other vendors release security patches, system administrators may also want to install patches released today by Adobe and SAP.

More in-depth information on today’s Patch Tuesday updates is available on Microsoft’s official Security Update Guide portal. Readers can also check out the table embedded below, this Patch Tuesday report generated by ZDNet, or this one, put together by Trend Micro.