Microsoft’s September 2019 Patch Tuesday comes with 80 fixes, 17 of which are for critical bugs.
Microsoft has published today 80 security fixes across 15 products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday.
Of the 80 vulnerabilities patched today, two are so-called zero-days — security flaws that had been exploited in the wild before Microsoft released fixes.
The two zero-days are CVE-2019-1214 and CVE-2019-1215. Both are an elevation of privilege (EoP) vulnerabilities. These types of vulnerabilities are usually exploited by malware to gain the ability to run malicious code with administrator privileges on (previously) infected hosts.
As usual, Microsoft didn’t reveal any details of how the two bugs were being exploited in the wild, only acknowledging a security researcher from Qihoo 360 Vulcan Team with discovering the first.
NEW RDP VULNERABILITIES
All in all, this month’s Patch Tuesday is as bulky as all the Patch Tuesday releases have been in recent months, which have regularly ballooned at over 70 fixed bugs on a regular basis.
Both bugs were discovered by Microsoft’s internal team, and unlike the BlueKeep and DejaBlue vulnerabilities disclosed in May and August, Microsoft didn’t say if these two could be abused to create self-spreading wormable malware/exploits.
NON-MICROSOFT SECURITY UPDATES
More in-depth information on today’s Patch Tuesday updates is available on Microsoft’s official Security Update Guide portal. Readers can also check out the table embedded below, this Patch Tuesday report generated by ZDNet, or this one, put together by Trend Micro.