October, 2019: Patch Tuesday - One public exploit you will want to give attention to

Welcome to this October Patch Tuesday Bulletin. This month there are 61 unique CVE’s, 10 critical and 1 being exploited. CVE-2019-1367 is currently being exploited and for desktop OS's you will want to update ASAP. Server OS's like 2008, 2008R2, 2012, 2016 and 2019 with Enhanced Security Configuration enabled are better protected unless a vulnerable site has been added to the Trusted Sites zone.  If you want to test before updating, Microsoft does offer a workaround that can easily be reverted after patching.  Besides that it's a fairly light month for Microsoft patching.

Patch data provided by:

 LOGbinder.com

Technology

Products Affected

Severity

Reference

Workaround/ Exploited / Publicly Disclosed

Vulnerability Info

Windows

 

Windows 7, 8.1, 8.1 RT, 10

Server 2008/2008 R2

Sever 2012, 2012 R2

Server 2016

Server 2019

System Center

Windows 10 Mobile

Windows Defender

Critical

 

CVE-2019-1060
CVE-2019-1166
CVE-2019-1230
CVE-2019-1255
CVE-2019-1311
CVE-2019-1314
CVE-2019-1315
CVE-2019-1316
CVE-2019-1317
CVE-2019-1318
CVE-2019-1319
CVE-2019-1320
CVE-2019-1321
CVE-2019-1322
CVE-2019-1323
CVE-2019-1325
CVE-2019-1326
CVE-2019-1333
CVE-2019-1334
CVE-2019-1336
CVE-2019-1337
CVE-2019-1338
CVE-2019-1339
CVE-2019-1340
CVE-2019-1341
CVE-2019-1342
CVE-2019-1343
CVE-2019-1344
CVE-2019-1345
CVE-2019-1346
CVE-2019-1347
CVE-2019-1358
CVE-2019-1359
CVE-2019-1361
CVE-2019-1362
CVE-2019-1363
CVE-2019-1364
CVE-2019-1365
CVE-2019-1368

 


Workaround: No
Exploited: No
Public: No

 

Denial of Service

Elevation of Privilege

Information Disclosure

Remote Code Execution

Security Feature Bypass

Spoofing

Tampering

Edge

All

Critical

CVE-2019-0608
CVE-2019-1307
CVE-2019-1308
CVE-2019-1335
CVE-2019-1356
CVE-2019-1357
CVE-2019-1366

 

Workaround: No
Exploited: No
Public: No

 

Information Disclosure

Remote Code Execution

Spoofing

IE

9, 10, 11

Critical

 

CVE-2019-0608
CVE-2019-1238
CVE-2019-1239
CVE-2019-1357
CVE-2019-1367
CVE-2019-1371

 

Workaround: No
Exploited: Yes
Public: No

 

Remote Code Execution

Spoofing

Office, Office Services, Office Web Apps

Office 365 ProPlus

SharePoint 2010, 2013, 2016, 2019

Office 2010, 2013, 2016, 2019, Online Server

Excel 2010, 2013, 2016, Excel Services

2016 for Mac, 2019 for Mac

Important

 

CVE-2019-1070
CVE-2019-1327
CVE-2019-1328
CVE-2019-1329
CVE-2019-1330
CVE-2019-1331

 

Workaround: No
Exploited: No
Public: No

 

Elevation of Privilege

Remote Code Execution

Spoofing

Azure

Azure App Service on Azure Stack

Critical

 

CVE-2019-1372

 

Workaround: No
Exploited: No
Public: No

 

Remote Code Execution

ChakraCore

ChakraCore

Critical

 

CVE-2019-1307
CVE-2019-1308
CVE-2019-1335
CVE-2019-1366

 

Workaround: No
Exploited: No
Public: No

 

Remote Code Execution

Open Enclave SDK

Open Enclave SDK

Important

 

CVE-2019-1369

 

Workaround: No
Exploited: No
Public: No

 

Information Disclosure

SQL Server Management Studio

18.3, 18.3.1

Important

 

CVE-2019-1313
CVE-2019-1376

 

Workaround: No
Exploited: No
Public: No

 

Information Disclosure

Dynamics 365 On-Prem

9.0

Important

 

CVE-2019-1375

 

Workaround: No
Exploited: No
Public: No

 

Spoofing