Patches released for two actively exploited Windows 0days

By on
Patches released for two actively exploited Windows 0days

Another fix-heavy month with 17 critical vulnerabilities plugged.

Microsoft's regular Patch Wednesday round of security fixes for September takes care of two Windows vulnerabilties exploited in the wild by unknown threat actors.

The two zero-day vulnerabilties are both privilege escalation bugs that require attackers to be logged on locally.

One, CVE-2019-1214, affects the Windows Common Log File System (CLFS) driver, which handles objects in memory inappropriately.

Microsoft said that a locally logged-in attacker could run a specially crafted application to take control of the computer system.

Similarily, the Windows Socket application programming interface driver (Winsock) also contains a bug that allows attackers to elevate their user privileges to run code with administrator rights.

A total of 80 vulnerabilities are patched in this month's set of security fixes, 17 of which are rated as critical.

The Remote Desktop Services feature used to administer computer systems continues to throw up security issues, after the recent wormable Bluekeep and Dejablue vulnerabilties were discovered.

This month's Patch Wednesday handles four new vulnerabilities in the Windows RDP client.

Microsoft is also patching a privilege escalation vulnerability in the Windows Update Delivery Optimisation (WUDO) feature that is used to limit the amount of bandwidth used for updates, by fetching them from peers on the same network that already have the fresh code.

Attackers can abuse the bug to overwrite files that they would not normally have permission to access.

Windows shortcuts, or .lnk files, can be exploited to for remote code execution, Microsoft said in its advisory.

"The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary.

"When the user opens this drive(or remote share) in Windows Explorer, or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system," Microsoft said.

On top of the Windows operating system, Microsoft released patches for its Internet Explorer and Edge browsers and the ChakraCore scripting engine.

The software giant's Office productivity applications, as well as Exchange Server, Skype for Business and Microsoft Lync were also patched, along with the Yammer and Team Foundation collaboration products.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?