November 2019 - Microsoft Releases Security Patches
Data notifica: 12 novembre 2019
Descrizione
Microsoft addresses several vulnerabilities in its November security bulletin. Trend Micro Deep Security covers the following:
- CVE-2019-1390 - BScript Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the VBScript engine in respect to handling objects in memory. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted. - CVE-2019-1429 - Scripting Engine Memory Corruption Vulnerability
Risk Rating: Critical
This elevation of privilege vulnerability exists in the improper handling of objects in memory by the scripting engine in Internet Explorer. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted. - CVE-2019-1359 - Jet Database Engine Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the improper handling of objects by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file. - CVE-2019-1358 - Jet Database Engine Remote Code Execution Vulnerability
Risk Rating: Critical
This remote code execution vulnerability exists in the improper handling of objects by the Windows Jet Database Engine. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted file. - CVE-2019-1311 - Windows Imaging API Remote Code Execution Vulnerability
Risk Rating: Important
This remote code execution vulnerability exists in the improper handling of objects in memory by the Windows Imaging API. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted .WIM file.
Informazioni esposizione:
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection are also protected from attacks using these vulnerabilities.
| Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection Compatibility |
| CVE-2019-1335 | 1010050 | Microsoft Edge Chakra Scripting Engine Memory Corruption Vulnerability (CVE-2019-1335) | 12-Nov-19 | YES |
| CVE-2019-1390 | 1010051 | Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability (CVE-2019-1390) | 12-Nov-19 | YES |
| CVE-2019-1311 | 1010052 | 1010052-Microsoft Windows Imaging API Remote Code Execution Vulnerability (CVE-2019-1311) | 12-Nov-19 | YES |
| CVE-2019-1358 | 1010053 | Microsoft Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1358) | 12-Nov-19 | YES |
| CVE-2019-1359 | 1010054 | Microsoft Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1359) | 12-Nov-19 | YES |