Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s November 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-859 on Wednesday, November 13th.

In-The-Wild & Disclosed CVEs

CVE-2019-1429

A vulnerability in the scripting engine in Internet Explorer can lead to code execution. The attacker could corrupt memory and execute code in the context of the current user. Microsoft has indicated that this attack is currently seeing active exploitation. Impacted organizations should apply this patch as soon as possible.

Microsoft has rated this as a 0 (Exploitation Detected) on both the latest software release and on older software releases on the Exploitability Index.

CVE-2019-1457

This publicly disclosed, but yet to be exploited security bypass exists in Microsoft Office for Mac 2016 and 2019. Specifically, Office for Mac does not properly enforce macro settings in Excel documents allowing an attacker to embed a control in Excel worksheets that indicates a macro should be run. Victims would need to open malicious Excel documents in order to be attacked.

Microsoft has rated this as Not Applicable on both the latest software release and on older software releases on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Windows Hyper-V
9
CVE-2019-0712, CVE-2019-0719, CVE-2019-0721, CVE-2019-1309, CVE-2019-1310, CVE-2019-1389, CVE-2019-1397, CVE-2019-1398, CVE-2019-1399
Open Source Software
1
CVE-2019-1370
Windows Subsystem for Linux
1
CVE-2019-1416
Microsoft JET Database Engine
1
CVE-2019-1406
Microsoft RPC
1
CVE-2019-1409
Windows Media Player
1
CVE-2019-1430
Microsoft Edge
1
CVE-2019-1413
Microsoft Graphics Component
19
CVE-2019-1432, CVE-2019-1433, CVE-2019-1434, CVE-2019-1435, CVE-2019-1436, CVE-2019-1437, CVE-2019-1438, CVE-2019-1439, CVE-2019-1440, CVE-2019-1441, CVE-2019-1393, CVE-2019-1394, CVE-2019-1395, CVE-2019-1396, CVE-2019-1407, CVE-2019-1408, CVE-2019-1411, CVE-2019-1412, CVE-2019-1419
Microsoft Scripting Engine
5
CVE-2019-1429, CVE-2019-1390, CVE-2019-1426, CVE-2019-1427, CVE-2019-1428
Visual Studio
1
CVE-2019-1425
Windows Kernel
2
CVE-2019-11135, CVE-2019-1392
Microsoft Office SharePoint
2
CVE-2019-1442, CVE-2019-1443
Microsoft Exchange Server
1
CVE-2019-1373
Microsoft Office
7
CVE-2019-1457, CVE-2019-1402, CVE-2019-1445, CVE-2019-1446, CVE-2019-1447, CVE-2019-1448, CVE-2019-1449
Microsoft Windows
20
CVE-2019-1374, CVE-2019-1415, CVE-2019-1417, CVE-2019-1418, CVE-2018-12207, CVE-2019-1324, CVE-2019-1379, CVE-2019-1380, CVE-2019-1381, CVE-2019-1382, CVE-2019-1383, CVE-2019-1384, CVE-2019-1385, CVE-2019-1388, CVE-2019-1391, CVE-2019-1405, CVE-2019-1420, CVE-2019-1422, CVE-2019-1423, CVE-2019-1424
Azure Stack
1
CVE-2019-1234
Graphic Fonts
1
CVE-2019-1456

Other Information

There are no new security advisories in this month’s Microsoft patch bundle.

 

The Executive's Guide to the Top 20 Critical Security Controls