Today’s VERT Alert addresses Microsoft’s September 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-849 on Wednesday, September 11th.

In-The-Wild & Disclosed CVEs

CVE-2019-1214

An elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver can allow an attacker to run processes in an elevated context. Microsoft has reported this as being exploited and credited the Qihoo 360 Vulcan Team with reporting the vulnerability.

Microsoft has rated this as a 3 (Exploitation Unlikely) on the latest software release and as a 1 (Exploitation More Likely) on older software releases on the Exploitability Index.

CVE-2019-1215

An elevation of privilege vulnerability in Winsock (ws2ifsl.sys) can allow an attacker to execute code in an elevated context. Microsoft has also reported this as being exploited but there’s no official acknowledgement for the discovery / reporting of the vulnerability.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-1235

On systems that have installed an Input Method Editor (IME), attackers can inject commands and read input via a malicious IME because the Windows Text Service Framework (TSF) server does not properly validate the source of input. This vulnerability has been publicly disclosed.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE-2019-1253

An elevation of privilege vulnerability in Windows AppX Deployment Server can allow an attacker to run code in an elevated context due to the improper handling of junctions. This vulnerability has been publicly disclosed.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE-2019-1294

An attacker with physical access to a system could enable certain debugging options that would allow for the disclosure of protected kernel memory when Windows Secure Boot is enabled. The update removes (Read more...)