#MICROSOFT OFFICE UPDATES NOVEMBER 2019 PATCH#
The patch fixes how SharePoint checks file content, where the vulnerability exists. Using this vulnerability, a potential threat actor can upload a specifically crafted file to the SharePoint server that would allow him to obtain SMB hashes. Among the patches classified as Important was one for an information disclosure vulnerability in SharePoint. To exploit this vulnerability, an attacker would need to run cmdlets via PowerShell. Using this vulnerability, a successful threat actor can run arbitrary code like a legitimate system user. The Critical patches also included a fix for an RCE vulnerability in Microsoft Exchange, which manifests in the the deserialization of metadata through PowerShell. Hackers can use a special application on a guest operating system that could have the Hyper-V host operating system execute arbitrary code.
The vulnerabilities exists in how Hyper-V fails to adequately validate input from a guest operating system. Hyper-V patchesĬVE-2019-0721, CVE-2019-1389, CVE-2019-1397, and CVE-2019-1398.A significant portion of the Critical vulnerabilities patched this month addressed flaws in Hyper-V, Microsoft’s virtualization software. Here are a few details on the fixed vulnerabilities for this month.
#MICROSOFT OFFICE UPDATES NOVEMBER 2019 WINDOWS 10#
This Patch Tuesday also coincides with the start of the rollout of the Windows 10 November 2019 Update, which is now available to users as an opt-in version via Windows Update. The remaining majority were rated as Important and included patches for Windows graphics components and Microsoft SharePoint, among others. The November Patch Tuesday holds more fixes with a total of 74 patches, 13 of which were classified as Critical patches for remote code execution (RCE) vulnerabilities. Following the relatively light list from last month, November proved to be a much more eventful month for Microsoft users.
0 kommentar(er)
