As part of the November “Tuesday Updates” in the scripting engine, Microsoft fixed the 0-day vulnerability in Internet Explorer, which has been already used in the attacks.
The problem, registered as CVE-2019-1429, allows malicious code to be executed through memory corruption and affects all supported versions of Internet Explorer.
If the vulnerability is successfully exploited, the author of the attack will gain the rights of the current user. If the current user logged in as an administrator, the attacker will be able to take control of the vulnerable system”, – said in a Microsoft newsletter.
To take advantage of the bug, the attacker must lure the user to a malicious web page or force him to open a specially created Microsoft Office file. In such document can be embed an ActiveX control, marked as safe to run in such a document and load the exploit code with it.
In total, Microsoft product developers fixed 74 vulnerabilities; more than a dozen of them are recognized as critical. Vulnerability CVE-2019-1457 in Excel for macOS is one of the critical ones; its existence was noted at the end of October.
The ability to bypass security features in Microsoft Office for Mac arose due to incorrect validation of macro settings in Excel documents. To conduct an attack, should be created a special Excel document that uses the SYLK (SYmbolic LinK) file format, it will convince the user to open this file using a vulnerable version of Microsoft Office for Mac”, – explained Satable Narang from Tenable company.
Earlier this month, the CERT Coordination Center at Carnegie Mellon University warned that malicious SYLK files bypass endpoint protection even with the “disable all macros without notification” option enabled. This makes it possible remotely and without authorization execute any code on a vulnerable system.
You can embed an XLM macro into a SYLK file. Macros in SYLK files are a big problem because Microsoft Office will not open in protected browsing mode to protect users’s security”, – write the experts.
In addition developing vulnerability bulletins, Microsoft has released security recommendations for using third-party products. Therefore, in one of these documents, an ECDSA (Elliptic Curve Digital Signature Algorithm) key confidentiality problem is relevant for some TPM (Trusted Platform Module) chipsets manufactured by STMicroelectronics.
At present, no vulnerable Windows system uses the vulnerable algorithm, but other installed programs or services can use it. If the vulnerability affects the system, you will have to update the TPM firmware”, – writes Microsoft.
Commenting on the new set of Microsoft patches on the Ivanti blog, expert Chris Goettl reminded users of the near termination of support for several versions of Windows. Those who did not manage to upgrade can, join the Extended Security Updates (ESU) program to continue to receive updates after January 14, though there is a fee for this service.