Microsoft issued the October 2019 Security Updates that include 59 unique vulnerability fixes, 10 of those rated critical. In addition, Adobe has not published any new patches.
The updates include fixes for vulnerabilities in multiple Microsoft products to include:
- Microsoft Windows
- Internet Explorer
- Microsoft Edge (EdgeHTML-based)
- ChakraCore
- Microsoft Office and Microsoft Office Services and Web Apps
- SQL Server Management Studio
- Open Source Software
- Microsoft Dynamics 365
- Windows Update Assistant.
Microsoft has provided patches for the vulnerabilities for each of the CVEs summarized in the October 2019 Security Updates Release Notes.
Remote Code Execution vulnerabilities
All 10 of the critical patches address remote code execution vulnerabilities for multiple product families to include Windows, Browser and Development Tools.
Microsoft patched a Remote Desktop Client remote code execution vulnerability (CVE-2019-1333). An attacker could exploit this vulnerability to execute arbitrary code on the computer of the user who connects to a malicious server.
In addition, Microsoft has re-released a patch for Critical Internet Explorer RCE vulnerability CVE-2019-1367 recently exploited in the wild. The latest update addresses a known printing issue reported by customers after the last patch was released on September 23, 2019.
Another critical RCE vulnerability CVE-2019-1335 exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.
The other seven critical patches address the following CVEs:
- CVE-2019-1060
- CVE-2019-1238
- CVE-2019-1239
- CVE-2019-1307
- CVE-2019-1308
- CVE-2019-1366
- CVE-2019-1372.
Adobe has not released any patches this patch Tuesday, but did release out-of-band patches for ColdFusion late last month.
Readers can also check out more vulnerability and patch details in Microsoft’s Security Update Guide.