Patch Tuesday, November 2019 Edition

RSS Feed

Participant
Joined
Dec 23, 2018
Messages
94
RSS Feed submitted a new Article:

Patch Tuesday, November 2019 Edition

Microsoft today released updates to plug security holes in its software, including patches to fix at least 74 weaknesses in various flavors of Windows and programs that run on top of it. The November updates include patches for a zero-day flaw in Internet Explorer that is currently being exploited in the wild, as well as a sneaky bug in certain versions of Office for Mac that bypasses security protections and was detailed publicly prior to today’s patches.

brokenwindows.png
More than a dozen of the flaws tackled in this month’s release are rated “critical,” meaning they involve weaknesses that could be exploited to install malware without any action on the part of the user, except for perhaps browsing to a hacked or malicious Web site or opening a booby-trapped file attachment.

Perhaps the most concerning of those critical holes is a zero-day flaw in Internet Exploder Explorer (CVE-2019-1429) that has already seen active exploitation. Today’s updates also address two other critical vulnerabilities in the same Windows component that handles various scripting languages.

Microsoft also fixed a flaw in Microsoft Office for Mac (CVE-2019-1457) that could allow attackers to bypass security protections in some versions of the program that could let malicious macros through.

Macros are bits of computer code that can be embedded into Office files, and malicious macros are frequently used by malware purveyors to compromise Windows systems. Usually, this takes the form of a prompt urging the user to “enable macros” once they’ve opened a booby-trapped Office document delivered via email. Thus, Office has a feature called “disable all macros without notification.”

macrosms.png


But Microsoft says all versions of Office still support an older type of macros that do not respect this setting, and can be used as a vector for pushing malware. Will Dornan of CERT/CC reports that while Office 2016...

Read more about this article here...
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,752
This patch fixes a lot of security issues. I'm know there's a sizeable group of Windows users who shy away from quick updates, often with good reason but this one is important if you value your security.
 

highlander29

Enthusiast
Joined
Nov 3, 2013
Messages
185
Wonder if it is a coincidence my host is dead for the past few hours. Can't get to my forum, wmh or the ticketing system
 

BrandonSheley

loving life
Joined
Jan 2, 2006
Messages
2,607
We're still running clients on 1903, the two updates after that have been nightmares.


Wonder if it is a coincidence my host is dead for the past few hours. Can't get to my forum, wmh or the ticketing system
I doubt it, you can always check your site with a service like https://downforeveryoneorjustme.com if you don't have some automated system in place already to let you know the server is down.
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,752
We're still running clients on 1903, the two updates after that have been nightmares.

1903 was probably the most problematic update I've ever had on any version of Windows.

It started with a warning telling me my up-to-date version of Windows 10 was soon to be unsupported and needed to be upgraded o_O Long story short, I let it do its thing and spent days afterwards fixing the strangest of issues including a grey-out mouse pointer!
 

BrandonSheley

loving life
Joined
Jan 2, 2006
Messages
2,607
The update after that one was killing network connections to some clients.

Good times :D
 
Top