Latest Microsoft Updates Patch 4 Critical Flaws In Windows RDP Client
Microsoft today released its monthly Patch Tuesday update for September 2019, patching a total of 79 security vulnerabilities in its software, of which 17 are rated critical, 61 as important, and one moderate in severity.
Two of the security vulnerabilities patched by the tech giant this month are listed as “publicly known” at the time of release, one of which is an elevation of privilege vulnerability (CVE-2019-1235) in Windows Text Service Framework (TSF), more likely related to a 20-year-old flaw Google security researcher disclosed last month.
Two other vulnerabilities patched this month are reported as being actively exploited in the wild by hackers, both are privilege elevation flaws one resides in the Windows operating system and the other in Windows Common Log File System Driver.
Besides these, Microsoft has released patches for four critical RCE vulnerabilities in Windows built-in Remote Desktop Client application that could enable a malicious RDP server to compromise the client’s computer, reversely, just like researchers demonstrated similar attackers against 3rd-party RDP clients earlier this year.
Unlike the wormable BlueKeep bug, the newly-patched RDP vulnerabilities are all client-side which require an attacker to trick victims into connecting to a malicious RDP server via social engineering, DNS poisoning or using a Man in the Middle (MITM) technique.
The latest Microsoft Windows update also addresses a remote code execution vulnerability (CVE-2019-1280) in the way Windows operating system processes .LNK shortcut files, allowing attackers to compromise targeted systems.
“The attacker could present to the user a removable drive, or remote share, that contains a malicious .LNK file and an associated malicious binary. When the user opens this drive(or remote share) in Windows Explorer or any other application that parses the .LNK file, the malicious binary will execute code of the attacker’s choice, on the target system,” Microsoft advisory says.
Malicious .LNK files have recently been found using by Astaroth fileless malware as part of its initial attack vector i.e., as an attachment with spear-phishing emails, according to cybersecurity researchers at Microsoft.
Microsoft also released updates to patch 12 more critical vulnerabilities, and as expected, all of them lead to remote code execution attacks and reside in various Microsoft products including Chakra Scripting Engine, VBScript, SharePoint server, Scripting Engine, and Azure DevOps and Team Foundation Server.
Some important-rated vulnerabilities also lead to remote code execution attacks, while others allow elevation of privilege, information disclosure, cross-site scripting (XSS), security feature bypass, and denial of service attacks.
Besides this, if you have an Android app for Yammer, Microsoft’s enterprise social network, installed on your smartphone, you should separately update it from Google Play Store to patch a security bypass vulnerability.
Users and system administrators are highly recommended to apply the latest Windows security patches from Microsoft as soon as possible to keep cybercriminals and hackers away from taking control of their computers.
For installing the latest security updates, you can head on to Settings → Update & Security → Windows Update → Check for updates on your computer, or you can install the updates manually.
Adobe also rolled out security updates today to fix a total of 3 security vulnerabilities in Adobe Flash Player and Adobe Application Manager (AAM). Users of the affected Adobe software for Windows, macOS, Linux, and Chrome OS are advised to update their software packages to the latest versions.