Patch Tuesday, September 2019 Edition
Krebs on Security
Microsoft today issued security updates to plug some 80 security holes in various flavors of its Windows operating systems and related software. The software giant assigned a “critical” rating to almost a quarter of those vulnerabilities, meaning they could be used by malware or miscreants to hijack vulnerable systems with little or no interaction on the part of the user.
Two of the bugs quashed in this month’s patch batch (CVE-2019-1214 and CVE-2019-1215) involve vulnerabilities in all supported versions of Windows that have already been exploited in the wild. Both are known as “privilege escalation” flaws in that they allow an attacker to assume the all-powerful administrator status on a targeted system. Exploits for these types of weaknesses are often deployed along with other attacks that don’t require administrative rights.