Microsoft’s November 2019 Patch Tuesday arrives with a patch for an IE zero-day

November 13, 2019

Microsoft has released today the November 2019 Patch Tuesday security updates. This month’s updates include a patch for a vulnerability in the Internet Explorer scripting engine that hackers have been seen exploiting in the wild.

Tracked as CVE-2019-1429, Microsoft says the IE bug can allow remote code execution due to “the way that the scripting engine handles objects in memory in Internet Explorer.”

Furthermore, because the bug is in IE’s scripting engine, this impacts more than just the Internet Explorer browser.

IE’s scripting engine is also used inside Office Suite apps to display web content inside embeddable iframes. This means attackers can craft malicious Office documents and execute malicious code on a user’s system if the user allows the display of rich content, such as web-based iframes.

The IE zero-day was spotted in active attacks by three different organizations: iDefense Labs, Resecurity, and Google (through its Project Zero and Threat Analysis Group) — suggesting this is a pretty noisy attack, whatever the attack was.

The three entities who reported the bug have not yet disclosed any public details about the attacks where this zero-day was discovered.

Most Windows zero-days are usually discovered and weaponized by government-based hacking groups, but they eventually slowly make their way down the totem pole to financial crime-focused groups, then mundane spam operations, and later, automated exploit kits.

Users have between a few weeks and a few months to patch this IE zero-day until the bug is commoditized by the criminal underground and attacks spread and become more common.

Other fixes

But while the IE zero-day is the most urgent bug to fix, there is more to this month’s Microsoft security updates. In total, this month’s Patch Tuesday came with fixes for 74 bugs across nine Microsoft products/platforms.

Other notable fixes include a patch for Excel for Mac. This patch fixes an issue reported earlier this month, namely that Excel for Mac ignored the “Disable all macros” setting and still executed XLM-based macros scripts when users opened an Excel spreadsheet, opening users to a dangerous attack vector.

In addition, Microsoft also issued a special advisory for dealing with a mysterious vulnerability that exists in certain Trusted Platform Module (TPM) chipsets.

Tracked as CVE-2019-16863, details about this vulnerability are still secret, at the time of writing. We’ll update this article once we learn more, but this looks like a serious issue that could be used to compromise TPMs — dedicated microcontrollers (chips, cryptoprocessors) used to ensure hardware authenticity during a computer’s boot-up process.

Additional useful Patch Tuesday information is below:

Microsoft’s official Security Update Guide portal lists all security updates in a filterable table.
ZDNet also put together this page listing all security updates on one single page, in one place.
Additional analysis of today’s Patch Tuesday is also available from Cisco Talos, SANS ISC, Tenable, and Trend Micro.
This month’s Adobe security updates are detailed here.
SAP security updates are detailed here.
Intel security updates are also available. Plenty of important stuff fixed this month [1, 2, 3].
The Android Security Bulletin for November 2019 is detailed here. Patches started rolling out to users’ phones last week.

TagCVE IDCVE Title Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Chipsets ADV190024 Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM) Azure Stack CVE-2019-1234 Azure Stack Spoofing Vulnerability Graphic Fonts CVE-2019-1456 OpenType Font Parsing Remote Code Execution Vulnerability Microsoft Edge CVE-2019-1413 Microsoft Edge Security Feature Bypass Vulnerability Microsoft Exchange Server CVE-2019-1373 Microsoft Exchange Remote Code Execution Vulnerability Microsoft Graphics Component CVE-2019-1441 Win32k Graphics Remote Code Execution Vulnerability Microsoft Graphics Component CVE-2019-1408 Win32k Elevation of Privilege Vulnerability Microsoft Graphics Component CVE-2019-1439 Windows GDI Information Disclosure Vulnerability Microsoft Graphics Component CVE-2019-1438 Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component CVE-2019-1407 Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component CVE-2019-1394 Win32k Elevation of Privilege Vulnerability Microsoft Graphics Component CVE-2019-1393 Win32k Elevation of Privilege Vulnerability Microsoft Graphics Component CVE-2019-1396 Win32k Elevation of Privilege Vulnerability Microsoft Graphics Component CVE-2019-1395 Win32k Elevation of Privilege Vulnerability Microsoft Graphics Component CVE-2019-1437 Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component CVE-2019-1432 DirectWrite Information Disclosure Vulnerability Microsoft Graphics Component CVE-2019-1411 DirectWrite Information Disclosure Vulnerability Microsoft Graphics Component CVE-2019-1440 Win32k Information Disclosure Vulnerability Microsoft Graphics Component CVE-2019-1419 OpenType Font Parsing Remote Code Execution Vulnerability Microsoft Graphics Component CVE-2019-1433 Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component CVE-2019-1436 Win32k Information Disclosure Vulnerability Microsoft Graphics Component CVE-2019-1412 OpenType Font Driver Information Disclosure Vulnerability Microsoft Graphics Component CVE-2019-1434 Win32k Elevation of Privilege Vulnerability Microsoft Graphics Component CVE-2019-1435 Windows Graphics Component Elevation of Privilege Vulnerability Microsoft JET Database Engine CVE-2019-1406 Jet Database Engine Remote Code Execution Vulnerability Microsoft Office CVE-2019-1445 Microsoft Office Online Spoofing Vulnerability Microsoft Office CVE-2019-1449 Microsoft Office ClickToRun Security Feature Bypass Vulnerability Microsoft Office CVE-2019-1446 Microsoft Excel Information Disclosure Vulnerability Microsoft Office CVE-2019-1447 Microsoft Office Online Spoofing Vulnerability Microsoft Office CVE-2019-1402 Microsoft Office Information Disclosure Vulnerability Microsoft Office CVE-2019-1448 Microsoft Excel Remote Code Execution Vulnerability Microsoft Office CVE-2019-1457 Microsoft Office Excel Security Feature Bypass Microsoft Office SharePoint CVE-2019-1443 Microsoft SharePoint Information Disclosure Vulnerability Microsoft Office SharePoint CVE-2019-1442 Microsoft Office Security Feature Bypass Vulnerability Microsoft RPC CVE-2019-1409 Windows Remote Procedure Call Information Disclosure Vulnerability Microsoft Scripting Engine CVE-2019-1426 Scripting Engine Memory Corruption Vulnerability Microsoft Scripting Engine CVE-2019-1429 Scripting Engine Memory Corruption Vulnerability Microsoft Scripting Engine CVE-2019-1427 Scripting Engine Memory Corruption Vulnerability Microsoft Scripting Engine CVE-2019-1428 Scripting Engine Memory Corruption Vulnerability Microsoft Scripting Engine CVE-2019-1390 VBScript Remote Code Execution Vulnerability Microsoft Windows CVE-2019-1383 Windows Data Sharing Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2019-1418 Windows Modules Installer Service Information Disclosure Vulnerability Microsoft Windows CVE-2018-12207 Windows Denial of Service Vulnerability Microsoft Windows CVE-2019-1420 Windows Elevation of Privilege Vulnerability Microsoft Windows CVE-2019-1417 Windows Data Sharing Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2019-1415 Windows Installer Elevation of Privilege Vulnerability Microsoft Windows CVE-2019-1374 Windows Error Reporting Information Disclosure Vulnerability Microsoft Windows CVE-2019-1422 Windows Elevation of Privilege Vulnerability Microsoft Windows CVE-2019-1423 Windows Elevation of Privilege Vulnerability Microsoft Windows CVE-2019-1424 NetLogon Security Feature Bypass Vulnerability Microsoft Windows CVE-2019-1382 Microsoft ActiveX Installer Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2019-1385 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability Microsoft Windows CVE-2019-1380 Microsoft splwow64 Elevation of Privilege Vulnerability Microsoft Windows CVE-2019-1388 Windows Certificate Dialog Elevation of Privilege Vulnerability Microsoft Windows CVE-2019-1391 Windows Denial of Service Vulnerability Microsoft Windows CVE-2019-1384 Microsoft Windows Security Feature Bypass Vulnerability Microsoft Windows CVE-2019-1405 Windows UPnP Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2019-1381 Microsoft Windows Information Disclosure Vulnerability Microsoft Windows CVE-2019-1379 Windows Data Sharing Service Elevation of Privilege Vulnerability Microsoft Windows CVE-2019-1324 Windows TCP/IP Information Disclosure Vulnerability Open Source Software CVE-2019-1370 Open Enclave SDK Information Disclosure Vulnerability Visual Studio CVE-2019-1425 Visual Studio Elevation of Privilege Vulnerability Windows Hyper-V CVE-2019-1398 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V CVE-2019-1310 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V CVE-2019-0719 Hyper-V Remote Code Execution Vulnerability Windows Hyper-V CVE-2019-1399 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V CVE-2019-1397 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V CVE-2019-0712 Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V CVE-2019-0721 Hyper-V Remote Code Execution Vulnerability Windows Hyper-V CVE-2019-1389 Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V CVE-2019-1309 Windows Hyper-V Denial of Service Vulnerability Windows Kernel CVE-2019-1392 Windows Kernel Elevation of Privilege Vulnerability Windows Kernel CVE-2019-11135 Windows Kernel Information Disclosure Vulnerability Windows Media Player CVE-2019-1430 Microsoft Windows Media Foundation Remote Code Execution Vulnerability Windows Subsystem for Linux CVE-2019-1416 Windows Subsystem for Linux Elevation of Privilege Vulnerability