November Patch Tuesday: Don’t Just “Browse”, Patch.

November Patch Tuesday: Don’t Just “Browse”, Patch.

November Patch Tuesday: Don’t Just “Browse”, Patch.

It hasn’t been the best month for browsers, with both Internet Explorer and Google Chrome having zero day incidents.

The Internet Explorer CVE (CVE-2019-1429) was one of 75 vulnerabilities identified this month, with other CVEs relating to Excel (CVE-2019-1457) being disclosed. Google Chrome also had a Zero Day vulnerability (CVE-2019-13720) and Adobe released updates for 11 vulnerabilities throughout the Adobe suite.

Browser Exploits: CVE-2019-1429, CVE-2019-13720

Browser exploits are on the rise, following on from September’s Internet Explorer Zero Day (CVE-2019-1367) and the Chrome Zero Day on November 1st. Patches for the critical vulnerability in Internet Explorer (CVE-2019-1429) have now been released. While an exploited vulnerability in this instance does not permit privilege escalation, it could still allow an attacker to execute code remotely. User awareness training can help reduce the risks of any exploited vulnerabilities, but it is still always advisable to install patches as soon as possible.

CVE-2019-1457

Microsoft’s Excel vulnerability (CVE-2019-1457) bypasses security features, as an attacker could embed code to run a macro. The real risk here lies within whatever is executed in the macro and the bypassing of the security settings of Excel. This vulnerability is not currently being exploited in the wild.

Windows End of Life Dates

Final updates for Windows 10 branch 1803 Home, Pro and Pro for Workstations editions have been released this month. Enterprise and Education editions will continue to get updates until November  2020 giving another year to transition.

The next Windows End of Life (EoL) date will be January 8th when Windows 7 and Server 2008 and 2008 R2 reach their end. If you have yet to provision an EoL solution, please feel free to reach out to the Options Vulnerability Management team for next steps.

Options works closely with clients to actively patch any and all vulnerabilities – it is imperative that operating systems and 3rd party software products are kept up to date. Security doesn’t end with vulnerability patching; well-trained employees and a strong supporting security team are also essential. In 2019 we’ve substantially expanded our team and extended our global operational presence, rolling out rigorous training programs across the board alongside numerous platform security enhancements and the deployment of new cybersecurity initiatives to safeguard our clients’ data. For the latest on our Security, Intelligence and Analytics product offering, download our product sheet here.

Leave a Reply

Your email address will not be published. Required fields are marked *