For Patch Day in September 2019, manufacturer Microsoft is updating numerous products, especially the Windows operating system. It also provides or applies security updates to the .NET Framework, Edge Browser, Exchange Server, Internet Explorer, Office, Skype for Business, Team Foundation Server, and Visual Studio.
In the Security Update Guide, Microsoft lists more details about the vulnerabilities.
- The Security Updates (CVE-2019-1214, CVE-2019-1215) for the exploited vulnerabilities have been rated by Microsoft as "important". The vulnerabilities could allow attackers with restricted permissions to gain administrator privileges.
- Windows Vulnerabilities (CVE-2019-1235, CVE-2019-1294), which have been publicly known for some time, according to Microsoft. This means that attacks could be carried out in a timely manner using these vulnerabilities. With the help of the Windows Text Service Framework (TSF) and vulnerabilities could take full control.
All current Windows desktop operating systems and Windows Server operating systems are affected by operating system updates.
After administrator has validated the compatibility of the updates and sharing, the updates should be installed on the affected systems. In the past, for example, patches in Windows 10 had limited the functionality and availability of systems after Windows updates. Because the bank's updates affect Windows Desktop and Windows Server operating systems, and the updates are considered critical, they should be applied quickly. There is a great need for action.