Microsoft has published today 80 security fixes across 15 products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday.
Of the 80 vulnerabilities patched today, two are so-called zero-days — security flaws that had been exploited before fixes are released.
The two zero-days are CVE-2019-1214 and CVE-2019-1215.
Both are elevation of privilege (EoP) vulnerabilities.
EoP vulnerabilities are usually exploited by malware to gain the ability to run malicious code with administrator privileges on (previously) infected hosts.
As usual, Microsoft didn’t reveal any details of how the two bugs were being exploited in the wild, only acknowledging a security researcher from Qihoo 360 Vulcan Team with discovering the first.
According to Microsoft, the September ecurity release consists of security updates for the following software:
- Microsoft Windows
- Internet Explorer
- Microsoft Edge (EdgeHTML-based)
- Microsoft Office and Microsoft Office Services and Web Apps
- Adobe Flash Player
- Microsoft Lync
- Visual Studio
- Microsoft Exchange Server
- .NET Framework
- Microsoft Yammer
- .NET Core
- Team Foundation Server
- Project Rome
For futher information please refer to official Microsoft Release Notes on September 2019 Security Updates.