September Patch Tuesday rolling out

[Karlston]

September Patch Tuesday rolling out

The September 2019 patches are out, and there’s a bumper crop:

• 216 separate patches in the Catalog – for all versions of Windows
• 80 identified security holes (CVEs)
• Two listed as “known” and two listed as “under active attack” – but all four of those are listed as “Important,” not “Critical.” Three of the four are “Elevation of Privilege” which means you have to be infected first before these security holes can be leveraged. The fourth requires that the miscreant have physical control over your machine.
• Apparent fix for the SearchUI.exe redlining bug introduced last month in Win10 1903

Martin Brinkmann has his usual extensive discussion on ghacks.net.

 

As Dustin Childs says on the Zero Day Initiative blog:

You’ll notice there are Remote Desktop bugs being patched in this release as well, but unlike BlueKeep and DejaBlue, these members of the Blue Bug Group are all client-side. An attacker would need to convince someone to connect to their malicious RDP server or otherwise intercept (MITM) the traffic. It’s good to see these issues patched, but they don’t carry the urgency of the recent wormable bugs.

Short version: No big problems just yet, but stay tuned.

 

Interesting. The SANS Storm Center says there are five “disclosed” or “exploited” security holes, not four. SANS ISC says — and Microsoft confirms — that CVE-2019-1253 is publicly known. It’s also an “Elevation of Privilege” attack.

 

 

 

Source: September Patch Tuesday rolling out (AskWoody - Woody Leonhard)

[frankl1n]

According to Ask Woody the “Compatibility Appraiser”  is back in Sept 2019 security rollup! Same as in July!

Quote

Jul 2019 KB 4507456 – Download 32-bit or 64-bit (NOTE: contains KB2952664 functionality known as the “Compatibility Appraiser”)
Jul 2019 (IE11) KB 4507434 – Download 32-bit or 64-bit
Jul 2019 (IE11) KB4510979 – Download 32-bit or 64-bit (Released 7/16/2019 fixes Windows-Eyes screen reader app error)

Aug 2019 KB 4512486 – Download 32-bit or 64-bit
Aug 2019 KB 4517297 – Download 32-bit or 64-bit (Released 8/16 fixes VB6, VBA,VBScript. If you install this you do not need KB4512486)
Aug 2019 (IE11) KB 4511872 – Download 32-bit or 64-bit

Sep 2019 KB 4516033 – Download 32-bit or 64-bit (NOTE: contains KB2952664 functionality known as the “Compatibility Appraiser”)
Sep 2019 (IE11) KB 4516046 – Download 32-bit or 64-bit

I am assuming that the same steps apply this time around that applied in July to get rid of the BS after installing the update:

Spoiler

Windows guru @abbodi86 has looked at the internals of the patch and concludes:

Disabling (or deleting) these schedule tasks after installation (before reboot) should be enough to turn off the appraiser

\Microsoft\Windows\Application Experience\ProgramDataUpdater
\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
\Microsoft\Windows\Application Experience\AitAgent

but it’s best to wait until next month to see if the Security-only update comes clean (lmao)

ALSO

Disable the Windows Customer Experience Improvement Program
Disabling the Windows Customer Experience Improvement Program and the related Task Scheduler tasks that control this program can improve Windows 7, Windows 8/8.1, and Windows 10 system performance in large desktop pools.

The following steps apply to Windows 7 and Windows 8. The steps might vary on different Windows operating systems.
Procedure

    In the Windows 7 or Windows 8 guest operating system, start the control panel and click Action Center > Change Action Center settings.
    Click Customer Experience Improvement Program settings.
    Select No, I don't want to participate in the program and click Save changes.
    Start the control panel and click Administrative Tools > Task Scheduler.
    In the Task Scheduler (open Run, and then type taskschd.msc) (Local) pane of the Task Scheduler dialog box, expand the Task Scheduler Library > Microsoft > Windows nodes and open the Application Experience folder.
    Disable the AITAgent, ProgramDataUpdater, and if available, Microsoft Compatibility Appraiser tasks.
    In the Task Scheduler Library > Microsoft > Windows node, open the Customer Experience Improvement Program folder.
    Disable the Consolidator, KernelCEIPTask, and UsbCEIP tasks.
    In the Task Scheduler Library > Microsoft > Windows node, open the Autochk folder.
    Disable the Proxy task.