The September Patch Tuesday release from Microsoft included 18 critical fixes and 79 in total. The fixes include several Remote Code Execution vulnerabilities:
RDP client-side remote code execution vulnerabilities
Four remote code execution vulnerabilities were fixed in the Remote Desktop Services client. If a user can be tricked into connecting to a malicious RDP server (through social engineering, DNS hijacking or a man-in-the-middle attack) then the RDP server is able to execute arbitrary code on the client computer.
According to Microsoft, all four vulnerabilities have been publicly disclosed and at least two have active exploits targeting them.
According to Microsoft:
Remote code execution vulnerabilities exist in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Microsoft SharePoint Server Remote Code Execution vulnerabilities
Three remote code execution vulnerabilities have been patched in SharePoint server.
The first pair of patches (CVE-2019-1295, CVE-2019-1296 ) fix vulnerabilities that exist in the way APIs hosted on the SharePoint server aren’t properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.
Exploitation of these vulnerabilities require that a user accesses a susceptible API on an affected version of SharePoint with specially-formatted input.
The third vulnerability (CVE-2019-1257) can be exploited by specially crafted SharePoint application packages. The flaw exists in the way SharePoint fails to check the source markup of an application package.
A successful exploitation will enable the attacker to run arbitrary code in the context of the SharePoint server farm account.
SharePoint administrators should take special care when obtaining third party SharePoint applications which could have been altered by an attacker to exploit this vulnerability.