It’s Microsoft Patch Tuesday May 2019 again! And this time, the security updates have addressed a total of 79 vulnerabilities with 22 rated as critical and 57 rated as important. And yet again, a little more than half of the vulnerabilities lead to Remote Code Execution. It is worthy to note that the updates addressed an actively exploited elevation of privilege (CVE-2019-0863) zero day, a critical ‘wormable’ remote code execution vulnerability(CVE-2019-0708) in Remote Desktop Services and the new ZombieLoad attack.
ZombieLoad Attack
Microarchitectural Data Sampling vulnerabilities collectively called the ZombieLoad attack, is a new subclass of speculative execution side channel vulnerabilities in the modern processors which allow sensitive information to be accessed on machines. Microsoft has released updates (ADV190013) for operating systems and the cloud to mitigate these vulnerabilities. It is advised to install updates related to ZombieLoad from other vendors too to stay secure. While these patches can resolve the Microarchitectural Data Sampling vulnerabilities, the performance of the CPU could be affected too.
Windows Zero Day and the Critical Remote Code Execution Vulnerability
Windows has been user-friendly and customer-oriented no doubt, but that’s not just the case. The Windows Error Reporting(WER) component, which helps provide solutions to hardware and software problems by reporting back to Microsoft, was used to gain administrator privileges and execute arbitrary code on the system. This vulnerability has been assigned CVE-2019-0863. Microsoft classifies this flaw as important and also reports that exploitation was detected. This vulnerability was publicly disclosed too. There is no clear information about the malwares using this vulnerability.
Another critical vulnerability making headlines today happens to be the Remote Code Execution vulnerability (CVE-2019-0708) in Remote Desktop Services (RDS). RDS uses the Microsoft Remote Desktop Protocol (RDP), the first of whose features talks about securing the communication over networks. Pretty ironic, isn’t it? Simon Pope, Director of Incident Response from Microsoft points out that though RDP itself is not vulnerable but the vulnerability is pre-authentication and does not require user interaction. He adds that this vulnerabilty is a particularly dangerous one as it is ‘wormable‘ and could spread within no time like the infamous WannaCry ransomware attack in 2017.
Microsoft released updates for Windows 7, Windows Server 2008 R2, and Windows Server 2008 to address this vulnerability. Considering the criticality of the situation that might follow, updates were also released for Windows XP and Windows Server 2003 which are no longer supported by Microsoft.
May 2019 Patch Tuesday release consists of security updates for the following products:
- Adobe Flash Player
- Microsoft Windows
- Internet Explorer
- Microsoft Edge
- Microsoft Office and Microsoft Office Services and Web Apps
- Team Foundation Server
- Visual Studio
- Azure DevOps Server
- SQL Server
- .NET Framework
- .NET Core
- ASP.NET Core
- ChakraCore
- Online Services
- Azure
- NuGet
- Skype for Android
Microsoft security bulletin summary for May 2019:
Product : Adobe Flash Player
CVEs/Advisory : ADV190012
Impact : Remote Code Execution
Severity : Critical
KBs : 4497932
Product : Microsoft Windows
CVEs/Advisory : ADV190013, CVE-2019-0707, CVE-2019-0708, CVE-2019-0725, CVE-2019-0727, CVE-2019-0733, CVE-2019-0734, CVE-2019-0758, CVE-2019-0863, CVE-2019-0881, CVE-2019-0882, CVE-2019-0885, CVE-2019-0886, CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, CVE-2019-0892, CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902, CVE-2019-0903, CVE-2019-0931, CVE-2019-0936, CVE-2019-0942, CVE-2019-0961
Impact : Elevation of Privilege, Information Disclosure, Remote Code Execution, Security Feature Bypass
Severity : Critical
KBs : 4494440, 4494441, 4497936, 4499149, 4499151, 4499154, 4499158, 4499164, 4499165, 4499167, 4499171, 4499175, 4499179, 4499180, 4499181
Product : Internet Explorer
CVEs/Advisory : CVE-2019-0884, CVE-2019-0911, CVE-2019-0918, CVE-2019-0921, CVE-2019-0929, CVE-2019-0930, CVE-2019-0940, CVE-2019-0995
Impact : Information Disclosure, Remote Code Execution, Security Feature Bypass, Spoofing
Severity : Critical
KBs : 4494440, 4494441, 4497936, 4498206, 4499149, 4499151, 4499154, 4499164, 4499167, 4499171, 4499179, 4499181
Product : Microsoft Edge
CVEs/Advisory : CVE-2019-0884, CVE-2019-0911, CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0926, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937, CVE-2019-0938, CVE-2019-0940
Impact : Elevation of Privilege, Remote Code Execution
Severity : Critical
KBs : 4494440, 4494441, 4497936, 4499154, 4499167, 4499179, 4499181
Product : Microsoft Office and Microsoft Office Services and Web Apps
CVEs/Advisory : CVE-2019-0932, CVE-2019-0945, CVE-2019-0946, CVE-2019-0947, CVE-2019-0949, CVE-2019-0950, CVE-2019-0951, CVE-2019-0952, CVE-2019-0953, CVE-2019-0956, CVE-2019-0957, CVE-2019-0958, CVE-2019-0963
Impact : Elevation of Privilege, Information Disclosure, Remote Code Execution, Spoofing
Severity : Critical
KBs : 4462169, 4464536, 4464549, 4464551, 4464556, 4464561, 4464564, 4464567, 4464573
Product : Team Foundation Server
CVEs/Advisory : CVE-2019-0872, CVE-2019-0971, CVE-2019-0979
Impact : Spoofing, Information Disclosure
Severity : Important
Product : Visual Studio
CVEs/Advisory : CVE-2019-0727
Impact : Elevation of Privilege
Severity : Important
KBs : 4489639
Product : Azure DevOps Server
CVEs/Advisory : CVE-2019-0872, CVE-2019-0971, CVE-2019-0979
Impact : Spoofing, Information Disclosure
Severity : Important
Product : .NET Framework
CVEs/Advisory : CVE-2019-0820, CVE-2019-0864, CVE-2019-0980, CVE-2019-0981
Impact : Denial of Service
Severity : Important
KBs : 4494440, 4495610, 4495611, 4495613, 4495616, 4495620, 4498961, 4498962, 4498963, 4498964, 4499154, 4499167, 4499179, 4499181, 4499405, 4499406, 4499407, 4499408, 4499409
Product : ASP.NET Core
CVEs/Advisory : CVE-2019-0982
Impact : Denial of Service
Severity : Important
Product : ChakraCore
CVEs/Advisory : CVE-2019-0911, CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937
Impact : Critical
Severity : Remote Code Execution
Product : SQL Server
CVEs/Advisory : CVE-2019-0819
Impact : Information Disclosure
Severity : Important
KBs : 4494351, 4494352
Product : NuGet
CVEs/Advisory : CVE-2019-0976
Impact : Tampering
Severity : Important
SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.
It is really a piece of good news Microsoft is going to release the new updates on it and going to make the users surprise with a lot of advancements. So, keep your eyes on the screen and get the updates.
I really enjoyed reading this post, big fan. Keep up the good work andplease tell me when can you publish more articles or where can I read more on the subject?