May Patch Bulletin

May Patch Bulletin

This month there are 80 unique Microsoft related CVE’s, 1 public and exploited, 1 publicly disclosed, and 17 technologies affected. We pay close attention to:

  •  CVE-2019-0863 (This is an elevation of privilege vulnerability caused by the way Windows Error Reporting handles files.  An attacker would have to be able to run code on the system as a standard user in order to exploit this vulnerability) and CVE-2019-0708 (does has not been disclosed or exploited but could be very impactful to organizations if it were to be exploited.  This vulnerability could be exploited remotely using RDP.  Let’s hope, just after the 2 year anniversary of the WannaCry ransomware outbreak, that we do not have a WannaCry 2 outbreak).
  • CVE-2019-0863 | Windows Error Reporting Elevation of Privilege Vulnerability – An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges. To exploit the vulnerability, an attacker must first gain unprivileged execution on a victim system. The security update addresses the vulnerability by correcting the way WER handles files.
  • CVE-2019-0708 | A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. Considering the criticality of the situation that might follow, updates were also released for Windows XP and Windows Server 2003 which are no longer supported by Microsoft.

For additional details, please find the information from Microsoft below:

Technology Products Affected SeverityReferenceWorkaround/Exploited/ Publicly Disclosed Vulnerability Info
AdobeFlash Player 32.0.0.171 and earlier CriticalADV190012Workaround: No
Exploited: No
Public: No
Remote Code Execution
Windows Windows 7, 8.1, 8.1 RT, 10
Server 2008/2008 R2
Sever 2012, 2012 R2
Server 2016
Server 2019
Critical CVE-2019-0707
CVE-2019-0708
CVE-2019-0725
CVE-2019-0727
CVE-2019-0733
CVE-2019-0734
CVE-2019-0758
CVE-2019-0863
CVE-2019-0881
CVE-2019-0882
CVE-2019-0885
CVE-2019-0886
CVE-2019-0889
CVE-2019-0890
CVE-2019-0891
CVE-2019-0892
CVE-2019-0893
CVE-2019-0894
CVE-2019-0895
CVE-2019-0896
CVE-2019-0897
CVE-2019-0898
CVE-2019-0899
CVE-2019-0900
CVE-2019-0901
CVE-2019-0902
CVE-2019-0903
CVE-2019-0931
CVE-2019-0936
CVE-2019-0942
CVE-2019-0961
Workaround: No
Exploited: Yes
Public: Yes*
Information Disclosure
Elevation of Privilege
Remote Code Execution
Security Feature Bypass
Internet ExplorerIE 9,10,11 CriticalCVE-2019-0884
CVE-2019-0911
CVE-2019-0918
CVE-2019-0921
CVE-2019-0929
CVE-2019-0930
CVE-2019-0940
CVE-2019-0995
Workaround: No
Exploited: No
Public: No
Remote Code Execution
Information Disclosure
Security Feature Bypass
Spoofing
EdgeEdgeCriticalCVE-2019-0884
CVE-2019-0911
CVE-2019-0912
CVE-2019-0913
CVE-2019-0914
CVE-2019-0915
CVE-2019-0916
CVE-2019-0917
CVE-2019-0922
CVE-2019-0923
CVE-2019-0924
CVE-2019-0925
CVE-2019-0926
CVE-2019-0927
CVE-2019-0933
CVE-2019-0937
CVE-2019-0938
CVE-2019-0940
Workaround: No
Exploited: No
Public: No
Remote Code Execution
Elevation of Privilege
OfficeSharePoint Enterprise 2016, Foundation 2010, 2013, 2019
Office 2010, 2013, 2016, 2019
2016, 2019 for Mac
Office 365
Word 2016
CriticalCVE-2019-0945
CVE-2019-0946
CVE-2019-0947
CVE-2019-0949
CVE-2019-0950
CVE-2019-0951
CVE-2019-0952
CVE-2019-0953
CVE-2019-0956
CVE-2019-0957
CVE-2019-0958
CVE-2019-0963
Workaround: No
Exploited: No
Public: No
Elevation of Privilege
Remote Code Execution
Information Disclosure
Spoofing
Team Foundation Server2015 U 4.2, 2017 U 3.1, 2018 U 1.2, 2018 U 3.2Important CVE-2019-0872
CVE-2019-0971
CVE-2019-0979
Workaround: No
Exploited: No
Public: No
Spoofing
Information Disclosure
Visual Studio2015, 2017, 2019ImportantCVE-2019-0727Workaround: No
Exploited: No
Public: No
Elevation of Privilege
Azure DevOps ServerServer 2019ImportantCVE-2019-0872
CVE-2019-0971
CVE-2019-0979
Workaround: No
Exploited: No
Public: No
Spoofing
Information Disclosure
SQL ServerServer 2018Important CVE-2019-0819Workaround: No
Exploited: No
Public: No
Information Disclosure
.NET Framework.NET 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8ImportantCVE-2019-0820
CVE-2019-0980
CVE-2019-0981
CVE-2019-0864
Workaround: No
Exploited: No
Public: No
Denial of Service
.NET CoreCore 1.0, 1.1, 2.1, 2.2ImportantCVE-2019-0820
CVE-2019-0980
CVE-2019-0981
Workaround: No
Exploited: No
Public: No
Denial of Service
ASP.NET CoreCore 2.1, 2.2ImportantCVE-2019-0982Workaround: No
Exploited: No
Public: No
Denial of Service
ChakraCoreChakraCoreCriticalCVE-2019-0911
CVE-2019-0912
CVE-2019-0913
CVE-2019-0914
CVE-2019-0915
CVE-2019-0916
CVE-2019-0917
CVE-2019-0922
CVE-2019-0924
CVE-2019-0925
CVE-2019-0927
CVE-2019-0933
CVE-2019-0937
Workaround: No
Exploited: No
Public: No
Remote Code Execution
Online ServicesOnline ServerCriticalCVE-2019-0953Workaround: No
Exploited: No
Public: No
Remote Code Execution
AzureAzure Active Directory ConnectImportantCVE-2019-1000Workaround: No
Exploited: No
Public: No
Elevation of Privilege
NuGetNuGet 5.0.2Important CVE-2019-0976Workaround: No
Exploited: No
Public: No
Tampering
Skype for AndroidSkype 8.35ImportantCVE-2019-0932Workaround: No
Exploited: No
Public: Yes
Information Disclosure

In case of any questions or clarifications please feel free to reach out to ECHO’s Service Desk.