May Patch Bulletin
This month there are 80 unique Microsoft related CVE’s, 1 public and exploited, 1 publicly disclosed, and 17 technologies affected. We pay close attention to:
- CVE-2019-0863 (This is an elevation of privilege vulnerability caused by the way Windows Error Reporting handles files. An attacker would have to be able to run code on the system as a standard user in order to exploit this vulnerability) and CVE-2019-0708 (does has not been disclosed or exploited but could be very impactful to organizations if it were to be exploited. This vulnerability could be exploited remotely using RDP. Let’s hope, just after the 2 year anniversary of the WannaCry ransomware outbreak, that we do not have a WannaCry 2 outbreak).
- CVE-2019-0863 | Windows Error Reporting Elevation of Privilege Vulnerability – An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with administrator privileges. To exploit the vulnerability, an attacker must first gain unprivileged execution on a victim system. The security update addresses the vulnerability by correcting the way WER handles files.
- CVE-2019-0708 | A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. Considering the criticality of the situation that might follow, updates were also released for Windows XP and Windows Server 2003 which are no longer supported by Microsoft.
For additional details, please find the information from Microsoft below:
| Technology | Products Affected | Severity | Reference | Workaround/Exploited/ Publicly Disclosed | Vulnerability Info |
|---|---|---|---|---|---|
| Adobe | Flash Player 32.0.0.171 and earlier | Critical | ADV190012 | Workaround: No Exploited: No Public: No | Remote Code Execution |
| Windows | Windows 7, 8.1, 8.1 RT, 10 Server 2008/2008 R2 Sever 2012, 2012 R2 Server 2016 Server 2019 | Critical | CVE-2019-0707 CVE-2019-0708 CVE-2019-0725 CVE-2019-0727 CVE-2019-0733 CVE-2019-0734 CVE-2019-0758 CVE-2019-0863 CVE-2019-0881 CVE-2019-0882 CVE-2019-0885 CVE-2019-0886 CVE-2019-0889 CVE-2019-0890 CVE-2019-0891 CVE-2019-0892 CVE-2019-0893 CVE-2019-0894 CVE-2019-0895 CVE-2019-0896 CVE-2019-0897 CVE-2019-0898 CVE-2019-0899 CVE-2019-0900 CVE-2019-0901 CVE-2019-0902 CVE-2019-0903 CVE-2019-0931 CVE-2019-0936 CVE-2019-0942 CVE-2019-0961 | Workaround: No Exploited: Yes Public: Yes* | Information Disclosure Elevation of Privilege Remote Code Execution Security Feature Bypass |
| Internet Explorer | IE 9,10,11 | Critical | CVE-2019-0884 CVE-2019-0911 CVE-2019-0918 CVE-2019-0921 CVE-2019-0929 CVE-2019-0930 CVE-2019-0940 CVE-2019-0995 | Workaround: No Exploited: No Public: No | Remote Code Execution Information Disclosure Security Feature Bypass Spoofing |
| Edge | Edge | Critical | CVE-2019-0884 CVE-2019-0911 CVE-2019-0912 CVE-2019-0913 CVE-2019-0914 CVE-2019-0915 CVE-2019-0916 CVE-2019-0917 CVE-2019-0922 CVE-2019-0923 CVE-2019-0924 CVE-2019-0925 CVE-2019-0926 CVE-2019-0927 CVE-2019-0933 CVE-2019-0937 CVE-2019-0938 CVE-2019-0940 | Workaround: No Exploited: No Public: No | Remote Code Execution Elevation of Privilege |
| Office | SharePoint Enterprise 2016, Foundation 2010, 2013, 2019 Office 2010, 2013, 2016, 2019 2016, 2019 for Mac Office 365 Word 2016 | Critical | CVE-2019-0945 CVE-2019-0946 CVE-2019-0947 CVE-2019-0949 CVE-2019-0950 CVE-2019-0951 CVE-2019-0952 CVE-2019-0953 CVE-2019-0956 CVE-2019-0957 CVE-2019-0958 CVE-2019-0963 | Workaround: No Exploited: No Public: No | Elevation of Privilege Remote Code Execution Information Disclosure Spoofing |
| Team Foundation Server | 2015 U 4.2, 2017 U 3.1, 2018 U 1.2, 2018 U 3.2 | Important | CVE-2019-0872 CVE-2019-0971 CVE-2019-0979 | Workaround: No Exploited: No Public: No | Spoofing Information Disclosure |
| Visual Studio | 2015, 2017, 2019 | Important | CVE-2019-0727 | Workaround: No Exploited: No Public: No | Elevation of Privilege |
| Azure DevOps Server | Server 2019 | Important | CVE-2019-0872 CVE-2019-0971 CVE-2019-0979 | Workaround: No Exploited: No Public: No | Spoofing Information Disclosure |
| SQL Server | Server 2018 | Important | CVE-2019-0819 | Workaround: No Exploited: No Public: No | Information Disclosure |
| .NET Framework | .NET 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 | Important | CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 CVE-2019-0864 | Workaround: No Exploited: No Public: No | Denial of Service |
| .NET Core | Core 1.0, 1.1, 2.1, 2.2 | Important | CVE-2019-0820 CVE-2019-0980 CVE-2019-0981 | Workaround: No Exploited: No Public: No | Denial of Service |
| ASP.NET Core | Core 2.1, 2.2 | Important | CVE-2019-0982 | Workaround: No Exploited: No Public: No | Denial of Service |
| ChakraCore | ChakraCore | Critical | CVE-2019-0911 CVE-2019-0912 CVE-2019-0913 CVE-2019-0914 CVE-2019-0915 CVE-2019-0916 CVE-2019-0917 CVE-2019-0922 CVE-2019-0924 CVE-2019-0925 CVE-2019-0927 CVE-2019-0933 CVE-2019-0937 | Workaround: No Exploited: No Public: No | Remote Code Execution |
| Online Services | Online Server | Critical | CVE-2019-0953 | Workaround: No Exploited: No Public: No | Remote Code Execution |
| Azure | Azure Active Directory Connect | Important | CVE-2019-1000 | Workaround: No Exploited: No Public: No | Elevation of Privilege |
| NuGet | NuGet 5.0.2 | Important | CVE-2019-0976 | Workaround: No Exploited: No Public: No | Tampering |
| Skype for Android | Skype 8.35 | Important | CVE-2019-0932 | Workaround: No Exploited: No Public: Yes | Information Disclosure |
In case of any questions or clarifications please feel free to reach out to ECHO’s Service Desk.