Microsoft May 2019 Patch Tuesday

Microsoft has issued patches for 79 vulnerabilities this May 2019 Patch Tuesday. Of the vulnerabilities, 22 were rated critical. Adobe also issued patches for 84 vulnerabilities, 50 of which were critical.

One critical flaw addressed by Microsoft left affected users vulnerable to WannaCry-style malware attacks. This vulnerability (CVE-2019-0708) is in Remote Desktop Services and can be exploited by sending specially crafted requests via Remote Desktop Protocol (RDP). The vulnerability is pre-authentication and requires no user interaction. Hackers exploiting this flaw could install malware on a single computer and then use this foothold to infect all other vulnerable computers on the network.

Microsoft stated that they have yet to uncover evidence that hackers have been actively exploiting this flaw in the wild. However, they have warned that hackers may soon develop an exploit. Therefore, users should apply the patch as soon as possible. If it is not possible to apply the patch, a workaround is available.

The vulnerability is not present in Windows 8 or Windows 10, only earlier operating systems. The flaw is likely to have the most significant impact in healthcare, manufacturing and the industrial sector, where vulnerable Windows versions are still commonly used.

Windows versions that contain the vulnerability are:

  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows 7
  • Windows XP
  • Windows 2003

Microsoft has chosen to issue patches for all vulnerable Windows versions, including the unsupported Windows 2003 and Windows XP due to the seriousness of the flaw. If it is not possible to apply the patch, a workaround is to block TCP port 3389 and enable Network Level Authentication.

The remaining critical vulnerabilities included one zero-day vulnerability that hackers were already exploiting in the wild and another flaw that was publicly disclosed before Microsoft could issue a patch.

Security researchers at Palo Alto Networks identified the actively exploited vulnerability (CVE-2019-0863). This is an elevation of privileges vulnerability in Windows Error Reporting (WER). The flaw can only be exploited if an attacker has gained unprivileged access to a system. Once access is gained, the flaw could be exploited to allow arbitrary code to be run in kernel mode.

The publicly disclosed vulnerability (CVE-2019-0932) is present in Skype for Android, which could allow an attacker to eavesdrop on conversations.

The critical vulnerabilities are present in Adobe Flash Player, Internet Explorer, Microsoft Edge, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, and Windows DHCP Server.

Adobe’s May 2019 Patch Tuesday updates addressed vulnerabilities in Adobe Acrobat, Adobe Media Encoder, Adobe Reader, and Adobe Flash Player. The majority of the patches are for vulnerabilities in Adobe Acrobat and Adobe Reader.

A total of 84 vulnerabilities were corrected, including many remote code execution and information disclosure vulnerabilities. Nearly 60% of the vulnerabilities were rated critical (50), with the remainder classified as ‘important’.