May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability

Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release, six are rated Critical, 73 are rated Important or Low, and one separately posted as a mitigating update addressing an imminent “wormable” threat. The release also includes updates for different Microsoft products such as Internet Explorer, Edge, Office, Office Services and Web Apps, Azure DevOps Server, SQL Server, ChakraCore, NuGet, .NET Framework, .NET Core, Team Foundation Server, Visual Studio, Online Services, and Skype for Android. Adobe also released security updates with this month’s Patch Tuesday post.

Microsoft released a security guidance notification for users of outdated Windows operating systems addressing CVE-2019-0708, considering that a number of enterprises continue to use legacy systems for daily operations. While Microsoft noted that it has not been seen in the wild, the vulnerability can be used for RCE attacks via the remote desktop services component of Windows 7, Windows 2003, Windows Server 2008 R2, Windows Server 2008, and Windows XP. An attacker may send customized requests to a targeted system, and the exploit requires no pre-authentication and no user interaction to acquire full user rights, create new accounts, install, change, and delete data. Microsoft notes that this is a mitigating move as future and existing malware can use this flaw to propagate from one system to another, much like the 2017 WannaCry outbreak.

Among the critical security flaws noted were CVE-2019-0953, ADV190013, CVE-2019-7837, and CVE-2019-0708. CVE-2019-0953 is a remote code execution (RCE) vulnerability found in Microsoft Word that can enable escalated privileges to access the system when exploited. ADV190013 addresses four vulnerabilities — CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2018-11091 — that can be exploited through a new subclass of speculative execution side channel flaws known as Microarchitectural Data Sampling (MDS). Attackers may access privileged information across resource environments such as cloud services configurations, and may affect other systems such as Android, Chrome, iOS, Linux and MacOS. CVE-2019-7837 is a critical Adobe Flash Player vulnerability that can be exploited for attacks via arbitrary code execution.

The Trend Micro™ Deep Security™ and Vulnerability Protection solutions protect systems and users from threats targeting the vulnerabilities included in this month’s Patch Tuesday release via the following Deep Packet Inspection (DPI) rules:

Rule Description Vulnerability
1009722 Microsoft Windows Error Reporting Elevation Of Privilege Vulnerability CVE-2019-0863
1009723 Microsoft Windows GDI Information Disclosure Vulnerability CVE-2019-0882
1009724 Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability CVE-2019-0884
1009725 Microsoft Windows OLE Remote Code Execution Vulnerability CVE-2019-0885
1009726 Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability CVE-2019-0911
1009727 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability CVE-2019-0918
1009729 Microsoft Edge Memory Corruption Vulnerability CVE-2019-0926
1009730 Microsoft Internet Explorer Information Disclosure Vulnerability CVE-2019-0930
1009731 Microsoft Edge Elevation Of Privilege Vulnerability CVE-2019-0938
1009733 Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability CVE-2019-0940
1009740 Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 1 CVE-2019-7140, CVE-2019-7141, CVE-2019-7142, CVE-2019-7143, CVE-2019-7144, CVE-2019-7145, CVE-2019-7758, CVE-2019-7759, CVE-2019-7760
1009735 Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 2 CVE-2019-7761, CVE-2019-7762, CVE-2019-7763, CVE-2019-7764, CVE-2019-7765, CVE-2019-7766, CVE-2019-7767, CVE-2019-7768, CVE-2019-7769
1009738 Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 3 CVE-2019-7770, CVE-2019-7771, CVE-2019-7772, CVE-2019-7773, CVE-2019-7774, CVE-2019-7775, CVE-2019-7776, CVE-2019-7777, CVE-2019-7778
1009736 Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 4 CVE-2019-7779, CVE-2019-7780, CVE-2019-7781, CVE-2019-7782, CVE-2019-7783, CVE-2019-7784, CVE-2019-7785, CVE-2019-7786, CVE-2019-7787
1009742 Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 5 CVE-2019-7788, CVE-2019-7789, CVE-2019-7790, CVE-2019-7791, CVE-2019-7792, CVE-2019-7793, CVE-2019-7794, CVE-2019-7795, CVE-2019-7796
1009739 Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 6 CVE-2019-7797, CVE-2019-7798, CVE-2019-7799, CVE-2019-7800, CVE-2019-7801, CVE-2019-7802, CVE-2019-7803, CVE-2019-7804, CVE-2019-7805
1009737 Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 7 CVE-2019-7806, CVE-2019-7807, CVE-2019-7808, CVE-2019-7809, CVE-2019-7810, CVE-2019-7811, CVE-2019-7812, CVE-2019-7814
1009741 Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 8 CVE-2019-7817, CVE-2019-7818, CVE-2019-7819, CVE-2019-7820, CVE-2019-7821, CVE-2019-7822, CVE-2019-7823, CVE-2019-7825, CVE-2019-7826
1009734 Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 9 CVE-2019-7827, CVE-2019-7828, CVE-2019-7829, CVE-2019-7830, CVE-2019-7831, CVE-2019-7832, CVE-2019-7833, CVE-2019-7834, CVE-2019-7835, CVE-2019-7836, CVE-2019-7841

 

Trend Micro™ TippingPoint® customers are protected from threats and attacks that may exploit this month’s list of vulnerabilities via these MainlineDV filters:

  • 34217: HTTP: Microsoft Office PowerPoint gdiplus ConvertToEmfPlus Out-of-Bounds Read Vulnerability
  • 34221: HTTP: Microsoft Windows Subsetting Library Integer Underflow Vulnerability
  • 34222: HTTP: Microsoft Windows Font Parser Buffer Overflow Vulnerability
  • 34677: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
  • 34678: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
  • 34761: HTTP: Microsoft Windows Integer Overflow Vulnerability
  • 34875: HTTP: Microsoft Edge Memory Corruption Vulnerability (Pwn2Own)
  • 34877: HTTP: Microsoft Edge CCanvasRenderingProcessor2D Double-Free Vulnerability (Pwn2Own)
  • 35044: HTTP: Microsoft JET Database Engine Buffer Overflow Vulnerability
  • 35045: HTTP: Microsoft Windows JET Database Engine Out-Of-Bounds Write Vulnerability
  • 35049: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
  • 35050: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
  • 35102: HTTP: Microsoft Windows WER Service Privilege Escalation Vulnerability
  • 35104: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability
  • 35107: HTTP: Microsoft Edge Chakra JIT Type Confusion Vulnerability
  • 35108: HTTP: Microsoft Internet Explorer RegExp Use-After-Free Vulnerability
  • 35109: HTTP: Microsoft Edge videoTracks Use-After-Free Vulnerability
  • 35110: HTTP: Microsoft Internet Explorer join Use-After-Free Vulnerability
  • 35112: HTTP: Microsoft Edge PostMessage Privilege Escalation Vulnerability
  • 35131: HTTP: Microsoft Windows JET Database Engine Integer Underflow Vulnerability
  • 35142: HTTP: Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Vulnerability

The post May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability appeared first on .

Read more: May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability

Incoming search terms

Story added 15. May 2019, content source with full text you can find at link above.