Microsoft Patch Tuesday – May 19

Microsoft has released its regular monthly security updates, which includes a total of 79 vulnerabilities. 22 updates have been rated Critical, 55 Important, 2 vulns have been publicly disclosed and 1 has been detected as already being exploited in the wild.

MS products covered by these updates are Windows Operating Systems, Edge and Internet Explorer Browsers, Office, SQL Server, GDI+, Team Foundation server, Skype, .Net framework and the ever present ChakraCore scripting engine.

The highest rated vuln this month belongs to CVE-2019-0708 with a CVSS Score of 9.8. This remote code execution vuln affects Remote Desktop Services (the remote administration protocol) and requires no user interaction to exploit. A successful exploit of this vulnerability can be achieved by an attacker sending a crafted RDP request to the target system, allowing the change and deletion of data, installation of applications and the creation of new privileged accounts.

Microsoft browsers have updates resolving 3 Critical CVE’s that are related to memory corruption vulns in the scripting engine, these have a regular appearance in patch Tuesday, and are caused by the way objects are handled in memory.

By exploiting these vuln’s through a user accessing a specially crafted web page or embedded Active X control, an attacker could execute code as the current logged in user. If the user was logged in with admin rights, they could take control of the target system. The attacker would then be able to install programs, as well as steal, change or delete data.

CVE-2019-0903 covers a critical remote code execution vuln in GDI+ the Windows Graphics Device Interface. Due to improper handling of objects in memory an attacker can take control of the target machine. This can be exploited through a file sharing attack that uses a malicious document or a web-based attack using a specially crafted web site.

The exploited vulnerability is an Important privilege elevation flaw in Windows Error Reporting (CVE-2019-0863), affecting all supported versions of the Windows Operating System. This flaw can be exploited by a bad actor who first gains unprivileged access to the target system. Privileges can be elevated to administrator level, allowing the actor to execute code, manipulate and delete data, and create new backdoor accounts with admin rights.  

Please review this month’s updates and get patching as soon as you can!

Keeping up to date with security patches for your operating systems and software, is a critical part of delivering and maintaining a strong security posture, please ensure you test and update as quickly as possible to reduce risk, prevent exploitation and to ultimately stay secure.

For a full list of this month’s updates please see the links below:

Patch Tuesday release notes:

Security update guide:

Ironshare – Security Simplified