web analytics

May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability

Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release, six are rated Critical, 73 are rated Important or Low, and one separately posted as a mitigating update addressing an imminent “wormable” threat. The release also includes updates for different Microsoft products such as Internet Explorer, Edge, Office, Office Services and Web Apps, Azure DevOps Server, SQL Server, ChakraCore, NuGet, .NET Framework, .NET Core, Team Foundation Server, Visual Studio, Online Services, and Skype for Android. Adobe also released security updates with this month’s Patch Tuesday post.

Microsoft released a security guidance notification for users of outdated Windows operating systems addressing CVE-2019-0708, considering that a number of enterprises continue to use legacy systems for daily operations. While Microsoft noted that it has not been seen in the wild, the vulnerability can be used for RCE attacks via the remote desktop services component of Windows 7, Windows 2003, Windows Server 2008 R2, Windows Server 2008, and Windows XP. An attacker may send customized requests to a targeted system, and the exploit requires no pre-authentication and no user interaction to acquire full user rights, create new accounts, install, change, and delete data. Microsoft notes that this is a mitigating move as future and existing malware can use this flaw to propagate from one system to another, much like the 2017 WannaCry outbreak.

Among the critical security flaws noted were CVE-2019-0953, ADV190013, CVE-2019-7837, and CVE-2019-0708. CVE-2019-0953 is a remote code execution (RCE) vulnerability found in Microsoft Word that can enable escalated privileges to access the system when exploited. ADV190013 addresses four vulnerabilities — CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2018-11091 — that can be exploited through a new subclass of speculative execution side channel flaws known as Microarchitectural Data Sampling (MDS). Attackers may access privileged information across resource environments such as cloud services configurations, and may affect other systems such as Android, Chrome, iOS, Linux and MacOS. CVE-2019-7837 is a critical Adobe Flash Player vulnerability that can be exploited for attacks via arbitrary code execution.

The Trend Micro™ Deep Security™ and Vulnerability Protection solutions protect systems and users from threats targeting the vulnerabilities included in this month’s Patch Tuesday release via the following Deep Packet Inspection (DPI) rules:

RuleDescriptionVulnerability
1009722Microsoft Windows Error Reporting Elevation Of Privilege VulnerabilityCVE-2019-0863
1009723Microsoft Windows GDI Information Disclosure VulnerabilityCVE-2019-0882
1009724Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption VulnerabilityCVE-2019-0884
1009725Microsoft Windows OLE Remote Code Execution VulnerabilityCVE-2019-0885
1009726Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption VulnerabilityCVE-2019-0911
1009727Microsoft Internet Explorer Scripting Engine Memory Corruption VulnerabilityCVE-2019-0918
1009729Microsoft Edge Memory Corruption VulnerabilityCVE-2019-0926
1009730Microsoft Internet Explorer Information Disclosure VulnerabilityCVE-2019-0930
1009731Microsoft Edge Elevation Of Privilege VulnerabilityCVE-2019-0938
1009733Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption VulnerabilityCVE-2019-0940
1009740Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 1CVE-2019-7140, CVE-2019-7141, CVE-2019-7142, CVE-2019-7143, CVE-2019-7144, CVE-2019-7145, CVE-2019-7758, CVE-2019-7759, CVE-2019-7760
1009735Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 2CVE-2019-7761, CVE-2019-7762, CVE-2019-7763, CVE-2019-7764, CVE-2019-7765, CVE-2019-7766, CVE-2019-7767, CVE-2019-7768, CVE-2019-7769
1009738Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 3CVE-2019-7770, CVE-2019-7771, CVE-2019-7772, CVE-2019-7773, CVE-2019-7774, CVE-2019-7775, CVE-2019-7776, CVE-2019-7777, CVE-2019-7778
1009736Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 4CVE-2019-7779, CVE-2019-7780, CVE-2019-7781, CVE-2019-7782, CVE-2019-7783, CVE-2019-7784, CVE-2019-7785, CVE-2019-7786, CVE-2019-7787
1009742Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 5CVE-2019-7788, CVE-2019-7789, CVE-2019-7790, CVE-2019-7791, CVE-2019-7792, CVE-2019-7793, CVE-2019-7794, CVE-2019-7795, CVE-2019-7796
1009739Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 6CVE-2019-7797, CVE-2019-7798, CVE-2019-7799, CVE-2019-7800, CVE-2019-7801, CVE-2019-7802, CVE-2019-7803, CVE-2019-7804, CVE-2019-7805
1009737Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 7CVE-2019-7806, CVE-2019-7807, CVE-2019-7808, CVE-2019-7809, CVE-2019-7810, CVE-2019-7811, CVE-2019-7812, CVE-2019-7814
1009741Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 8CVE-2019-7817, CVE-2019-7818, CVE-2019-7819, CVE-2019-7820, CVE-2019-7821, CVE-2019-7822, CVE-2019-7823, CVE-2019-7825, CVE-2019-7826
1009734Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 9CVE-2019-7827, CVE-2019-7828, CVE-2019-7829, CVE-2019-7830, CVE-2019-7831, CVE-2019-7832, CVE-2019-7833, CVE-2019-7834, CVE-2019-7835, CVE-2019-7836, CVE-2019-7841

 

Trend Micro™ TippingPoint® customers are protected from threats and attacks that may exploit this month’s list of vulnerabilities via these MainlineDV filters:

  • 34217: HTTP: Microsoft Office PowerPoint gdiplus ConvertToEmfPlus Out-of-Bounds Read Vulnerability
  • 34221: HTTP: Microsoft Windows Subsetting Library Integer Underflow Vulnerability
  • 34222: HTTP: Microsoft Windows Font Parser Buffer Overflow Vulnerability
  • 34677: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
  • 34678: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
  • 34761: HTTP: Microsoft Windows Integer Overflow Vulnerability
  • 34875: HTTP: Microsoft Edge Memory Corruption Vulnerability (Pwn2Own)
  • 34877: HTTP: Microsoft Edge CCanvasRenderingProcessor2D Double-Free Vulnerability (Pwn2Own)
  • 35044: HTTP: Microsoft JET Database Engine Buffer Overflow Vulnerability
  • 35045: HTTP: Microsoft Windows JET Database Engine Out-Of-Bounds Write Vulnerability
  • 35049: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
  • 35050: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
  • 35102: HTTP: Microsoft Windows WER Service Privilege Escalation Vulnerability
  • 35104: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability
  • 35107: HTTP: Microsoft Edge Chakra JIT Type Confusion Vulnerability
  • 35108: HTTP: Microsoft Internet Explorer RegExp Use-After-Free Vulnerability
  • 35109: HTTP: Microsoft Edge videoTracks Use-After-Free Vulnerability
  • 35110: HTTP: Microsoft Internet Explorer join Use-After-Free Vulnerability
  • 35112: HTTP: Microsoft Edge PostMessage Privilege Escalation Vulnerability
  • 35131: HTTP: Microsoft Windows JET Database Engine Integer Underflow Vulnerability
  • 35142: HTTP: Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Vulnerability

The post May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability appeared first on .