VERT Threat Alert: May 2019 Patch Tuesday Analysis

0

Today’s VERT Wide awake addresses Microsoft’s May 2019 Security Updates. VERT is actively deal with on coverage for these vulnerabilities and expects to ship ASPL-830 on Wednesday, May 15th.

In-The-Wild & Betrayed CVEs

CVE-2019-0863

Windows Error Reporting (WER) incorrectly oversees certain files and, when exploited, could lead to the execution of maxims in kernel mode, providing full administrative control over the method. It is reported that this vulnerability is currently being exploited in the hysterical.

Microsoft has rated this as a 0 (Exploitation Detected) on the Exploitability Clue.

CVE-2019-0932

An attacker calling an Android Phone with Skype for Android connected and paired with a Bluetooth device could listen in on the phone buyer’s conversation without the user’s knowledge. Changes have been saw to how Skype for Android answers incoming phone calls. Note: Due to the party line involved, ASPL will not include coverage for this vulnerability.

Microsoft has priced this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE Destruction by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are after with an identifier. This list provides a breakdown of the CVEs on a per tag bottom.

Tag
CVE Count
CVEs
Microsoft Scripting Engine
16
CVE-2019-0884, CVE-2019-0911, CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0918, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937
Microsoft JET Database Apparatus
13
CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902, CVE-2019-0889, CVE-2019-0890, CVE-2019-0891
Microsoft Division SharePoint
8
CVE-2019-0956, CVE-2019-0957, CVE-2019-0958, CVE-2019-0963, CVE-2019-0949, CVE-2019-0950, CVE-2019-0951, CVE-2019-0952
Microsoft Windows
7
CVE-2019-0863, CVE-2019-0886, CVE-2019-0942, CVE-2019-0733, CVE-2019-0885, CVE-2019-0931, CVE-2019-0936
Microsoft Graphics Component
5
CVE-2019-0882, CVE-2019-0892, CVE-2019-0903, CVE-2019-0961, CVE-2019-0758
Internet Explorer
4
CVE-2019-0921, CVE-2019-0929, CVE-2019-0930, CVE-2019-0995
Microsoft House
4
CVE-2019-0945, CVE-2019-0946, CVE-2019-0947, CVE-2019-0953
Gang Foundation Server
3
CVE-2019-0971, CVE-2019-0872, CVE-2019-0979
.NET Seed
3
CVE-2019-0980, CVE-2019-0981, CVE-2019-0982
Microsoft Anxious
2
CVE-2019-0926, CVE-2019-0938
.NET Framework
2
CVE-2019-0820, CVE-2019-0864
Windows NDIS
1
CVE-2019-0707
Microsoft Dynamics
1
CVE-2019-1008
Microsoft Browsers
1
CVE-2019-0940
Skype for Android
1
CVE-2019-0932
SQL Server
1
CVE-2019-0819
Kerberos
1
CVE-2019-0734
Windows Meat
1
CVE-2019-0881
Windows Diagnostic Hub
1
CVE-2019-0727
Windows RDP
1
CVE-2019-0708
Azure
1
CVE-2019-1000
Windows DHCP Server
1
CVE-2019-0725
NuGet
1
CVE-2019-0976

Other Info

In addition to the Microsoft vulnerabilities included in the May Security Guidance, an Adobe Beam bulletin is available today.

May 2019 Adobe Flash Update [ADV190012]

Microsoft released an update for Adobe Flash. This corresponds with Adobe Update APSB19-26, which categorizes a fix for CVE-2019-7837.

Leave a Reply

Your email address will not be published. Required fields are marked *