Microsoft released its May 2019 software updates to address a total of 79 vulnerabilities in its Windows operating systems and other products. Of these latest updates, 22 are rated critical. This month’s Patch Tuesday from Microsoft also addresses two vulnerabilities that are actively being exploited.
TL;DR – Go straight to the Patch Tuesday report
Microsoft Releases Patch For A Critical ‚Wormable Flaw‘
According to this post from the Microsoft Security Response Center, the wormable vulnerability (CVE-2019-0708) resides in Remote Desktop Services that could be exploited remotely by sending specially crafted requests over RDP protocol to a targeted system.
This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017.
Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Out-of-support systems include Windows 2003 and Windows XP. Customers running Windows 8 and Windows 10 are not affected by this vulnerability.
Other Critical and Important Vulnerabilities
Microsoft has released a security update titled „Windows Error Reporting Elevation of Privilege Vulnerability“ (CVE-2019-0863) that was discovered by Palo Alto Networks. This vulnerability has been discovered being actively exploited in the wild.
Another publicly disclosed vulnerability affects Skype for Android app. The vulnerability (CVE-2019-0932) could allow an attacker to listen to the conversation of Skype users without their knowledge. To successfully exploit this vulnerability, all an attacker needs is to call an Android phone with Skype for Android installed that’s also paired with a Bluetooth device.
Run the Patch Tuesday Report
Similar to previous months, we’ve created a report which checks if the assets in your network are on the latest Microsoft patch update. It’s color-coded to give you an easy and quick overview which assets are already on the latest Windows update, and which ones still need to be patched.
If you haven’t already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.
Receive the Latest Patch Tuesday Report for FREE Every Month
„*“ zeigt erforderliche Felder an