[SingCERT] Microsoft May 2019 Patch Tuesday

Published on 16 May 2019

Updated on 23 Oct 2019

UPDATED 19 May 2019

Background

Microsoft has announced the release of 79 security patches to address vulnerabilities affecting its Windows operating system and other products.

The following vulnerabilities were rated critical and require immediate attention:

  • CVE-2019-0929 - This vulnerability exists when Internet Explorer improperly accesses objects in memory. Successful exploitation of the vulnerability could corrupt memory and allow an attacker to execute arbitrary code in the context of the current user.
  • CVE-2019-0926 - This vulnerability exists when Microsoft Edge improperly accesses objects in memory. Successful exploitation of the vulnerability could corrupt memory and allow an attacker to execute arbitrary code in the context of the current user.
  • CVE-2019-0903 - This vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory.  Successful exploitation of the vulnerability could allow an attacker to take control of the affected system. An attacker could then install programs, create new accounts with full user rights, or view, change, and delete data.
  • CVE-2019-0953 - This vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. Successful exploitation of the vulnerability could allow the an attacker to use a specially crafted file to execute arbitrary code in the context of a currently logged-in user.
  • CVE-2019-0924; CVE-2019-0927; CVE-2019-0922; CVE-2019-0925; CVE-2019-0937; CVE-2019-0913; CVE-2019-0914; CVE-2019-0917; CVE-2019-0916; CVE-2019-0915 - These vulnerabilities exist in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge. Successful exploitation of these vulnerabilities could corrupt memory and allow an attacker to execute arbitrary code in the context of the current user.
  • CVE-2019-0884; CVE-2019-0918; CVE-2019-0911 - These vulnerabilities exist when the scripting engine handles objects in memory in Microsoft browsers. Successful exploitation of these vulnerabilities could corrupt memory and allow an attacker to execute arbitrary code in the context of the current user.
  • CVE-2019-0725A - This vulnerability exists in the Windows Server Dynamic Host Configuration Protocol (DHCP) service when processing specially crafted packets. Successful exploitation of the vulnerability could allow an attacker to run arbitrary code on the DHCP server.
  • ADV190012 - These Adobe vulnerabilities could allow an attacker to execute arbitrary code through a specially crafted website targeting users using Internet Explorer on desktop.

For the full list of security updates released by Microsoft, please visit https://portal.msrc.microsoft.com/en-us/security-guidance.

Affected Products

The security release contains updates for the following:
  • .NET Core
  • .NET Framework
  • Adobe Flash Player
  • Azure
  • Internet Explorer
  • Kerberos
  • Microsoft Browsers
  • Microsoft Dynamics
  • Microsoft Edge
  • Microsoft Graphics Component
  • Microsoft JET Database Engine
  • Microsoft Office
  • Microsoft Office SharePoint
  • Microsoft Scripting Engine
  • Microsoft Windows
  • NuGet
  • Servicing Stack Updates
  • Skype for Android
  • SQL Server
  • Team Foundation Server
  • Windows DHCP Server
  • Windows Diagnostic Hub
  • Windows Kernel
  • Windows NDIS
  • Windows RDP
Impact

Successful exploitation of these critical vulnerabilities could allow attackers to perform remote code execution and take control of the affected systems to perform malicious activities, including unauthorised installation of programs, creating rogue administrator accounts and viewing, changing, or deleting data.

Recommendations

Users and system administrators of affected products are advised to apply the security updates immediately.

Note: If you use McAfee or Sophos Endpoint Protection, Windows security update for May 2019 may affect your system.
https://support.microsoft.com/en-in/help/4499164/windows-7-update-kb4499164
https://community.sophos.com/kb/en-us/134117

References