Select Page

It’s Patch Tuesday—the day when Microsoft releases monthly security updates for its software.

Microsoft has software updates to address a total of 79 CVE-listed vulnerabilities in its Windows operating systems and other products, including a critical wormable flaw that can propagate malware from computer to computer without requiring users’ interaction.

Out of 79 vulnerabilities, 18 issues have been rated as critical and rest Important in severity. Two of the vulnerabilities addressed this month by the tech giant are listed as publicly known, of which one is listed as under active attack at the time of release.

May 2019 security updates address flaws in Windows OS, Internet Explorer, Edge, Microsoft Office, and Microsoft Office Services and Web Apps, ChakraCore, .NET Framework, and ASP.NET, Skype for Android, Azure DevOps Server, and the NuGet Package Manager.

Critical Wormable RDP Vulnerability

The wormable vulnerability (CVE-2019-0708) resides in Remote Desktop Services – formerly known as Terminal Services – that could be exploited remotely by sending specially crafted requests over RDP protocol to a targeted system.

The vulnerability could be exploited to spread wormable malware in a similar way as the WannaCry malware spread across the globe in 2017.

“This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system,” Microsoft said in an advisory detailing the Wormable vulnerability.

 

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”

Surprisingly, besides releasing patches for supported systems, including Windows 7, Windows Server 2008 R2, and Windows Server 2008, Microsoft has also separately released fixes for out-of-support versions of Windows including Windows 2003 and Windows XP to address this critical issue.

As a workaround, Microsoft has advised Windows Server users to block TCP port 3389 and enable Network Level Authentication to prevent any unauthenticated attacker from exploiting this Wormable flaw.

Other Critical and Important Vulnerabilities

Another severe flaw is an important Elevation of Privilege vulnerability (CVE-2019-0863) in Windows that exists in the way Windows Error Reporting (WER) handles files. The flaw is listed as publicly known and is already being actively exploited in limited attacks against specific targets.

Successful exploitation of the flaw could allow a low-privileged remote attacker to run arbitrary code in kernel mode with administrator privileges, eventually letting them install programs, view, change, or delete data, or create new accounts with administrator privileges.

images from Hacker News