Network Security, Patch/Configuration Management, Vulnerability Management

Microsoft’s May Patch Tuesday covers ZombieLoad, WER vulnerabilities

Microsoft put forth a long list of security updates to cover 79 vulnerabilities, 19 listed as critical, which included four connected to a Microarchitectural Data Sampling (aka ZombieLoad) vulnerability in Intel processors in its May Patch Tuesday release.

While CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 grabbed the headlines yesterday, Microsoft also patched CVE-2019-0863 which has been spotted in the wild. This is a Windows Error Reporting that incorrectly handles certain files and, when exploited, could lead to the execution of code in kernel mode, providing full administrative control over the system, noted Tripwire.

“The elevation of privilege vulnerability exists in the way Windows Error Reporting handles files. The attack would allow a threat actor to gain kernel mode access to the system. The attacker would need to gain unprivileged execution on the victim’s system first, but that would not be a significant barrier,” said Chris Goettl, Ivanti’s director of product management, security.

Also covered was CVE-2019-0932 that if exploited would allow an attacker to listen in on a phone call if certain parameters are met. These include calling an Android phone that has the Skype for Android app installed and also paired with a Bluetooth device could listen in on the phone user’s conversation without the user’s knowledge.

Microsoft also released a patch for a number of currently unsupported operating systems (Windows 7, Windows 2003, Windows Server 2008 R2, Windows Server 2008 and Windows XP) for CVE-2019-0708 because if properly exploited could allow malware to move from one system to another in the same fashion as WannaCry in 2017.

“The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017,” Microsoft wrote in its security blog.

“This is a serious problem and it’s good that Microsoft is releasing patching for legacy unsupported versions of Windows. As we saw with WannaCry, there are thousands of legacy systems that remain unpatched, either because they’re forgotten, or running fragile software stacks that nobody wants to touch,” said Satya Gupta, Viresec’s co-founder and CTO.

Trend Micro also called out CVE-2019-0953, a remote code execution vulnerability found in Microsoft Word that can enable escalated privileges to access the system when exploited.

Microsoft’s Edge and IE 11 browsers also received some attention this month with CVE-2019-0911, CVE-2019-0912, CVE-2019-0914, CVE-2019-0924, and CVE-2019-0925, use flaws in Edge’s scripting engine to gain the same privileges as the current user, while CVE-2019-0926 exploits the way that Edge accesses objects in memory, Sophos reported.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.