VERT Threat Alert: May 2019 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s May 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-830 on Wednesday, May 15th.
In-The-Wild & Disclosed CVEs
CVE-2019-0863
Windows Error Reporting (WER) incorrectly handles certain files and, when exploited, could lead to the execution of code in kernel mode, providing full administrative control over the system. It is reported that this vulnerability is currently being exploited in the wild.
Microsoft has rated this as a 0 (Exploitation Detected) on the Exploitability Index.
CVE-2019-0932
An attacker calling an Android Phone with Skype for Android installed and paired with a Bluetooth device could listen in on the phone user’s conversation without the user’s knowledge. Changes have been made to how Skype for Android answers incoming phone calls. Note: Due to the platform involved, ASPL will not include coverage for this vulnerability.
Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag | CVE Count | CVEs |
Microsoft Scripting Engine | 16 | CVE-2019-0884, CVE-2019-0911, CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0918, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937 |
Microsoft JET Database Engine | 13 | CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902, CVE-2019-0889, CVE-2019-0890, CVE-2019-0891 |
Microsoft Office SharePoint | 8 | CVE-2019-0956, CVE-2019-0957, CVE-2019-0958, CVE-2019-0963, CVE-2019-0949, CVE-2019-0950, CVE-2019-0951, CVE-2019-0952 |
Microsoft Windows | 7 | CVE-2019-0863, CVE-2019-0886, CVE-2019-0942, CVE-2019-0733, CVE-2019-0885, CVE-2019-0931, CVE-2019-0936 |
Microsoft Graphics Component | 5 | CVE-2019-0882, CVE-2019-0892, CVE-2019-0903, CVE-2019-0961, CVE-2019-0758 |
Internet Explorer | 4 | CVE-2019-0921, CVE-2019-0929, CVE-2019-0930, CVE-2019-0995 |
Microsoft Office | 4 | CVE-2019-0945, CVE-2019-0946, CVE-2019-0947, CVE-2019-0953 |
Team Foundation Server | 3 | CVE-2019-0971, CVE-2019-0872, CVE-2019-0979 |
.NET Core | 3 | CVE-2019-0980, CVE-2019-0981, CVE-2019-0982 |
Microsoft Edge | 2 | CVE-2019-0926, CVE-2019-0938 |
.NET Framework | 2 | CVE-2019-0820, CVE-2019-0864 |
Windows (Read more...) |
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-may-2019-patch-tuesday/
