Home » Security Bloggers Network » VERT Threat Alert: May 2019 Patch Tuesday Analysis

VERT Threat Alert: May 2019 Patch Tuesday Analysis

by Tyler Reguly on May 14, 2019

Today’s VERT Alert addresses Microsoft’s May 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-830 on Wednesday, May 15th.

In-The-Wild & Disclosed CVEs

CVE-2019-0863

Windows Error Reporting (WER) incorrectly handles certain files and, when exploited, could lead to the execution of code in kernel mode, providing full administrative control over the system. It is reported that this vulnerability is currently being exploited in the wild.

Microsoft has rated this as a 0 (Exploitation Detected) on the Exploitability Index.

CVE-2019-0932

An attacker calling an Android Phone with Skype for Android installed and paired with a Bluetooth device could listen in on the phone user’s conversation without the user’s knowledge. Changes have been made to how Skype for Android answers incoming phone calls. Note: Due to the platform involved, ASPL will not include coverage for this vulnerability.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag	CVE Count	CVEs
Microsoft Scripting Engine	16	CVE-2019-0884, CVE-2019-0911, CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0918, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937
Microsoft JET Database Engine	13	CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902, CVE-2019-0889, CVE-2019-0890, CVE-2019-0891
Microsoft Office SharePoint	8	CVE-2019-0956, CVE-2019-0957, CVE-2019-0958, CVE-2019-0963, CVE-2019-0949, CVE-2019-0950, CVE-2019-0951, CVE-2019-0952
Microsoft Windows	7	CVE-2019-0863, CVE-2019-0886, CVE-2019-0942, CVE-2019-0733, CVE-2019-0885, CVE-2019-0931, CVE-2019-0936
Microsoft Graphics Component	5	CVE-2019-0882, CVE-2019-0892, CVE-2019-0903, CVE-2019-0961, CVE-2019-0758
Internet Explorer	4	CVE-2019-0921, CVE-2019-0929, CVE-2019-0930, CVE-2019-0995
Microsoft Office	4	CVE-2019-0945, CVE-2019-0946, CVE-2019-0947, CVE-2019-0953
Team Foundation Server	3	CVE-2019-0971, CVE-2019-0872, CVE-2019-0979
.NET Core	3	CVE-2019-0980, CVE-2019-0981, CVE-2019-0982
Microsoft Edge	2	CVE-2019-0926, CVE-2019-0938
.NET Framework	2	CVE-2019-0820, CVE-2019-0864
Windows (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-may-2019-patch-tuesday/

May 14, 2019May 14, 2019 Tyler Reguly VERT

Tyler Reguly

Tyler Reguly is Associate Director, Security R&D at Fortra, responsible for overseeing a team of researchers that provide the security expertise for the company’s integrity and compliance monitoring solution. Tyler joined Fortra in 2022 when the company acquired Tripwire, where Tyler had been a part of the research team for more than fifteen years. In addition to security research, Tyler has worked closely with Fanshawe College, from which he graduated with a diploma in Computer Systems Technology, developing five courses including subjects like Advanced Hacker Techniques & Tactics, Hacking and Exploits, Malware Research, Evolving Technologies and Threats, and Python Programming. He has also taught all five courses that he developed on multiple occasions.

tyler-reguly has 119 posts and counting.See all posts by tyler-reguly