Thursday, May 22, 2025

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Creators Network
    • Latest Posts
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • Calendar View
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Content
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Cloud Native Now
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » VERT Threat Alert: May 2019 Patch Tuesday Analysis

SBN

VERT Threat Alert: May 2019 Patch Tuesday Analysis

by Tyler Reguly on May 14, 2019

Today’s VERT Alert addresses Microsoft’s May 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-830 on Wednesday, May 15th.

In-The-Wild & Disclosed CVEs

CVE-2019-0863

Windows Error Reporting (WER) incorrectly handles certain files and, when exploited, could lead to the execution of code in kernel mode, providing full administrative control over the system. It is reported that this vulnerability is currently being exploited in the wild.

Techstrong Gang Youtube
AWS Hub

Microsoft has rated this as a 0 (Exploitation Detected) on the Exploitability Index.

CVE-2019-0932

An attacker calling an Android Phone with Skype for Android installed and paired with a Bluetooth device could listen in on the phone user’s conversation without the user’s knowledge. Changes have been made to how Skype for Android answers incoming phone calls. Note: Due to the platform involved, ASPL will not include coverage for this vulnerability.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.

Tag
CVE Count
CVEs
Microsoft Scripting Engine
16
CVE-2019-0884, CVE-2019-0911, CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0918, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937
Microsoft JET Database Engine
13
CVE-2019-0893, CVE-2019-0894, CVE-2019-0895, CVE-2019-0896, CVE-2019-0897, CVE-2019-0898, CVE-2019-0899, CVE-2019-0900, CVE-2019-0901, CVE-2019-0902, CVE-2019-0889, CVE-2019-0890, CVE-2019-0891
Microsoft Office SharePoint
8
CVE-2019-0956, CVE-2019-0957, CVE-2019-0958, CVE-2019-0963, CVE-2019-0949, CVE-2019-0950, CVE-2019-0951, CVE-2019-0952
Microsoft Windows
7
CVE-2019-0863, CVE-2019-0886, CVE-2019-0942, CVE-2019-0733, CVE-2019-0885, CVE-2019-0931, CVE-2019-0936
Microsoft Graphics Component
5
CVE-2019-0882, CVE-2019-0892, CVE-2019-0903, CVE-2019-0961, CVE-2019-0758
Internet Explorer
4
CVE-2019-0921, CVE-2019-0929, CVE-2019-0930, CVE-2019-0995
Microsoft Office
4
CVE-2019-0945, CVE-2019-0946, CVE-2019-0947, CVE-2019-0953
Team Foundation Server
3
CVE-2019-0971, CVE-2019-0872, CVE-2019-0979
.NET Core
3
CVE-2019-0980, CVE-2019-0981, CVE-2019-0982
Microsoft Edge
2
CVE-2019-0926, CVE-2019-0938
.NET Framework
2
CVE-2019-0820, CVE-2019-0864
Windows (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-may-2019-patch-tuesday/

May 14, 2019May 14, 2019 Tyler Reguly VERT
  • ← What’s All the Hype about Frictionless?
  • SAP Security Notes May ‘19: Several Missing Authority Checks Patched →

Techstrong TV

Click full-screen to enable volume control
Watch latest episodes and shows

Tech Field Day Experience at Qlik Connect 2025

Upcoming Webinars

Software Supply Chain Security: Navigating NIST, CRA, and FDA Regulations

Podcast

Listen to all of our podcasts

Press Releases

GoPlus's Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

C2A Security’s EVSec Risk Management and Automation Platform Gains Traction in Automotive Industry as Companies Seek to Efficiently Meet Regulatory Requirements

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

Zama Raises $73M in Series A Lead by Multicoin Capital and Protocol Labs to Commercialize Fully Homomorphic Encryption

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

RSM US Deploys Stellar Cyber Open XDR Platform to Secure Clients

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

ThreatHunter.ai Halts Hundreds of Attacks in the past 48 hours: Combating Ransomware and Nation-State Cyber Threats Head-On

Subscribe to our Newsletters

ThreatLocker

Most Read on the Boulevard

EU Stakes Out Digital Sovereignty With Vulnerability Database 
Tracking Accusations May Have Roblox Back in Court 
Strategic Defense Innovation: Israel and South Korea’s Technological Partnership 
Survey: Too Much Time Being Spent on Managing Cybersecurity Tools
Signal Gives Microsoft a Clear Signal: Do NOT Recall This
Are You Capable of Securing Your Digital Assets?
SK Telecom USIM Data Compromise: Millions of Customers at Risk
Fairfax County, Va., CISO Michael Dent on Leadership
The State of AI in Cybersecurity 2025: What’s Working, What’s Lagging, and Why It Matters Now More Than Ever
Ensuring Satisfaction in Managing Non-Human Identities

Industry Spotlight

Signal Gives Microsoft a Clear Signal: Do NOT Recall This
Application Security Cyberlaw Cybersecurity Data Privacy Endpoint Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Most Read This Week News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threats & Breaches Vulnerabilities 

Signal Gives Microsoft a Clear Signal: Do NOT Recall This

May 22, 2025 Richi Jennings | 3 hours ago 0
Coinbase Says Breach May Cost $400 Million, Issues $20 Million Bounty
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Industry Spotlight Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight Threats & Breaches 

Coinbase Says Breach May Cost $400 Million, Issues $20 Million Bounty

May 16, 2025 Jeffrey Burt | May 16 0
Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware)
Analytics & Intelligence Cloud Security Cybersecurity Data Privacy Data Security DevOps Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Malware Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Warning to US Retail: ‘Scattered Spider’ Targets YOU (with DragonForce Ransomware)

May 15, 2025 Richi Jennings | May 15 0

Top Stories

Law Enforcement, Microsoft Disrupt Operations of Popular Lumma Stealer
Cloud Security Cybersecurity Data Privacy Data Security Featured Identity & Access Malware Mobile Security Network Security News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Social Engineering Spotlight Threat Intelligence 

Law Enforcement, Microsoft Disrupt Operations of Popular Lumma Stealer

May 22, 2025 Jeffrey Burt | 5 hours ago 0
Survey: Too Much Time Being Spent on Managing Cybersecurity Tools
Cybersecurity Featured News Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Survey: Too Much Time Being Spent on Managing Cybersecurity Tools

May 21, 2025 Michael Vizard | Yesterday 0
Linux Foundation Shares Framework for Building Effective Cybersecurity Teams
Cybersecurity Featured News Security Awareness Security Boulevard (Original) Social - Facebook Social - LinkedIn Social - X Spotlight 

Linux Foundation Shares Framework for Building Effective Cybersecurity Teams

May 16, 2025 Michael Vizard | May 16 0

Security Humor

Randall Munroe’s XKCD ‘Baker's Units’

Randall Munroe’s XKCD ‘Baker’s Units’

Download Free eBook

7 Must-Read eBooks for Security Professionals

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Creators Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Cloud Native Now
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2025 Techstrong Group Inc. All rights reserved.
×

Security in AI

Step 1 of 7

14%
How would you best describe your organization's current stage of securing the use of generative AI in your applications?(Required)
Have you implemented, or are you planning to implement, zero trust security for the AI your organization uses or develops?(Required)
What are the three biggest challenges your organization faces when integrating generative AI into applications or workflows? (Select up to three)(Required)
How does your organization secure proprietary information used in AI training, tuning, or retrieval-augmented generation (RAG)? (Select all that apply)(Required)
Which of the following kinds of tools are you currently using to secure your organization’s use of generative AI? (select all that apply)(Required)
How valuable do you think it would it be to have a solution that classifies and quantifies risks associated with generative AI tools?(Required)
What are, or do you think would be, the most important reasons for implementing generative AI security measures? (Select up to three)(Required)

×