High Threat Security Alert (A19-05-07): Multiple Vulnerabilities in Microsoft Products (May 2019)

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components.  The list of security updates can be found at:

https://support.microsoft.com/en-us/help/20190514/security-update-deployment-information-May-14-2019
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

According to Microsoft, potential attackers are likely to exploit the Remote Desktop Services vulnerability (CVE-2019-0708) for remote code execution. Microsoft has made additional special security updates available for de-supported Windows XP and Windows Server 2003. For details, please refer to the following advisories provided by Microsoft:

For Windows Vista, XP, and Windows Server 2003:
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708

For Windows 7 and Windows Server 2008:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Besides, reports also indicate that active exploitation against the vulnerabilities in Microsoft Windows (CVE-2019-0863 and CVE-2019-0932) have been observed.

Users are advised to take immediate action to patch the affected systems, including those PCs running Windows XP, to mitigate the elevated risk of cyber attacks.

Affected Systems:

• Microsoft Internet Explorer 9, 10, 11
• Microsoft Edge
• Microsoft Windows XP, 7, 8.1, RT 8.1, 10
• Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2, 2016, 2019
• Microsoft Windows Server, version 1803, version 1903
• Microsoft Office 2010, 2013, 2013 RT, 2016, 2016 for Mac, 2019, 2019 for Mac
• Microsoft Office Online Server
• Microsoft Word 2016
• Office 365 ProPlus
• Microsoft SharePoint Enterprise Server 2016
• Microsoft SharePoint Foundation 2010, 2013
• Microsoft SharePoint Server 2019
• ASP.NET Core 2.1, 2.2
• .NET Core 1.0, 1.1, 2.1, 2.2
• Microsoft .NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.5.2, 4.6. 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8
• Azure DevOps Server 2019
• ChakraCore
• Microsoft Azure Active Directory Connect
• Microsoft Dynamics 365 (on-premises) version 8.2, version 9.0
• Microsoft Dynamics CRM 2015 (on-premises) version 7.0
• Microsoft SQL Server 2017
• Microsoft Visual Studio 2015, 2017 version 15.0, 2017 version 15.9, 2019 version 16.0
• Nuget 5.0.2
• Skype 8.35 for Android Devices
• Team Foundation Server 2015, 2017, 2018

A complete list of the affected products can be found at:

https://portal.msrc.microsoft.com/en-us/security-guidance

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, information disclosure, security feature bypass, elevation of privilege, spoofing, tampering and denial of service.

Recommendation:

Patches for affected products are available from the Windows Update / Microsoft Update Catalog.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/e5989c8b-7046-e911-a98e-000d3a33a34d
https://support.microsoft.com/en-us/help/20190514/security-update-deployment-information-May-14-2019
https://support.microsoft.com/en-us/help/4500705/customer-guidance-for-cve-2019-0708
https://www.hkcert.org/my_url/en/alert/19051501
https://www.us-cert.gov/ncas/current-activity/2019/05/14/Microsoft-Releases-May-2019-Security-Updates
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190012
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0725
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0727
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0734
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0884 (to CVE-2019-0886)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0889 (to CVE-2019-0903)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0911 (to CVE-2019-0918)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0921 (to CVE-2019-0927)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0929 (to CVE-2019-0933)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0936 (to CVE-2019-0938)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0945 (to CVE-2019-0947)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0949 (to CVE-2019-0953)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0956 (to CVE-2019-0958)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0979 (to CVE-2019-0982)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1008