Microsoft’s May Patch Tuesday covers ZombieLoad, WER vulnerabilities
Microsoft put forth a long list of security updates to cover
79 vulnerabilities, 19 listed as critical, which included four connected to a Microarchitectural
Data Sampling (aka ZombieLoad) vulnerability in Intel processors in its May
Patch Tuesday release.
While CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 grabbed the headlines
yesterday, Microsoft also patched CVE-2019-0863 which has been spotted in the
wild. This is a Windows Error Reporting that incorrectly handles certain files
and, when exploited, could lead to the execution of code in kernel mode,
providing full administrative control over the system, noted Tripwire.
“The elevation of privilege vulnerability exists in the way
Windows Error Reporting handles files. The attack would allow a threat actor to
gain kernel mode access to the system. The attacker would need to gain unprivileged
execution on the victim’s system first, but that would not be a significant
barrier,” said Chris Goettl, Ivanti’s director of product management,
security.
Also covered was CVE-2019-0932 that if exploited would allow
an attacker to listen in on a phone call if certain parameters are met. These
include calling an Android phone that has the Skype for Android app installed
and also paired with a Bluetooth device could listen in on the phone user’s
conversation without the user’s knowledge.
Microsoft also released a patch for a number of currently unsupported operating systems (Windows 7, Windows 2003, Windows Server 2008 R2, Windows Server 2008 and Windows XP) for CVE-2019-0708 because if properly exploited could allow malware to move from one system to another in the same fashion as WannaCry in 2017.
“The Remote Desktop Protocol (RDP) itself is not vulnerable.
This vulnerability is pre-authentication and requires no user interaction. In
other words, the vulnerability is ‘wormable’, meaning that any future malware
that exploits this vulnerability could propagate from vulnerable computer to
vulnerable computer in a similar way as the WannaCry malware spread across the
globe in 2017,” Microsoft wrote in its security blog.
“This is a serious problem and it’s good that Microsoft is
releasing patching for legacy unsupported versions of Windows. As we saw with
WannaCry, there are thousands of legacy systems that remain unpatched, either
because they’re forgotten, or running fragile software stacks that nobody wants
to touch,” said Satya Gupta, Viresec’s co-founder and CTO.
Trend
Micro also called out CVE-2019-0953, a remote code execution vulnerability
found in Microsoft Word that can enable escalated privileges to access the
system when exploited.
Microsoft’s Edge and IE 11 browsers also received some
attention this month with CVE-2019-0911, CVE-2019-0912, CVE-2019-0914,
CVE-2019-0924, and CVE-2019-0925, use flaws in Edge’s scripting engine to gain
the same privileges as the current user, while CVE-2019-0926 exploits the way
that Edge accesses objects in memory, Sophos
reported.
Gloss