• May 2019 Patch Tuesday arrives

    Posted on May 14, 2019 at 12:08 CDT by Comment in the Forums

    The Update Catalog has 237 new entries. Jeeeez.

    The Security Update Guide lists 2,195 new individual patches today.

    Martin Brinkmann has posted his summary:

    • Microsoft released security updates for all supported versions of Windows.
    • All versions of Windows are affected by CVE-2019-0903,  a GDI+ Remote Code Execution Vulnerability critical vulnerability.
    • Windows 7 is the only client system affected by another critical vulnerability CVE-2019-0708 , Remote Desktop Services Remote Code Execution Vulnerability
    • Microsoft released a security update for Windows XP (KB4500331)

    Dustin Childs has his report posted for ZDI:

    security patches for 79 CVEs (separately identified security holes) along with two advisories… (Windows Error Reporting bug CVE-2019-0863 being exploited actively)… details about the use of the exploit are not available, it is likely being used in limited attacks against specific targets.

    Big news is the “wormable” security hole in RDP, CVE-2019-0708. From Simon Pope on the MSRC Technet blogt:

    Any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.

    Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected.

    Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705.

    Yes, you read that correctly. There’s a downloadable fix for Win 2003 (not to be confused with Win10 “version 2003,” which is currently in the Insider Fast Ring) and WinXP.

    https://twitter.com/GossiTheDog/status/1128349050481328128

    But wait. That’s not all. There’s also a big hole in .NET versions 2.1 and 2.2. CVE-2019-0982. It’s a Denial of Service vulnerability.

    UPDATE: Poster Old School on Krebs on Security reports:

    KB 4494441 [that’s the Win10 1809 patch] had to be installed twice so be sure to run Windows Update twice. I was not amused.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    March 2025
    S M T W T F S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.