Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day

Update as of 5/17/2019 10:15AM PHT: Added rules for CVE-2019-0708 in Trend Micro Deep Security and Tipping Point.

Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification. Of the security vulnerabilities fixed in this release, six are rated Critical, 73 are rated Important or Low, and one separately posted as a mitigating update addressing an imminent "wormable" threat. The release also includes updates for different Microsoft products such as Internet Explorer, Edge, Office, Office Services and Web Apps, Azure DevOps Server, SQL Server, ChakraCore, NuGet, .NET Framework, .NET Core, Team Foundation Server, Visual Studio, Online Services, and Skype for Android. Adobe also released security updates with this month’s Patch Tuesday post.

Microsoft released a security guidance notification for users of outdated Windows operating systems addressing CVE-2019-0708, considering that a number of enterprises continue to use legacy systems for daily operations. While Microsoft noted that it has not been seen in the wild, the vulnerability can be used for RCE attacks via the remote desktop services component of Windows 7, Windows 2003, Windows Server 2008 R2, Windows Server 2008, and Windows XP. An attacker may send customized requests to a targeted system, and the exploit requires no pre-authentication and no user interaction to acquire full user rights, create new accounts, install, change, and delete data. Microsoft notes that this is a mitigating move as future and existing malware can use this flaw to propagate from one system to another, much like the 2017 WannaCry outbreak.

Among the critical security flaws noted were CVE-2019-0953, ADV190013, CVE-2019-7837, and CVE-2019-0708. CVE-2019-0953 is a remote code execution (RCE) vulnerability found in Microsoft Word that can enable escalated privileges to access the system when exploited. ADV190013 addresses four vulnerabilities — CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2018-11091 — that can be exploited through a new subclass of speculative execution side channel flaws known as Microarchitectural Data Sampling (MDS). Attackers may access privileged information across resource environments such as cloud services configurations, and may affect other systems such as Android, Chrome, iOS, Linux and MacOS. CVE-2019-7837 is a critical Adobe Flash Player vulnerability that can be exploited for attacks via arbitrary code execution.

The Trend Micro™ Deep Security™ and Vulnerability Protection solutions protect systems and users from threats targeting the vulnerabilities included in this month’s Patch Tuesday release via the following Deep Packet Inspection (DPI) rules:

Rule	Description	Vulnerability
1009722	Microsoft Windows Error Reporting Elevation Of Privilege Vulnerability	CVE-2019-0863
1009723	Microsoft Windows GDI Information Disclosure Vulnerability	CVE-2019-0882
1009724	Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability	CVE-2019-0884
1009725	Microsoft Windows OLE Remote Code Execution Vulnerability	CVE-2019-0885
1009726	Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability	CVE-2019-0911
1009727	Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability	CVE-2019-0918
1009729	Microsoft Edge Memory Corruption Vulnerability	CVE-2019-0926
1009730	Microsoft Internet Explorer Information Disclosure Vulnerability	CVE-2019-0930
1009731	Microsoft Edge Elevation Of Privilege Vulnerability	CVE-2019-0938
1009733	Microsoft Internet Explorer And Edge Scripting Engine Memory Corruption Vulnerability	CVE-2019-0940
1009740	Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 1	CVE-2019-7140, CVE-2019-7141, CVE-2019-7142, CVE-2019-7143, CVE-2019-7144, CVE-2019-7145, CVE-2019-7758, CVE-2019-7759, CVE-2019-7760
1009735	Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 2	CVE-2019-7761, CVE-2019-7762, CVE-2019-7763, CVE-2019-7764, CVE-2019-7765, CVE-2019-7766, CVE-2019-7767, CVE-2019-7768, CVE-2019-7769
1009738	Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 3	CVE-2019-7770, CVE-2019-7771, CVE-2019-7772, CVE-2019-7773, CVE-2019-7774, CVE-2019-7775, CVE-2019-7776, CVE-2019-7777, CVE-2019-7778
1009736	Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 4	CVE-2019-7779, CVE-2019-7780, CVE-2019-7781, CVE-2019-7782, CVE-2019-7783, CVE-2019-7784, CVE-2019-7785, CVE-2019-7786, CVE-2019-7787
1009742	Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 5	CVE-2019-7788, CVE-2019-7789, CVE-2019-7790, CVE-2019-7791, CVE-2019-7792, CVE-2019-7793, CVE-2019-7794, CVE-2019-7795, CVE-2019-7796
1009739	Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 6	CVE-2019-7797, CVE-2019-7798, CVE-2019-7799, CVE-2019-7800, CVE-2019-7801, CVE-2019-7802, CVE-2019-7803, CVE-2019-7804, CVE-2019-7805
1009737	Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 7	CVE-2019-7806, CVE-2019-7807, CVE-2019-7808, CVE-2019-7809, CVE-2019-7810, CVE-2019-7811, CVE-2019-7812, CVE-2019-7814
1009741	Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 8	CVE-2019-7817, CVE-2019-7818, CVE-2019-7819, CVE-2019-7820, CVE-2019-7821, CVE-2019-7822, CVE-2019-7823, CVE-2019-7825, CVE-2019-7826
1009734	Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-18) – 9	CVE-2019-7827, CVE-2019-7828, CVE-2019-7829, CVE-2019-7830, CVE-2019-7831, CVE-2019-7832, CVE-2019-7833, CVE-2019-7834, CVE-2019-7835, CVE-2019-7836, CVE-2019-7841
1009749	Microsoft Windows Remote Desktop Services Remote Code Execution Vulnerability	CVE-2019-0708

Trend Micro™ TippingPoint® customers are protected from threats and attacks that may exploit this month’s list of vulnerabilities via these MainlineDV filters:

34217: HTTP: Microsoft Office PowerPoint gdiplus ConvertToEmfPlus Out-of-Bounds Read Vulnerability
34221: HTTP: Microsoft Windows Subsetting Library Integer Underflow Vulnerability
34222: HTTP: Microsoft Windows Font Parser Buffer Overflow Vulnerability
34677: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
34678: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
34761: HTTP: Microsoft Windows Integer Overflow Vulnerability
34875: HTTP: Microsoft Edge Memory Corruption Vulnerability (Pwn2Own)
34877: HTTP: Microsoft Edge CCanvasRenderingProcessor2D Double-Free Vulnerability (Pwn2Own)
35044: HTTP: Microsoft JET Database Engine Buffer Overflow Vulnerability
35045: HTTP: Microsoft Windows JET Database Engine Out-Of-Bounds Write Vulnerability
35049: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
35050: HTTP: Microsoft Jet Database Engine Memory Corruption Vulnerability
35102: HTTP: Microsoft Windows WER Service Privilege Escalation Vulnerability
35104: HTTP: Microsoft Internet Explorer Memory Corruption Vulnerability
35107: HTTP: Microsoft Edge Chakra JIT Type Confusion Vulnerability
35108: HTTP: Microsoft Internet Explorer RegExp Use-After-Free Vulnerability
35109: HTTP: Microsoft Edge videoTracks Use-After-Free Vulnerability
35110: HTTP: Microsoft Internet Explorer join Use-After-Free Vulnerability
35112: HTTP: Microsoft Edge PostMessage Privilege Escalation Vulnerability
35131: HTTP: Microsoft Windows JET Database Engine Integer Underflow Vulnerability
35142: HTTP: Microsoft Windows gdiplus EMF Parsing Out-Of-Bounds Read Vulnerability
35285: RDP: Microsoft Remote Desktop Services Remote Code Execution Vulnerability

Patch Tuesday: Fixes for 'Wormable' Flaw, Zero-Day

Authors

Resources

Support

About Trend

Resources

Support

About Trend

The Americas

Middle East & Africa

Europe

Asia & Pacific