Microsoft Security Updates: May 2019

Microsoft Patch notes

This month’s Microsoft Patch Tuesday addresses 79 vulnerabilities with 22 of them labeled as Critical. Of the 22 Critical vulns, 18 are for scripting engines and browsers. The remaining 4 are remote code execution (RCE) in Remote Desktop, DHCP Server, GDI+, and Word. Microsoft also released guidance on the recently disclosed Microarchitectural Data Sampling (MDS) techniques, known as ZombieLoad, Fallout, and RIDL. Adobe’s Patch Tuesday includes patches for vulnerabilities in Flash, Acrobat/Reader (83 vulnerabilities!) and Media Encoder.

Workstation Patches

Scripting Engine, Browser, GDI+, and Word patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.

Remote Desktop Services RCE

Remote Code Execution (RCE) vulnerability CVE-2019-0708 exists in the Remote Desktop Protocol (RDP). Exploiting this vulnerability would allow an unauthenticated attacker to run arbitrary code on an affected system. This type of vulnerability is potentially wormable due to the lack of authentication and pervasiveness of the RDP service. Although a proof-of-concept exploit has not yet been disclosed, this vulnerability should be remediated with very high priority across Windows 7, Server 2008, and Server 2008 R2.

DHCP Server RCE

One vulnerability, CVE-2019-0725, applies to Windows DHCP Server. It is ranked as Critical and can lead to Remote Code Execution. Any unauthenticated attacker who can send packets to a DHCP server can exploit this vulnerability. This patch should be prioritized for any Windows DHCP implementations. A similar vulnerability in the DHCP Server was patched in February, and the DHCP Client was patched for a separate vulnerability in March.

Guidance for Microarchitectural Data Sampling (MDS) attacks

Microsoft has issued a guidance document for how to mitigate Microarchitectural Data Sampling (MDS) attacks. Examples of this style of attack are ZombieLoad, Fallout, and RIDL. The CVEs for these vulnerabilities are: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091. Intel has also released an overview, as well as a deep-dive document covering the techniques and mitigations.

Microcode updates for impacted processors will be required to mitigate these attacks, as well as OS patches. Microsoft mentions that disabling Hyper-threading (also known as Simultaneous Multi-Threading (SMT) may also be required to fully mitigate, though Intel discourages this. Microsoft will distribute microcode updates for Windows 10 systems only. For other Operating Systems, the OEM will need to provide these updates, often in the form of a BIOS update.

Actively Attacked Privilege Escalation in Windows Error Handling

Microsoft also issued a patch for a Windows Error Handling privilege escalation vulnerability (CVE-2019-0863) that has been exploited in the wild. This patch should be prioritized for all supported versions of Windows.

Adobe Patch Tuesday

Adobe released patches for Flash, Acrobat/Reader, and Media Encoder. While the Flash patches cover only one CVE, and the Media Encoder patches cover two, the Acrobat/Reader patches cover a whopping 83 vulnerabilities. It is recommended that any impacted hosts be prioritized for patching, especially for workstations.

Executive Summary

  • Microsoft released security updates for all supported versions of Windows.
  • All versions of Windows are affected by CVE-2019-0903,  a GDI+ Remote Code Execution Vulnerability critical vulnerability.
  • Windows 7 is the only client system affected by another critical vulnerability CVE-2019-0708 , Remote Desktop Services Remote Code Execution Vulnerability
  • Microsoft released a security update for Windows XP (KB4500331)
  • All server versions affected by CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability.
  • Server 2008 R2 only version affected by CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability.
  • Other Microsoft products with security update releases: IE, Edge, Team Foundation Server, SQL Server, Azure, Skype for Android, Office, Visual Studio, Azure DevOps Server, .Net Framework and Core, ASP.NET Core, ChakraCore, NuGet.

Operating System Distribution

  • Windows 7: 23 vulnerabilities of which 2 are rated critical and 21 are rated important
    • CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
    • CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability
  • Windows 8.1: 23 vulnerabilities of which 1 is rated critical and 22 are rated important
    • CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
  • Windows 10 version 1703:  28 vulnerabilities of which 1 is critical and 27 are important
    • CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
  • Windows 10 version 1709: 29 vulnerabilities of which 1 is critical and 28 are important
    • CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
  • Windows 10 version 1803: 29 vulnerabilities of which 1 is critical and 28 are important
    • CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
  • Windows 10 version 1809: 29 vulnerabilities of which 1 is critical and 28 are important
    • CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability

Windows Server products

  • Windows Server 2008 R2: 24 vulnerabilities of which 3 are critical and 21 are important.
    • CVE-2019-0708 | Remote Desktop Services Remote Code Execution Vulnerability
    • CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability
    • CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
  • Windows Server 2012 R2: 24 vulnerabilities of which 2 are critical and 22 are important.
    • CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability
    • CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
  • Windows Server 2016: 28 vulnerabilities of which 2 are critical and 26 are important
    • CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability
    • CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability
  • Windows Server 2019: 30 vulnerabilities of which 2 are critical and 28 are important.
    • CVE-2019-0725 | Windows DHCP Server Remote Code Execution Vulnerability
    • CVE-2019-0903 | GDI+ Remote Code Execution Vulnerability

Known Issues

See the linked KB articles for workarounds and additional information.

Windows 8.1 and Serve 2012 R2

  • First two issues of Windows 10 version 1809.
  • Monthly Rollup additionally: issue with McAfee Endpoint Security software.

Windows 10 version 1703

  • Second issue of Windows 10 version 1809 only.

Windows 10 version 1709

  • Second issue of Windows 10 version 1809 only.

Windows 10 version 1803

  • First two issues of Windows 10 version 1809.

Windows 10 version 1809

  • Issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. Workaround available.
  • Error STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5) when performing certain operations on files or files that are on a Cluster Shared Volume. Workaround available.
  • Printing issue with error “Your printer has experienced an unexpected configuration problem. 0x80070007e” in Edge and UWP apps. Workaround available.
  • Error “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND” after installing KB4493509 with certain Asian language packs installed. Workaround available.

Direct update downloads

Most Windows devices are updated automatically either through Windows Update or other update management systems. Some users and organizations prefer to install updates manually. All cumulative updates can be downloaded from the Microsoft Update Catalog website. Below are links to all cumulative updates.

Windows 7 SP1 and Windows Server 2008 R2 SP

  • KB4499164— 2019-05 Security Monthly Quality Rollup for Windows 7
  • KB4499175— 2019-05 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

  • KB4499151— 2019-05 Security Monthly Quality Rollup for Windows 8.1
  • KB4499165— 2019-05 Security Only Quality Update for Windows 8.1

Windows 10 (version 1703)

  • KB4499181— 2019-05 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

  • KB4499179— 2019-05 Cumulative Update for Windows 10 Version 1709

Windows 10 (version 1803)

  • KB4499167— 2019-05 Cumulative Update for Windows 10 Version 1803

Windows 10 (version 1809)

  • KB4494441— 2019-05 Cumulative Update for Windows 10 Version 1809

 

ProVal Technologies, Inc

ProVal Technologies, Inc

Categories

Get in touch today for MSP NOC Services

Contact Us

ProVal Technologies, Inc

498 Palm Springs Drive, Ste. 130
Altamonte Springs, FL 32701
United States
Phone: 407-588-0101

Facebook Twitter Instagram Linkedin Youtube
SOC 2 Certified Logo
Form CTA

©2023 ProVal Technologies, Inc All Rights Reserved.

Privacy Policy Disclaimer

Microsoft Security Updates: May 2019

Microsoft Patch notes

I truly view ProVal as a partner and extension of my team, not as one of my vendors

When our NOC Manager left last fall we wanted to replace the position with an outsourced NOC to reduce headcount, and bring in an expert to both Labtech and our backup solutions. Bringing in ProVal Technologies was one of the best decisions we made last year and has paid for itself.During our first few monthly recurring Labtech admin meetings the ProVal team discovered incorrect settings and policies that were not applying correctly in our Labtech server. Things that we thought were automated and working were not. For example, there were multiple scripts and policies running but set to do nothing such as disk cleanup scripts. Cisco Umbrella was not configured correctly. Server alerting was not set right and the list went on.The backup team sends daily and weekly reports and updates that reduce my technicians time that we used to spend on backup or antivirus tickets that took forever and were tedious.ProVal also brings in great insights to our business and really cares about our success. They will frequently mention to me in meetings what new scripts they can import to make us more efficient or will schedule upgrades to our backups, Labtech, etc so I don’t have to worry. I truly view ProVal as a partner and extension of my team not as one of my vendors.

Chris-Warnick-Headshot
Chris Warnick
Vision Computer Solutions
Northville, MI

They will quickly become an extension of your team and your ROI will reflect the results

We have been a long time user of Labtech and had tried for many years to manage the product internally with no real success at the level we needed to make our solutions more efficient for our customers. Once we hired Vikram and his team at ProVal, it solved all our pain points with the product and we really felt like we were leveraging the tool as it was designed. If this sounds like you and it’s keeping you up at night, then you need these guys. They will quickly become an extension of your team and your ROI will reflect the results.

Bryan-Wolff-Headshot
Bryan Wolff
CEO, Wolff Logics LT Managed & Admin Services
Cedar Park, Texas

They work well, fast and on budget

We met Vikram from ProVal Tech at Gary Pica’s Shnizzfest a year ago. Vikram explained the advantage of having trained, certified personnel take care of our recent Automate implementation. Even though we had taken an implementation package from ConnectWise to start up the program, we felt many custom configurations we needed for our business were lacking. We hired ProVal Tech after Automate was installed to help us with this task. From sales to technicians everyone was professional and knowledgeable. Onboarding was simple, and well documented. Tools on the web were supplied while we did the work, and they allowed us to track what was done, and see the improvements in the environment. It was easy to reach any of the team members, for any concern or question – all answered with courtesy and smile. Once the work was finished, we were given some training and explanations, add to that documentation, about the work and the scripts and features added to the program. We have been happily working with Automate since then. We can only recommend this efficient team of people for any work into Automate: they work well, fast and on budget.

Ben-Prevost-Headshot
Ben Prevost
FarWeb IT
Sherbrooke, Canada