Microsoft May 2019 Patch Tuesday arrives with fix for Windows zero-day, MDS attacks

Microsoft patches 79 security flaws in the May 2019 Patch Tuesday update train.

Windows 10 wallpaper

Image: Microsoft; Composition: ZDNet

Today, Microsoft released its monthly batch of security updates known as Patch Tuesday, and this month's security release includes fixes for 79 vulnerabilities in a wide range of Microsoft products.

The two headliners of this month's patches are CVE-2019-0863, a zero-day vulnerability exploited in the wild, and ADV190013, a security advisory for dealing with the latest wave of Intel CPU flaws that came to light only a few hours before.

The zero-day

The zero-day is an elevation of privilege vulnerability that exists in the way the Windows Error Reporting (WER) service interacts with files.

Tracked as CVE-2019-0863 and discovered by security researchers from PolarBear and Palo Alto Networks, this vulnerability has been used in the wild by hackers to elevate access on compromised systems from a regular account to one with admin access.

Details about these attacks are still being kept under wraps to give users more time to patch before other threat actors catch on and start abusing the same vulnerability for their own attacks.

Microsoft said it addressed this issue by "correcting the way WER handles files," and has made fixes available for all supported Windows OS versions.

MDS mitigations

But today's Patch Tuesday also comes with ADV190013, a security advisory (a FAQ page) detailing the company's mitigation plan for a new set of CPU hardware design flaws that were disclosed today -- known as MDS attacks, and impacting most Intel CPUs released in the past eight years.

Microsoft said that customers would need two types of updates. The first is firmware microcode updates that they must get from their either Intel or OEMs (device providers).

Second, there are also OS updates, which Microsoft released today, for both Windows and Windows Server. Patches for HoloLens and SQL Server have also been released.

Unfortunately, at the time of writing, Microsoft said that Intel CPU microcode updates are not yet available for the following systems:

  • Windows 10 Version 1803 for x64-based Systems
  • Windows Server, version 1803 (Server Core Installation)
  • Windows 10 Version 1809 for x64-based Systems
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)

Microsoft said its cloud-based services have already been patched and are safe against any MDS attacks.

The company also warns that installing the microcode updates and software patches would impact performance, but the impact would be limited. An additional step to protect against MDS attacks would be to disable Intel CPU support for Hyper-Threading (SMT), but doing this would result in a bigger performance hit on Windows systems.

Additional details

Other notable security fixes in this month's Patch Tuesday include CVE-2019-0708, a 'wormable' flaw in Remote Desktop Services, which Microsoft has decided to patch way down to Windows XP and Server 2003 versions.

Since the Microsoft Patch Tuesday is also the day when other vendors also release security patches, it's also worth mentioning that Adobe and Apple also published their respective security updates earlier today.

More in-depth information on today's Patch Tuesday updates is available on Microsoft's official Security Update Guide portal. You can also consult the table embedded below or this Patch Tuesday report generated by ZDNet.

TagCVE IDCVE Title
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates
Adobe Flash Player ADV190012 May 2019 Adobe Flash Security Update
Microsoft Windows ADV190013 Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities
.NET Core CVE-2019-0982 ASP.NET Core Denial of Service Vulnerability
.NET Core CVE-2019-0981 .Net Framework and .Net Core Denial of Service Vulnerability
.NET Core CVE-2019-0980 .Net Framework and .Net Core Denial of Service Vulnerability
.NET Framework CVE-2019-0864 .NET Framework Denial of Service Vulnerability
.NET Framework CVE-2019-0820 .NET Framework and .NET Core Denial of Service Vulnerability
Azure CVE-2019-1000 Microsoft Azure AD Connect Elevation of Privilege Vulnerability
Internet Explorer CVE-2019-0929 Internet Explorer Memory Corruption Vulnerability
Internet Explorer CVE-2019-0995 Internet Explorer Security Feature Bypass Vulnerability
Internet Explorer CVE-2019-0930 Internet Explorer Information Disclosure Vulnerability
Internet Explorer CVE-2019-0921 Internet Explorer Spoofing Vulnerability
Kerberos CVE-2019-0734 Windows Elevation of Privilege Vulnerability
Microsoft Browsers CVE-2019-0940 Microsoft Browser Memory Corruption Vulnerability
Microsoft Dynamics CVE-2019-1008 Microsoft Dynamics On-Premise Security Feature Bypass
Microsoft Edge CVE-2019-0938 Microsoft Edge Elevation of Privilege Vulnerability
Microsoft Edge CVE-2019-0926 Microsoft Edge Memory Corruption Vulnerability
Microsoft Graphics Component CVE-2019-0892 Win32k Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2019-0961 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0758 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2019-0903 GDI+ Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2019-0882 Windows GDI Information Disclosure Vulnerability
Microsoft JET Database Engine CVE-2019-0898 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0895 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0897 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0889 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0890 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0891 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0896 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0893 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0894 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0901 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0899 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0900 Jet Database Engine Remote Code Execution Vulnerability
Microsoft JET Database Engine CVE-2019-0902 Jet Database Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0947 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0953 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0945 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office CVE-2019-0946 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2019-0957 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Office SharePoint CVE-2019-0956 Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2019-0949 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2019-0950 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2019-0952 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2019-0951 Microsoft SharePoint Spoofing Vulnerability
Microsoft Office SharePoint CVE-2019-0963 Microsoft Office SharePoint XSS Vulnerability
Microsoft Office SharePoint CVE-2019-0958 Microsoft SharePoint Elevation of Privilege Vulnerability
Microsoft Scripting Engine CVE-2019-0924 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0923 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0927 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0922 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0884 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0933 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0925 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0937 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0918 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0913 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0912 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0911 Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0914 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0917 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0916 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Scripting Engine CVE-2019-0915 Chakra Scripting Engine Memory Corruption Vulnerability
Microsoft Windows CVE-2019-0733 Windows Defender Application Control Security Feature Bypass Vulnerability
Microsoft Windows CVE-2019-0936 Windows Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0886 Windows Hyper-V Information Disclosure Vulnerability
Microsoft Windows CVE-2019-0863 Windows Error Reporting Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0942 Unified Write Filter Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0931 Windows Storage Service Elevation of Privilege Vulnerability
Microsoft Windows CVE-2019-0885 Windows OLE Remote Code Execution Vulnerability
NuGet CVE-2019-0976 NuGet Package Manager Tampering Vulnerability
Skype for Android CVE-2019-0932 Skype for Android Information Disclosure Vulnerability
SQL Server CVE-2019-0819 Microsoft SQL Server Analysis Services Information Disclosure Vulnerability
Team Foundation Server CVE-2019-0971 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
Team Foundation Server CVE-2019-0979 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability
Team Foundation Server CVE-2019-0872 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability
Windows DHCP Server CVE-2019-0725 Windows DHCP Server Remote Code Execution Vulnerability
Windows Diagnostic Hub CVE-2019-0727 Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability
Windows Kernel CVE-2019-0881 Windows Kernel Elevation of Privilege Vulnerability
Windows NDIS CVE-2019-0707 Windows NDIS Elevation of Privilege Vulnerability
Windows RDP CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability

More vulnerability reports: