90 Remote Code Execution Vulnerabilities in May “Update Tuesday”
"World. Work. May ”is not only about pleasant work in the country, but also about installing updates, all the more so since this month office software manufacturers did a great job and closed a total of 162 vulnerabilities, of which 90 allow arbitrary code to be executed on the system.
Immediately 2 vulnerabilities that can be exploited remotely were fixed in Windows. We announced the most dangerous one last night - the vulnerability CVE-2019-070 in the Remote Desktop service allows the exploit owner to execute code with SYSTEM privileges. We recommend updating all terminal servers accessible from the outside as quickly as possible. Also, do not forget to update the DHCP server from the CVE-2019-0725 vulnerability , since it can also be operated remotely.
Two other vulnerabilities deserve attention: CVE-2019-0863 and CVE-2019-0903. The first allows you to increase privileges in the system, and the exploit is already walking on the network. The second is located in the graphical component of Windows GDI and can be operated through different vectors - both through the browser and using a file sent, for example, by mail.
May brought us four more hardware vulnerabilities of speculative execution in Intel processors , one of which already has its own website with the beautiful name Zombieload . Recommendations for countering this type of vulnerability are standard : upgrade and disable Hyper-Threading in the processor. At the same time, you can check the speculative execution settings using this Powershell script .
In addition, Microsoft and Adobe eliminated another 87 vulnerabilities that could allow arbitrary code to be executed on the system:
In the end, we want to recall two more serious vulnerabilities in the Cisco 1001-X routers called Thrangrycat . They allow not only increasing privileges in the router, but also gaining a foothold there, essentially installing a bootkit in the firmware of the router , which will bypass the check of the Trust Anchor module responsible for the trusted boot mechanism.
Immediately 2 vulnerabilities that can be exploited remotely were fixed in Windows. We announced the most dangerous one last night - the vulnerability CVE-2019-070 in the Remote Desktop service allows the exploit owner to execute code with SYSTEM privileges. We recommend updating all terminal servers accessible from the outside as quickly as possible. Also, do not forget to update the DHCP server from the CVE-2019-0725 vulnerability , since it can also be operated remotely.
Two other vulnerabilities deserve attention: CVE-2019-0863 and CVE-2019-0903. The first allows you to increase privileges in the system, and the exploit is already walking on the network. The second is located in the graphical component of Windows GDI and can be operated through different vectors - both through the browser and using a file sent, for example, by mail.
May brought us four more hardware vulnerabilities of speculative execution in Intel processors , one of which already has its own website with the beautiful name Zombieload . Recommendations for countering this type of vulnerability are standard : upgrade and disable Hyper-Threading in the processor. At the same time, you can check the speculative execution settings using this Powershell script .
In addition, Microsoft and Adobe eliminated another 87 vulnerabilities that could allow arbitrary code to be executed on the system:
19 RCE in EDGE Browser
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0912
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0913
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0914
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0915
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0916
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0917
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0922
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0924
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0925
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0927
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0933
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0937
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0923
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0940
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0926
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0884
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0911
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0918
5 RCE in Internet Explorer
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0929
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0940
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0884
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0911
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0918
13 RCE in the Jet Database Engine
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0889
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0890
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0891
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0893
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0894
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0895
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0896
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0897
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0898
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0899
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0900
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0901
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0902
2 RCE in MS Word
48 RCE in Adobe Reader
1 RCE in Adobe FlashPlayer
In the end, we want to recall two more serious vulnerabilities in the Cisco 1001-X routers called Thrangrycat . They allow not only increasing privileges in the router, but also gaining a foothold there, essentially installing a bootkit in the firmware of the router , which will bypass the check of the Trust Anchor module responsible for the trusted boot mechanism.