Patch Impact Assessment May 2019

Vulnerability Assessment

1

PUBLICLY DISCLOSED

1

EXPLOITED

1

ZERO-DAY

With 79 reported CVE vulnerability entries and two advisories from Microsoft, this is a big update for Windows this month. With this May Patch Tuesday update cycle, we are seeing reported issues in Remote Desktop Services (RDS), DHCP and the core graphics GDI component. The RDS vulnerability (CVE-2019-0863) should be a considered a zero-day security issue as it has been publicly disclosed and reported as exploited in the wild.

 

Windows

Microsoft has reported three critical vulnerabilities for this May Patch Tuesday. The real concern here the publicly reported and exploited (ironically named) Windows Error Reporting (WER) vulnerability (CVE-2019-0863) rated as important by Microsoft.

VULNERABILITIES

0
LOW

0
MODERATE

29
IMPORTANT

3
CRITICAL

PATCH NOW!

Browsers

Though not completely unexpected, this month brings a large number of memory corruption related vulnerabilities for both Microsoft browsers. There have been 23 reported vulnerabilities with 18 rated as critical, the remaining five rated as important

VULNERABILITIES

0
LOW

0
MODERATE

5
IMPORTANT

18
CRITICAL

PATCH NOW!

Office

A single remote code execution vulnerability rated as critical by Microsoft in their Word software has been reported for the May patch cycle. An attacker who successfully exploited this vulnerability could use a specially crafted file to perform actions in the security context of the current user.

VULNERABILITIES

0
LOW

0
MODERATE

12
IMPORTANT

1
CRITICAL

SCHEDULE

Dev Tools

There are four main updates to the Microsoft development platform all rated as important by Microsoft for this month’s May update cycle. All four updates apply to all currently supported versions of Microsoft .NET (including 4.8) and apply to all currently supported desktop and server platforms. 

VULNERABILITIES

0
LOW

0
MODERATE

4
IMPORTANT

0
CRITICAL

SCHEDULE

Adobe Flash Player

Though not actively reported as exploited this month’s critical-rated vulnerability from Adobe (APSB19-26) is a common “use after free” memory corruption error that could lead to arbitrary code execution on the target machine, using the user’s logged in credentials. 

VULNERABILITIES

0
LOW

0
MODERATE

0
IMPORTANT

1
CRITICAL

PATCH NOW!

Related Posts

Opinion

Migrate from Windows 7 to Windows 10 Before It’s Too Late: Everything You Need to Know!

Out-dated operating systems such as the beloved Windows 7, may still be functional but leave your company vulnerable. It is inherently risky to continue running Windows 7 and much safer to migrate to Windows 10 before it is too late.

Read More
Patch Tuesday

A Troubled Update to Critical Browser Patches for October Patch Tuesday

This October Patch Tuesday is an important but troubled patch release from Microsoft with a critical, out-of-band browser update that has been widely reported as causing a number of deployment issues.

Read More
Patch Impact Assessment Summary

Patch Impact Assessment October 2019

This October Patch Tuesday is an important but troubled patch release from Microsoft. With a browser out-of-band critical update that has been widely reported as causing a number of deployment issues.

Read More