-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0137
       Patch Tuesday for Windows includes critical vulnerability in
                       7, 2008 R2, 2008, 2003 and XP
                                15 May 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Windows
Operating System:     Windows
Impact/Access:        Administrator Compromise        -- Remote/Unauthenticated
                      Access Privileged Data          -- Remote/Unauthenticated
                      Increased Privileges            -- Existing Account      
                      Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-0961 CVE-2019-0942 CVE-2019-0936
                      CVE-2019-0931 CVE-2019-0903 CVE-2019-0902
                      CVE-2019-0901 CVE-2019-0900 CVE-2019-0899
                      CVE-2019-0898 CVE-2019-0897 CVE-2019-0896
                      CVE-2019-0895 CVE-2019-0894 CVE-2019-0893
                      CVE-2019-0892 CVE-2019-0891 CVE-2019-0890
                      CVE-2019-0889 CVE-2019-0886 CVE-2019-0885
                      CVE-2019-0882 CVE-2019-0881 CVE-2019-0863
                      CVE-2019-0758 CVE-2019-0734 CVE-2019-0733
                      CVE-2019-0727 CVE-2019-0725 CVE-2019-0708
                      CVE-2019-0707  
Member content until: Friday, June 14 2019

Comment: This advisory includes a vulnerability for versions of Windows before
         Windows 8 which Microsoft is calling 'wormable'.

OVERVIEW

        Microsoft has released its monthly security patch update for the month of May 2019.
        
        This update resolves one critical vulnerability in Remote Desktop Services
        (formerly known as Terminal Services) for older Windows systems,
        CVE-2019-0708, affecting: [1]
        Windows 7
        Windows Server 2008 R2
        Windows Server 2008
        Windows 2003
        Windows XP
        
        And 31 other vulnerabilities across the following products: [2]
        
         Windows 10 Version 1607 for 32-bit Systems
         Windows 10 Version 1607 for x64-based Systems
         Windows 10 Version 1703 for 32-bit Systems
         Windows 10 Version 1703 for x64-based Systems
         Windows 10 Version 1709 for 32-bit Systems
         Windows 10 Version 1709 for 64-based Systems
         Windows 10 Version 1709 for ARM64-based Systems
         Windows 10 Version 1803 for 32-bit Systems
         Windows 10 Version 1803 for ARM64-based Systems
         Windows 10 Version 1803 for x64-based Systems
         Windows 10 Version 1809 for 32-bit Systems
         Windows 10 Version 1809 for ARM64-based Systems
         Windows 10 Version 1809 for x64-based Systems
         Windows 10 Version 1903 for 32-bit Systems
         Windows 10 Version 1903 for ARM64-based Systems
         Windows 10 Version 1903 for x64-based Systems
         Windows 10 for 32-bit Systems
         Windows 10 for x64-based Systems
         Windows 7 for 32-bit Systems Service Pack 1
         Windows 7 for x64-based Systems Service Pack 1
         Windows 8.1 for 32-bit systems
         Windows 8.1 for x64-based systems
         Windows RT 8.1
         Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1
         Windows Server 2008 R2 for x64-based Systems Service Pack 1
         Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
         Windows Server 2008 for 32-bit Systems Service Pack 2
         Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
         Windows Server 2008 for Itanium-Based Systems Service Pack 2
         Windows Server 2008 for x64-based Systems Service Pack 2
         Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
         Windows Server 2012
         Windows Server 2012 (Server Core installation)
         Windows Server 2012 R2
         Windows Server 2012 R2 (Server Core installation)
         Windows Server 2016
         Windows Server 2016  (Server Core installation)
         Windows Server 2019
         Windows Server 2019  (Server Core installation)


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details        Impact                   Severity
         ADV190013      Information Disclosure   Important
         CVE-2019-0707  Elevation of Privilege   Important
         CVE-2019-0708  Remote Code Execution    Critical
         CVE-2019-0725  Remote Code Execution    Critical
         CVE-2019-0727  Elevation of Privilege   Important
         CVE-2019-0733  Security Feature Bypass  Important
         CVE-2019-0734  Elevation of Privilege   Important
         CVE-2019-0758  Information Disclosure   Important
         CVE-2019-0863  Elevation of Privilege   Important
         CVE-2019-0881  Elevation of Privilege   Important
         CVE-2019-0882  Information Disclosure   Important
         CVE-2019-0885  Remote Code Execution    Important
         CVE-2019-0886  Information Disclosure   Important
         CVE-2019-0889  Remote Code Execution    Important
         CVE-2019-0890  Remote Code Execution    Important
         CVE-2019-0891  Remote Code Execution    Important
         CVE-2019-0892  Elevation of Privilege   Important
         CVE-2019-0893  Remote Code Execution    Important
         CVE-2019-0894  Remote Code Execution    Important
         CVE-2019-0895  Remote Code Execution    Important
         CVE-2019-0896  Remote Code Execution    Important
         CVE-2019-0897  Remote Code Execution    Important
         CVE-2019-0898  Remote Code Execution    Important
         CVE-2019-0899  Remote Code Execution    Important
         CVE-2019-0900  Remote Code Execution    Important
         CVE-2019-0901  Remote Code Execution    Important
         CVE-2019-0902  Remote Code Execution    Important
         CVE-2019-0903  Remote Code Execution    Critical
         CVE-2019-0931  Elevation of Privilege   Important
         CVE-2019-0936  Elevation of Privilege   Important
         CVE-2019-0942  Elevation of Privilege   Important
         CVE-2019-0961  Information Disclosure   Important


MITIGATION

        Microsoft recommends updating the software with the version made
        available on the Microsoft Update Catalogue for the following
        Knowledge Base articles. [1].
        
         KB4499179, KB4494440, KB4494441, KB4497936, KB4499158
         KB4499171, KB4499154, KB4499175, KB4499151, KB4499167
         KB4499164, KB4499165, KB4499180, KB4499181, KB4499149


REFERENCES

        [1] Microsoft: Prevent a worm by updating Remote Desktop Services
            (CVE-2019-0708)
            https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

        [2] Security Guidance
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXNtMXGaOgq3Tt24GAQiweg/+JJqghQM2D30gSobJYwfw71XbhYR1FBsO
X0VEN/1RQg4UsI8y7/Lt1aNmSiFIcsZhuUQGDvqkvr1MoxfbQnTnhADqDblX4Ide
EaOmD60HVneADep7hED7ZCA4kHtpNhRjMz6pNvPsSi7k6bx3fMibx3f+THpTLde+
NgYZcx3bnn/B2QmsztR5pOHuRK82JbJ90U7C2Hi8UAgGNNmOTPkpwCGGjmdkR3ra
48YcY7D1iW1Lf5z/cCx3NJnsfZLKiLt7Hx+nqcCEgdcVgsGDJZmznZLxZ6KWeXK4
rekH0sXVh3Lg6fBOqu52adIKwvcQleRSGLVHk2FxphDzj1BrsXRoMCIFcvw1cPoi
9OJfYBnyXkQfmDe2ksjY7+QsJP9YRkNSC+rScv108iu9RfiO0mu+53Nuoz3HHnH5
3dwFr4kaH7nf+UVRHKb2z1RLF18ZryMie2d/wsaj0njWbAzvJYQ81LWqMGbvKit0
Lexr0nFJegIiKuO0HdnKX9ZMYdPJkl9Ts0mtasMLOb+bRq18cA8+nOXDbyBCAHd5
9ZzPob2QqF1gTfoIR5z8eGFRzYsROasdXjgePOqx+8rJaHdfItUGeobYgfIjjnU1
dkvKXYyQ86wYelrWXEljgEljJG5aeXFEUrGcxCN65kvG7RhK+/D5Iq9opNHPr1+t
VdN5zCr2VOg=
=+dUI
-----END PGP SIGNATURE-----