Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0137 Patch Tuesday for Windows includes critical vulnerability in 7, 2008 R2, 2008, 2003 and XP 15 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Windows Operating System: Windows Impact/Access: Administrator Compromise -- Remote/Unauthenticated Access Privileged Data -- Remote/Unauthenticated Increased Privileges -- Existing Account Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-0961 CVE-2019-0942 CVE-2019-0936 CVE-2019-0931 CVE-2019-0903 CVE-2019-0902 CVE-2019-0901 CVE-2019-0900 CVE-2019-0899 CVE-2019-0898 CVE-2019-0897 CVE-2019-0896 CVE-2019-0895 CVE-2019-0894 CVE-2019-0893 CVE-2019-0892 CVE-2019-0891 CVE-2019-0890 CVE-2019-0889 CVE-2019-0886 CVE-2019-0885 CVE-2019-0882 CVE-2019-0881 CVE-2019-0863 CVE-2019-0758 CVE-2019-0734 CVE-2019-0733 CVE-2019-0727 CVE-2019-0725 CVE-2019-0708 CVE-2019-0707 Member content until: Friday, June 14 2019 Comment: This advisory includes a vulnerability for versions of Windows before Windows 8 which Microsoft is calling 'wormable'. OVERVIEW Microsoft has released its monthly security patch update for the month of May 2019. This update resolves one critical vulnerability in Remote Desktop Services (formerly known as Terminal Services) for older Windows systems, CVE-2019-0708, affecting: [1] Windows 7 Windows Server 2008 R2 Windows Server 2008 Windows 2003 Windows XP And 31 other vulnerabilities across the following products: [2] Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for 64-based Systems Windows 10 Version 1709 for ARM64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for ARM64-based Systems Windows 10 Version 1803 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for ARM64-based Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1903 for 32-bit Systems Windows 10 Version 1903 for ARM64-based Systems Windows 10 Version 1903 for x64-based Systems Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows 8.1 for 32-bit systems Windows 8.1 for x64-based systems Windows RT 8.1 Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for Itanium-Based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity ADV190013 Information Disclosure Important CVE-2019-0707 Elevation of Privilege Important CVE-2019-0708 Remote Code Execution Critical CVE-2019-0725 Remote Code Execution Critical CVE-2019-0727 Elevation of Privilege Important CVE-2019-0733 Security Feature Bypass Important CVE-2019-0734 Elevation of Privilege Important CVE-2019-0758 Information Disclosure Important CVE-2019-0863 Elevation of Privilege Important CVE-2019-0881 Elevation of Privilege Important CVE-2019-0882 Information Disclosure Important CVE-2019-0885 Remote Code Execution Important CVE-2019-0886 Information Disclosure Important CVE-2019-0889 Remote Code Execution Important CVE-2019-0890 Remote Code Execution Important CVE-2019-0891 Remote Code Execution Important CVE-2019-0892 Elevation of Privilege Important CVE-2019-0893 Remote Code Execution Important CVE-2019-0894 Remote Code Execution Important CVE-2019-0895 Remote Code Execution Important CVE-2019-0896 Remote Code Execution Important CVE-2019-0897 Remote Code Execution Important CVE-2019-0898 Remote Code Execution Important CVE-2019-0899 Remote Code Execution Important CVE-2019-0900 Remote Code Execution Important CVE-2019-0901 Remote Code Execution Important CVE-2019-0902 Remote Code Execution Important CVE-2019-0903 Remote Code Execution Critical CVE-2019-0931 Elevation of Privilege Important CVE-2019-0936 Elevation of Privilege Important CVE-2019-0942 Elevation of Privilege Important CVE-2019-0961 Information Disclosure Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB4499179, KB4494440, KB4494441, KB4497936, KB4499158 KB4499171, KB4499154, KB4499175, KB4499151, KB4499167 KB4499164, KB4499165, KB4499180, KB4499181, KB4499149 REFERENCES [1] Microsoft: Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/ [2] Security Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXNtMXGaOgq3Tt24GAQiweg/+JJqghQM2D30gSobJYwfw71XbhYR1FBsO X0VEN/1RQg4UsI8y7/Lt1aNmSiFIcsZhuUQGDvqkvr1MoxfbQnTnhADqDblX4Ide EaOmD60HVneADep7hED7ZCA4kHtpNhRjMz6pNvPsSi7k6bx3fMibx3f+THpTLde+ NgYZcx3bnn/B2QmsztR5pOHuRK82JbJ90U7C2Hi8UAgGNNmOTPkpwCGGjmdkR3ra 48YcY7D1iW1Lf5z/cCx3NJnsfZLKiLt7Hx+nqcCEgdcVgsGDJZmznZLxZ6KWeXK4 rekH0sXVh3Lg6fBOqu52adIKwvcQleRSGLVHk2FxphDzj1BrsXRoMCIFcvw1cPoi 9OJfYBnyXkQfmDe2ksjY7+QsJP9YRkNSC+rScv108iu9RfiO0mu+53Nuoz3HHnH5 3dwFr4kaH7nf+UVRHKb2z1RLF18ZryMie2d/wsaj0njWbAzvJYQ81LWqMGbvKit0 Lexr0nFJegIiKuO0HdnKX9ZMYdPJkl9Ts0mtasMLOb+bRq18cA8+nOXDbyBCAHd5 9ZzPob2QqF1gTfoIR5z8eGFRzYsROasdXjgePOqx+8rJaHdfItUGeobYgfIjjnU1 dkvKXYyQ86wYelrWXEljgEljJG5aeXFEUrGcxCN65kvG7RhK+/D5Iq9opNHPr1+t VdN5zCr2VOg= =+dUI -----END PGP SIGNATURE-----