Microsoft’s Security Patches for May Fix 82 Security Vulnerabilities Threat Alert

Microsoft’s Security Patches for May Fix 82 Security Vulnerabilities Threat Alert

May 16, 2019 | Mina Hao

Overview

Microsoft released May 2019 security patches on Tuesday that fix 82 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including .NET Core, .NET Framework, Adobe Flash Player, Azure, Internet Explorer, Kerberos, Microsoft Browsers, Microsoft Dynamics, Microsoft Edge, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, NuGet, Servicing Stack Updates, Skype for Android, SQL Server, Team Foundation Server, Windows DHCP Server, Windows Diagnostic Hub, Windows Kernel, Windows NDIS, and Windows RDP.

Details can be found in the following table.

Product CVE ID CVE Title Severity Level
.NET Core CVE-2019-0980 .Net Framework and .Net Core Denial-of-Service Vulnerability Important
.NET Core CVE-2019-0981 .Net Framework and .Net Core Denial-of-Service Vulnerability Important
.NET Core CVE-2019-0982 ASP.NET Core Denial-of-Service Vulnerability Important
.NET Framework CVE-2019-0820 .Net Framework and .Net Core Denial-of-Service Vulnerability Important
.NET Framework CVE-2019-0864 .NET Framework Denial-of-Service Vulnerability Important
Adobe Flash Player ADV190012 May 2019 Adobe Flash Security Updates Critical
Azure CVE-2019-1000 Microsoft Azure AD Connect Privilege Escalation Vulnerability Important
Internet Explorer CVE-2019-0921 Internet Explorer Spoofing Vulnerability Important
Internet Explorer CVE-2019-0929 Internet Explorer Memory Corruption Vulnerability Critical
Internet Explorer CVE-2019-0930 Internet Explorer Information Disclosure Vulnerability Important
Internet Explorer CVE-2019-0995 Internet Explorer Security Feature Bypass Vulnerability Important
Kerberos CVE-2019-0734 Windows Privilege Escalation Vulnerability Important
Microsoft Browsers CVE-2019-0940 Microsoft Browser Memory Corruption Vulnerability Critical
Microsoft Dynamics CVE-2019-1008 Microsoft Dynamics On-Premise Security Feature Bypass Important
Microsoft Edge CVE-2019-0926 Microsoft Edge Memory Corruption Vulnerability Critical
Microsoft Edge CVE-2019-0938 Microsoft Edge Privilege Escalation Vulnerability Important
Microsoft Graphics Component CVE-2019-0882 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0892 Win32k Privilege Escalation Vulnerability Important
Microsoft Graphics Component CVE-2019-0903 GDI+ Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2019-0961 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0758 Windows GDI Information Disclosure Vulnerability Important
Microsoft JET Database Engine CVE-2019-0893 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0894 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0895 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0896 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0897 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0898 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0899 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0900 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0901 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0902 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0889 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0890 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0891 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0945 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0946 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0947 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-0953 Microsoft Word Remote Code Execution Vulnerability Critical
Microsoft Office SharePoint CVE-2019-0956 Microsoft SharePoint Server Information Disclosure Vulnerability Important
Microsoft Office SharePoint CVE-2019-0957 Microsoft SharePoint Privilege Escalation Vulnerability Important
Microsoft Office SharePoint CVE-2019-0958 Microsoft SharePoint Privilege Escalation Vulnerability Important
Microsoft Office SharePoint CVE-2019-0963 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-0949 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2019-0950 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2019-0951 Microsoft SharePoint Spoofing Vulnerability Important
Microsoft Office SharePoint CVE-2019-0952 Microsoft SharePoint Server Remote Code Execution Vulnerability Important
Microsoft Scripting Engine CVE-2019-0884 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0911 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0912 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0913 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0914 Chakra Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-0915 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0916 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0917 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0918 Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-0922 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0923 Chakra Scripting Engine Memory Corruption Vulnerability Important
Microsoft Scripting Engine CVE-2019-0924 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0925 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0927 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0933 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0937 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Windows CVE-2019-0863 Windows Error Reporting Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0886 Windows Hyper-V Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-0942 Unified Write Filter Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0733 Windows Defender Application Control Security Feature Bypass Vulnerability Important
Microsoft Windows CVE-2019-0885 Windows OLE Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2019-0931 Windows Storage Service Privilege Escalation Vulnerability Important
Microsoft Windows ADV190013 Microsoft Guidance to mitigate Microarchitectural Data Sampling vulnerabilities Important
Microsoft Windows CVE-2019-0936 Windows Privilege Escalation Vulnerability Important
NuGet CVE-2019-0976 NuGet Package Manager Tampering Vulnerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Skype for Android CVE-2019-0932 Skype for Android Information Disclosure Vulnerability Important
SQL Server CVE-2019-0819 Microsoft SQL Server Analysis Services Information Disclosure Vulnerability Important
Team Foundation Server CVE-2019-0971 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability Important
Team Foundation Server CVE-2019-0872 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important
Team Foundation Server CVE-2019-0979 Azure DevOps Server and Team Foundation Server Cross-site Scripting Vulnerability Important
Windows DHCP Server CVE-2019-0725 Windows DHCP Server Remote Code Execution Vulnerability Critical
Windows Diagnostic Hub CVE-2019-0727 Diagnostics Hub Standard Collector, Visual Studio Standard Collector Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-0881 Windows Kernel Privilege Escalation Vulnerability Important
Windows NDIS CVE-2019-0707 Windows NDIS Privilege Escalation Vulnerability Important
Windows RDP CVE-2019-0708 Remote Desktop Services Remote Code Execution Vulnerability Critical

 

Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

https://www.nsfocusglobal.com.

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

 

Download:‘s Security Patches for May Fix 82 Security Vulnerabilities